@routr/connect 2.0.8-alpha.5 → 2.0.8-alpha.7

package/dist/access.d.ts

@@ -0,0 +1,28 @@
+import { MessageRequest, CommonConnect as CC } from "@routr/common";
+import { RoutingDirection } from "./types";
+export declare const checkAccess: (accessRequest: {
+    dataAPI: CC.DataAPI;
+    request: MessageRequest;
+    caller: CC.Resource;
+    callee: CC.Resource;
+    routingDirection: RoutingDirection;
+}) => Promise<Record<string, unknown>>;
+export declare const checkAgentAccess: (dataAPI: CC.DataAPI, request: MessageRequest, caller: CC.Resource) => Promise<{
+    message: {
+        responseType: number;
+        wwwAuthenticate: {
+            scheme: string;
+            realm: string;
+            qop: string;
+            opaque: string;
+            stale: boolean;
+            nonce: string;
+            algorithm: string;
+        };
+    };
+}>;
+export declare const checkAccessFromPSTN: (dataAPI: CC.DataAPI, request: MessageRequest, callee: CC.Resource) => Promise<{
+    message: {
+        responseType: number;
+    };
+}>;

package/dist/access.js

@@ -0,0 +1,126 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkAccessFromPSTN = exports.checkAgentAccess = exports.checkAccess = void 0;
+/*
+ * Copyright (C) 2022 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster
+ *
+ * This file is part of Routr.
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const logger_1 = require("@fonoster/logger");
+const common_1 = require("@routr/common");
+const types_1 = require("./types");
+const utils_1 = require("./utils");
+const logger = (0, logger_1.getLogger)({ service: "connect", filePath: __filename });
+const checkAccess = (accessRequest) => __awaiter(void 0, void 0, void 0, function* () {
+    const { dataAPI, request, caller, callee, routingDirection } = accessRequest;
+    switch (routingDirection) {
+        case types_1.RoutingDirection.AGENT_TO_AGENT:
+            return (0, exports.checkAgentAccess)(dataAPI, request, caller);
+        case types_1.RoutingDirection.AGENT_TO_PSTN:
+            return (0, exports.checkAgentAccess)(dataAPI, request, caller);
+        case types_1.RoutingDirection.FROM_PSTN:
+            return (0, exports.checkAccessFromPSTN)(dataAPI, request, callee);
+        case types_1.RoutingDirection.UNKNOWN:
+            return common_1.Auth.createForbideenResponse();
+    }
+});
+exports.checkAccess = checkAccess;
+const checkAgentAccess = (dataAPI, request, caller) => __awaiter(void 0, void 0, void 0, function* () {
+    // Calculate and return challenge
+    if (request.message.authorization) {
+        const auth = Object.assign({}, request.message.authorization);
+        auth.method = request.method;
+        const credentials = yield dataAPI.get(caller.spec.credentialsRef);
+        // Calculate response and compare with the one send by the endpoint
+        const calcRes = common_1.Auth.calculateAuthResponse(auth, {
+            username: credentials === null || credentials === void 0 ? void 0 : credentials.spec.credentials.username,
+            secret: credentials === null || credentials === void 0 ? void 0 : credentials.spec.credentials.password
+        });
+        if (calcRes !== auth.response) {
+            return common_1.Auth.createUnauthorizedResponse(request.message.requestUri.host);
+        }
+    }
+    else {
+        return common_1.Auth.createUnauthorizedResponse(request.message.requestUri.host);
+    }
+});
+exports.checkAgentAccess = checkAgentAccess;
+const checkAccessFromPSTN = (dataAPI, request, callee) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b;
+    // Get the Trunk associated with the SIP URI
+    const trunk = yield (0, utils_1.findTrunkByRequestURI)(dataAPI, request.message.requestUri.host);
+    // If the Trunk or Number doesn't exist reject the call
+    if (!callee || !trunk) {
+        return common_1.Auth.createForbideenResponse();
+    }
+    if (callee.spec.trunkRef !== trunk.ref) {
+        return common_1.Auth.createForbideenResponse();
+    }
+    // Verify that the IP is whitelisted which means getting the access control list for the trunk
+    if ((_a = trunk.spec.inbound) === null || _a === void 0 ? void 0 : _a.accessControlListRef) {
+        try {
+            const acl = yield dataAPI.get(trunk.spec.inbound.accessControlListRef);
+            if (!acl) {
+                // Should never happen since the ACL is required
+                return common_1.Auth.createServerInternalErrorResponse();
+            }
+            const allow = acl.spec.accessControlList.allow.filter((net) => {
+                return common_1.IpUtils.hasIp(net, request.sender.host);
+            })[0];
+            if (!allow) {
+                // TODO: Replace with Unauthorized
+                return common_1.Auth.createUnauthorizedResponseWithoutChallenge();
+            }
+        }
+        catch (e) {
+            logger.error(e);
+        }
+    }
+    // If the Trunk has a User/Password we must verify that the User/Password are valid
+    if ((_b = trunk.spec.inbound) === null || _b === void 0 ? void 0 : _b.credentialsRef) {
+        const credentials = yield dataAPI.get(trunk.spec.inbound.credentialsRef);
+        if (!credentials) {
+            // Should never happen since the Credentials is required
+            return common_1.Auth.createServerInternalErrorResponse();
+        }
+        // Calculate and return challenge
+        if (request.message.authorization) {
+            const auth = Object.assign({}, request.message.authorization);
+            auth.method = request.method;
+            // Calculate response and compare with the one send by the endpoint
+            const calcRes = common_1.Auth.calculateAuthResponse(auth, {
+                username: credentials === null || credentials === void 0 ? void 0 : credentials.spec.credentials.username,
+                secret: credentials === null || credentials === void 0 ? void 0 : credentials.spec.credentials.password
+            });
+            if (calcRes !== auth.response) {
+                return common_1.Auth.createUnauthorizedResponse(request.message.requestUri.host);
+            }
+        }
+        else {
+            return common_1.Auth.createUnauthorizedResponse(request.message.requestUri.host);
+        }
+    }
+});
+exports.checkAccessFromPSTN = checkAccessFromPSTN;

