Nightly Perpetrated Mischief
Unleash awesomeness. Private packages, team management tools, and powerful integrations. Get started with npm Orgs »

drachtio-mw-digest-auth

0.2.0 • Public • Published

drachtio-mw-digest-auth

Build Status NPM version

Performs SIP Digest-based authentication for a user agent server (UAS) or proxy built using drachtio-srf

Usage

Install this as drachtio middleware, providing an object that (optionally) specifies the sip realm to use in challenges, and a function that provides (via callback) the password for a given username and sip realm.

const Srf = require('drachtio-srf');
const srf = new Srf() ;
const digestAuth = require('drachtio-mw-digest-auth') ;
 
srf.connect({...}) ;
 
const challenge = digestAuth({
  realm: 'sip.drachtio.org',
  passwordLookup: function(username, realm, callback) {
    // ..lookup password for username in realm
    return callback(null, password) ;
  }
}) ;
 
srf.use( 'register', challenge) ;
 
srf.register((req, res) => {
 
  // if we reach here we have an authenticated request
 
  console.log(req.authorization) ;
  /*
    Digest: username="103482",realm="sip.drachtio.org",nonce="df24fd41-4fc5-416f-b163-90f774ca0358" \
      uri="sip:73.15.46.10:6060",algorithm=MD5,response="a4881ad854cc0677158206ac9fa90e3b", \
      qop=auth,nc=00000032,cnonce="ea5cec20"
 
    console.log =>
    {
      scheme: 'digest',
      username: '103482',
      realm: 'sip.drachtio.org',
      nonce: 'df24fd41-4fc5-416f-b163-90f774ca0358',
      uri: 'sip:72.1.46.10:6060',
      algorithm: 'MD5',
      response: 'a4881ad854cc0677158206ac9fa90e3b',
      qop: 'auth',
      nc: '00000032',
      cnonce: 'ea5cec20'
    }
   */
  } 
});

Options

407 Proxy Authentication Required

To generate a 407 Proxy Authentication Required challenge response instead of 401 Unauthorized include a proxy property with a value true, e.g:

const challenge = digestAuth({
  proxy: true,
  realm: 'sip.drachtio.org',
  passwordLookup: function(username, realm, callback) {
    // ..lookup password for username in realm
    return callback(null, password) ;
  }
}) ;

Dynamically determining realm based on the request

Realm can be provided as a static value in the middleware configuration, but if it is necessary to dynamically determine the realm based on the specific SIP request method you can provide a function rather than a static string for the realm property. The function takes one parameter, the sip request, and must return either a string or a Promise that resolves to a string, e.g.

const challenge = digestAuth({
  realm: (req) => {
    return lookupRealm(req.uri);  // must return either a string or a promise
  }),
  ...
});

building a registrar for specified domain(s)

You may want to build a registrar that only handles certain domains, and rejects all other requests. To do so, simply return a null or undefined value from your 'realm' function

const parseUri = require('drachtio-srf').parseUri;
const challenge = digestAuth({
  realm: (req) => {
    const uri = parseUri(req.uri);
    if (['my.first.domain', 'my.second.domain'].includes(uri.host)) return uri.host;
    return null;
  }),
  ...
});

realm is optional, so what if I don't supply it?

In that case, the challenge will use the domain in the Request-URI of the INVITE or REGISTER as the realm value in the challenge

install

npm i drachtio-mw-digest-auth

Downloadsweekly downloads

1

version

0.2.0

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability