Having a hard time piecing together lots of pieces out of context. Here's what I want:
1. User logs in to my web app via its own authentication mechanisms. 2. Via an authenticated REST endpoint, my web app connects to the ephemeral auth service and returns a temporary username/password to the client. 3. The client connects to a web socket SIP interface, authenticating with the username/password it was given. 4. I'd also like to support authentication via standard SIP client using the user's default username/password, but that's a bit down the road still.
Here is my kamailio-local.cfg. I'm using the web socket example copied from the docs, with a little cleanup and a few optional checks removed for now.
loadmodule "db_mongodb.so"
#!define DBURL "mongodb://mongo/perceptron"
#!define WITH_AUTH
#!define WITH_NAT
loadmodule "xhttp.so"
#modparam("xhttp", "url_match", "^/sip/")
tcp_accept_no_cl=yes
loadmodule "msrp.so" # Only required if using MSRP over WebSockets loadmodule "websocket.so"
loadmodule "auth_ephemeral.so"
modparam("auth_ephemeral", "secret", "Kamailio rulez!!11")
event_route[xhttp:request] { set_reply_close(); set_reply_no_connect();
# xlog("L_DBG", "HTTP Request Received\n");
if ($hdr(Upgrade) =~ "websocket" && $hdr(Connection) =~ "Upgrade" && $rm=~ "GET" ) { # Validate Host - make sure the client is using the correct # alias for WebSockets if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) { # xlog("L_WARN", "Bad host $hdr(Host)\n"); xhttp_reply("403", "Forbidden", "", ""); exit; }
if (ws_handle_handshake()) { exit; } }
xhttp_reply("404", "Not found", "", "");
}
When I attempt to validate this, I get:
0(1) ERROR: <core> [pvapi.c:790]: pv_parse_spec2(): error searching pvar "hdr" 0(1) ERROR: <core> [pvapi.c:994]: pv_parse_spec2(): wrong char [U/85] in [$hdr( Upgrade)] at [5 (5)] 0(1) : <core> [cfg.y:3436]: yyerror_at(): parse error in config file /usr/local /etc/kamailio/kamailio-local.cfg, line 28, column 7-19: Can't get from cache: $h dr(Upgrade) ERROR: bad config file (1 errors)
I don't know what that means. I've copied the config directly from the website.
I tried quoting "Upgrade" and such in the $hdr lines, but that gives me:
0(1) ERROR: <core> [pvapi.c:790]: pv_parse_spec2(): error searching pvar "hdr" 0(1) ERROR: <core> [pvapi.c:994]: pv_parse_spec2(): wrong char ["/34] in [$hdr( "Upgrade")] at [5 (5)] 0(1) : <core> [cfg.y:3436]: yyerror_at(): parse error in config file /usr/local /etc/kamailio/kamailio-local.cfg, line 28, column 7-21: Can't get from cache: $h dr("Upgrade") ERROR: bad config file (1 errors)
What am I missing here?
I also had to comment out the xlog lines because those gave me errors. Do I need another module loaded to use xlog?
Finally, does anyone have a working, complete example of SIP over web sockets with ephemeral auth integrated? I'm not sure if I should be checking the ephemeral auth credentials in the web sockets code, the SIP routes or somewhere else. I'm also not sure how I should set up authentication such that users can log in with both their standard credentials or those retrieved via the ephemeral auth module.
Thanks.