package/dist/errors.d.ts

@@ -19,7 +19,7 @@ export declare class UnsuportedRoutingError extends Error {
     /**
      * Create a new ServiceUnavailableError.
      *
-     * @param {string} routingDir - The routing direction
+     * @param {RoutingDirection} routingDirection - The routing direction
      */
-    constructor(routingDir: RoutingDirection);
+    constructor(routingDirection: RoutingDirection);
 }

package/dist/errors.js

@@ -67,10 +67,10 @@ class UnsuportedRoutingError extends Error {
     /**
      * Create a new ServiceUnavailableError.
      *
-     * @param {string} routingDir - The routing direction
+     * @param {RoutingDirection} routingDirection - The routing direction
      */
-    constructor(routingDir) {
-        super("unsupported routing direction: " + routingDir);
+    constructor(routingDirection) {
+        super("unsupported routing direction: " + routingDirection);
         this.code = grpc.status.UNKNOWN;
         // Set the prototype explicitly.
         Object.setPrototypeOf(this, ServiceUnavailableError.prototype);

package/dist/handlers.d.ts

@@ -1,6 +1,6 @@
 import { MessageRequest, Response } from "@routr/processor";
-import { ILocationService } from "@routr/location/src/types";
+import { ILocationService } from "@routr/location";
 import { CommonConnect as CC } from "@routr/common";
-export declare const handleRegister: (location: ILocationService) => (request: MessageRequest, res: Response) => Promise<void>;
+export declare const handleRegister: (dataAPI: CC.DataAPI, location: ILocationService) => (request: MessageRequest, res: Response) => Promise<void>;
 export declare const handleRegistry: (req: MessageRequest, res: Response) => void;
 export declare const handleRequest: (location: ILocationService, dataAPI?: CC.DataAPI) => (req: MessageRequest, res: Response) => Promise<void | MessageRequest>;

package/dist/handlers.js

@@ -34,8 +34,28 @@ const processor_1 = require("@routr/processor");
 const function_1 = require("fp-ts/function");
 const router_1 = require("./router");
 const common_1 = require("@routr/common");
-const handleRegister = (location) => {
+const utils_1 = require("./utils");
+const handleRegister = (dataAPI, location) => {
     return (request, res) => __awaiter(void 0, void 0, void 0, function* () {
+        // Calculate and return challenge
+        if (request.message.authorization) {
+            const auth = Object.assign({}, request.message.authorization);
+            auth.method = request.method;
+            const fromURI = request.message.from.address.uri;
+            const agent = yield (0, utils_1.findResource)(dataAPI, fromURI.host, fromURI.user);
+            const credentials = yield dataAPI.get(agent === null || agent === void 0 ? void 0 : agent.spec.credentialsRef);
+            // Calculate response and compare with the one send by the endpoint
+            const calcRes = common_1.Auth.calculateAuthResponse(auth, {
+                username: credentials === null || credentials === void 0 ? void 0 : credentials.spec.credentials.username,
+                secret: credentials === null || credentials === void 0 ? void 0 : credentials.spec.credentials.password
+            });
+            if (calcRes !== auth.response) {
+                return res.send(common_1.Auth.createUnauthorizedResponse(request.message.requestUri.host));
+            }
+        }
+        else {
+            return res.send(common_1.Auth.createUnauthorizedResponse(request.message.requestUri.host));
+        }
         yield location.addRoute({
             aor: processor_1.Target.getTargetAOR(request),
             route: location_1.Helper.createRoute(request)
@@ -58,13 +78,17 @@ const handleRequest = (location, dataAPI) => (req, res) => __awaiter(void 0, voi
             : yield (0, router_1.router)(location, dataAPI)(req);
         if (!route)
             return res.sendNotFound();
-        // Forward request to peer edgeport
-        if (req.edgePortRef !== route.edgePortRef) {
-            return (0, function_1.pipe)(req, processor_1.Alterations.addSelfVia(route), 
-            // The LP address belongs to another edgeport
-            processor_1.Alterations.addRouteToListeningPoint(route), processor_1.Alterations.addXEdgePortRef, processor_1.Alterations.decreaseMaxForwards);
+        // If route is not type Route then return
+        if (!("user" in route)) {
+            return res.send(route);
+        }
+        else {
+            // Forward request to peer edgeport
+            if (req.edgePortRef !== route.edgePortRef) {
+                return (0, function_1.pipe)(req, processor_1.Alterations.addSelfVia(route), processor_1.Alterations.addRouteToPeerEdgePort(route), processor_1.Alterations.addXEdgePortRef, processor_1.Alterations.decreaseMaxForwards);
+            }
+            res.send((0, tailor_1.tailor)(route, req));
         }
-        res.send((0, tailor_1.tailor)(route, req));
     }
     catch (err) {
         res.sendError(err);

package/dist/router.d.ts

@@ -1,4 +1,4 @@
 import { CommonConnect as CC, Route } from "@routr/common";
 import { MessageRequest } from "@routr/processor";
 import { ILocationService } from "@routr/location";
-export declare function router(location: ILocationService, dataAPI: CC.DataAPI): (req: MessageRequest) => Promise<Route>;
+export declare function router(location: ILocationService, dataAPI: CC.DataAPI): (request: MessageRequest) => Promise<Route | Record<string, unknown>>;

package/dist/router.js

@@ -35,29 +35,41 @@ const processor_1 = require("@routr/processor");
 const location_1 = require("@routr/location");
 const errors_1 = require("./errors");
 const logger_1 = require("@fonoster/logger");
+const access_1 = require("./access");
 const logger = (0, logger_1.getLogger)({ service: "connect", filePath: __filename });
-const getSIPURI = (uri) => `sip:${uri.user}@${uri.host}`;
 // eslint-disable-next-line require-jsdoc
 function router(location, dataAPI) {
-    return (req) => __awaiter(this, void 0, void 0, function* () {
-        const fromURI = req.message.from.address.uri;
-        const requestURI = req.message.requestUri;
+    return (request) => __awaiter(this, void 0, void 0, function* () {
+        const fromURI = request.message.from.address.uri;
+        const requestURI = request.message.requestUri;
         logger.verbose("routing request from: " +
-            getSIPURI(fromURI) +
+            (0, utils_1.getSIPURI)(fromURI) +
             ", to: " +
-            getSIPURI(requestURI), { fromURI: getSIPURI(fromURI), requestURI: getSIPURI(requestURI) });
+            (0, utils_1.getSIPURI)(requestURI), { fromURI: (0, utils_1.getSIPURI)(fromURI), requestURI: (0, utils_1.getSIPURI)(requestURI) });
         const caller = yield (0, utils_1.findResource)(dataAPI, fromURI.host, fromURI.user);
         const callee = yield (0, utils_1.findResource)(dataAPI, requestURI.host, requestURI.user);
-        const routingDir = (0, utils_1.getRoutingDirection)(caller, callee);
-        switch (routingDir) {
-            case types_1.RoutingDirection.AGENT_TO_PSTN:
-                return yield toPSTN(dataAPI, req, caller, requestURI.user);
+        const routingDirection = (0, utils_1.getRoutingDirection)(caller, callee);
+        if (request.method === common_1.CommonTypes.Method.INVITE) {
+            const failedCheck = yield (0, access_1.checkAccess)({
+                dataAPI,
+                request,
+                caller,
+                callee,
+                routingDirection
+            });
+            if (failedCheck) {
+                return failedCheck;
+            }
+        }
+        switch (routingDirection) {
             case types_1.RoutingDirection.AGENT_TO_AGENT:
-                return agentToAgent(location, req);
+                return agentToAgent(location, request);
+            case types_1.RoutingDirection.AGENT_TO_PSTN:
+                return yield toPSTN(dataAPI, request, caller, requestURI.user);
             case types_1.RoutingDirection.FROM_PSTN:
                 return yield fromPSTN(location, dataAPI, callee);
             default:
-                throw new errors_1.UnsuportedRoutingError(routingDir);
+                throw new errors_1.UnsuportedRoutingError(routingDirection);
         }
     });
 }
@@ -119,14 +131,15 @@ function toPSTN(dataAPI, req, caller, calleeNumber) {
             throw new Error(`no trunk associated with Number ref: ${number === null || number === void 0 ? void 0 : number.ref}`);
         }
         const uri = (0, utils_1.getTrunkURI)(trunk);
-        const egressListeningPoint = common_1.Helper.getListeningPoint(req, uri.transport);
         return {
             user: uri.user,
             host: uri.host,
             port: uri.port,
             transport: uri.transport,
             edgePortRef: req.edgePortRef,
-            egressListeningPoint,
+            listeningPoints: req.listeningPoints,
+            localnets: req.localnets,
+            externalAddrs: req.externalAddrs,
             headers: [
                 // TODO: Find a more deterministic way to re-add the Privacy header
                 {

package/dist/service.js

@@ -70,7 +70,7 @@ function ConnectProcessor(config) {
                     (0, handlers_1.handleRegistry)(req, res);
                 }
                 else {
-                    (0, handlers_1.handleRegister)(location)(req, res);
+                    (0, handlers_1.handleRegister)(common_2.CommonConnect.dataAPI(config.apiAddr), location)(req, res);
                 }
                 break;
             case common_1.Method.BYE:

package/dist/utils.d.ts

@@ -2,6 +2,8 @@ import { HeaderModifier, MessageRequest, Transport, CommonConnect as CC } from "
 import { RoutingDirection } from "./types";
 export declare const isKind: (res: CC.Resource, kind: CC.Kind) => boolean;
 export declare const findDomain: (dataAPI: CC.DataAPI, domainUri: string) => Promise<CC.Resource>;
+export declare const findTrunkByRequestURI: (dataAPI: CC.DataAPI, requestUri: string) => Promise<CC.Resource>;
+export declare const findNumberByTelUrl: (dataAPI: CC.DataAPI, telUrl: string) => Promise<CC.Resource>;
 export declare const findResource: (dataAPI: CC.DataAPI, domainUri: string, userpart: string) => Promise<CC.Resource>;
 export declare const getRoutingDirection: (caller: CC.Resource, callee: CC.Resource) => RoutingDirection;
 export declare const createPAssertedIdentity: (req: MessageRequest, trunk: CC.Resource, number: CC.Resource) => HeaderModifier;
@@ -13,3 +15,7 @@ export declare const getTrunkURI: (trunk: CC.Resource) => {
     user: string;
     transport: Transport;
 };
+export declare const getSIPURI: (uri: {
+    user?: string;
+    host: string;
+}) => string;

package/dist/utils.js

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getTrunkURI = exports.createTrunkAuthentication = exports.createRemotePartyId = exports.createPAssertedIdentity = exports.getRoutingDirection = exports.findResource = exports.findDomain = exports.isKind = void 0;
+exports.getSIPURI = exports.getTrunkURI = exports.createTrunkAuthentication = exports.createRemotePartyId = exports.createPAssertedIdentity = exports.getRoutingDirection = exports.findResource = exports.findNumberByTelUrl = exports.findTrunkByRequestURI = exports.findDomain = exports.isKind = void 0;
 /*
  * Copyright (C) 2022 by Fonoster Inc (https://fonoster.com)
  * http://github.com/fonoster/routr
@@ -47,16 +47,30 @@ const findDomain = (dataAPI, domainUri) => __awaiter(void 0, void 0, void 0, fun
     }))[0];
 });
 exports.findDomain = findDomain;
-const findResource = (dataAPI, domainUri, userpart) => __awaiter(void 0, void 0, void 0, function* () {
-    const domain = yield (0, exports.findDomain)(dataAPI, domainUri);
-    // TODO: Fix jsonpath not working for logical AND and OR
-    let res = (yield dataAPI.findBy({
+const findTrunkByRequestURI = (dataAPI, requestUri) => __awaiter(void 0, void 0, void 0, function* () {
+    return (yield dataAPI.findBy({
+        kind: common_1.CommonConnect.Kind.TRUNK,
+        criteria: common_1.CommonConnect.FindCriteria.FIND_TRUNK_BY_REQUEST_URI,
+        parameters: {
+            requestUri
+        }
+    }))[0];
+});
+exports.findTrunkByRequestURI = findTrunkByRequestURI;
+const findNumberByTelUrl = (dataAPI, telUrl) => __awaiter(void 0, void 0, void 0, function* () {
+    return (yield dataAPI.findBy({
         kind: common_1.CommonConnect.Kind.NUMBER,
         criteria: common_1.CommonConnect.FindCriteria.FIND_NUMBER_BY_TELURL,
         parameters: {
-            telUrl: `tel:${userpart}`
+            telUrl
         }
     }))[0];
+});
+exports.findNumberByTelUrl = findNumberByTelUrl;
+const findResource = (dataAPI, domainUri, userpart) => __awaiter(void 0, void 0, void 0, function* () {
+    const domain = yield (0, exports.findDomain)(dataAPI, domainUri);
+    // TODO: Fix jsonpath not working for logical AND and OR
+    let res = yield (0, exports.findNumberByTelUrl)(dataAPI, `tel:${userpart}`);
     res =
         res == null
             ? (yield dataAPI.findBy({
@@ -141,3 +155,5 @@ const getTrunkURI = (trunk) => {
     };
 };
 exports.getTrunkURI = getTrunkURI;
+const getSIPURI = (uri) => uri.user ? `sip:${uri.user}@${uri.host}` : `sip:${uri.host}`;
+exports.getSIPURI = getSIPURI;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@routr/connect",
-  "version": "2.0.8-alpha.5",
+  "version": "2.0.8-alpha.7",
   "description": "Default processor",
   "author": "Pedro Sanders <psanders@fonoster.com>",
   "homepage": "https://github.com/fonoster/routr#readme",
@@ -28,9 +28,9 @@
     "@opentelemetry/sdk-trace-base": "^1.0.4",
     "@opentelemetry/sdk-trace-node": "^1.0.4",
     "@opentelemetry/semantic-conventions": "^1.0.4",
-    "@routr/common": "^2.0.8-alpha.5",
-    "@routr/location": "^2.0.8-alpha.5",
-    "@routr/processor": "^2.0.8-alpha.5"
+    "@routr/common": "^2.0.8-alpha.7",
+    "@routr/location": "^2.0.8-alpha.7",
+    "@routr/processor": "^2.0.8-alpha.7"
   },
   "files": [
     "dist"
@@ -45,5 +45,5 @@
   "bugs": {
     "url": "https://github.com/fonoster/routr/issues"
   },
-  "gitHead": "215638b9d7b56b2db2c2f0bc1bada3b6accbde58"
+  "gitHead": "d2e012d926e02e319646ea0f5419962f8b712362"
 }