Daniel,
What whould you think about this variant of xcap authentication:
event_route[xhttp:request] { xdbg("===== xhttp: request [$rv] $rm => $hu\n"); if($hu=~"^/xcap-root/") { # xcap ops $xcapuri(u=>data) = $hu; if($xcapuri(u=>xuid)=~"^sip:.+@.+") $var(uri) = $xcapuri(u=>xuid); else if($xcapuri(u=>xuid)=~".+@.+") $var(uri) = "sip:"+ $xcapuri(u=>xuid); else $var(uri) = "sip:"+ $xcapuri(u=>xuid) + "@" + $Ri;
if($xcapuri(u=>auid)=="xcap-caps") { ... skipped ... }
#!ifdef WITH_XHTTPAUTH #!ifdef WITH_MULTIDOMAIN if (!www_authorize("$(var(uri){uri.host})", "subscriber")) { www_challenge("$(var(uri){uri.host})", "0"); #!else if (!www_authorize("xcap", "subscriber")) { www_challenge("xcap", "0"); #!endif
exit; }
set_reply_close(); set_reply_no_connect();
#!ifdef WITH_XHTTPAUTH # be sure auth user access only its documents #!ifdef WITH_MULTIDOMAIN if($aU=~".+@.+") $var(tmp) = "sip:"+$aU; else $var(tmp) = "sip:"+$aU+"@"+$(var(uri){uri.host});
if ($var(uri)!=$var(tmp)) { xdbg("===== xhttp: Forbidden!!! $var(tmp) - $var(uri)\n"); #!else if ($au!=$(var(uri){uri.user})) { xdbg("===== xhttp: Forbidden!!! $au - $(var(uri){uri.user})\n"); #!endif
..
Regards, Andrey.