Hello Andrey,
seems ok, I will give some more thoughts about.
At the end of the day, it is your decision as administrator how you enforce the xcap-uri format and authentication/authorization.
The fact is that http uri does not contain domain part usually, it is just document/resource reference part. I have seen services asking the users to add the domain as mandatory to xcap uri. It is a reason why the xcap document path can be given as parameter, not taken implicit, so the admin can transform the one received to a normalized one.
Cheers, Daniel
On 10/16/10 8:43 AM, Rouskol Andrey wrote:
Daniel,
What whould you think about this variant of xcap authentication:
event_route[xhttp:request] { xdbg("===== xhttp: request [$rv] $rm => $hu\n"); if($hu=~"^/xcap-root/") { # xcap ops $xcapuri(u=>data) = $hu; if($xcapuri(u=>xuid)=~"^sip:.+@.+") $var(uri) = $xcapuri(u=>xuid); else if($xcapuri(u=>xuid)=~".+@.+") $var(uri) = "sip:"+ $xcapuri(u=>xuid); else $var(uri) = "sip:"+ $xcapuri(u=>xuid) + "@" + $Ri;
if($xcapuri(u=>auid)=="xcap-caps") { ... skipped ... }#!ifdef WITH_XHTTPAUTH #!ifdef WITH_MULTIDOMAIN if (!www_authorize("$(var(uri){uri.host})", "subscriber")) { www_challenge("$(var(uri){uri.host})", "0"); #!else if (!www_authorize("xcap", "subscriber")) { www_challenge("xcap", "0"); #!endif
exit; } set_reply_close(); set_reply_no_connect();#!ifdef WITH_XHTTPAUTH # be sure auth user access only its documents #!ifdef WITH_MULTIDOMAIN if($aU=~".+@.+") $var(tmp) = "sip:"+$aU; else $var(tmp) = "sip:"+$aU+"@"+$(var(uri){uri.host});
if ($var(uri)!=$var(tmp)) { xdbg("===== xhttp: Forbidden!!! $var(tmp) - $var(uri)\n");#!else if ($au!=$(var(uri){uri.user})) { xdbg("===== xhttp: Forbidden!!! $au - $(var(uri){uri.user})\n"); #!endif
..
Regards, Andrey.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users