测试 Securing Kamailio’s JSON-RPC over HTTP

原文在这里：

https://kaufmania.wordpress.com/2023/09/13/securing-kamailios-json-rpc-over-http/

写的太好了，笔法老练，掌握精准

---

笔者改了下，kamailio.cfg 全部内容为：

#!KAMAILIO

#!defenv RPC_USER
#!defenv RPC_PASS

loadmodule "pv"
loadmodule "ctl"
loadmodule "xlog"
loadmodule "sl"
loadmodule "json"
loadmodule "xhttp"
loadmodule "jsonrpcs"
loadmodule "tcpops"
loadmodule "htable"
loadmodule "auth"
loadmodule "kex"

tcp_accept_no_cl = yes
http_reply_parse = yes

socket_workers = 2
listen = tcp:enp0s3:8081  # 修改成实际网卡
listen = tcp:127.0.0.1:5060
debug = 3
log_stderror = yes
modparam("jsonrpcs", "transport", 0)
modparam("htable", "htable", "rpc_allow=>size=4");

request_route {
    exit;
}

event_route[xhttp:request] {
    route(XHTTP_PORT_CHECK);

    route(XHTTP_RPC_AUTH);

    route(VALIDATE_RPC_METHOD);

    jsonrpc_dispatch();
}

route[XHTTP_PORT_CHECK] {
    if ( $Rp != 8081 ) {
        xcrit("HTTP Request not received on port 8081. reject\n");
        tcp_close_connection();
    }
}

route[XHTTP_RPC_AUTH]{
    if ( $au != $null && $au != $def(RPC_USER) ) {
        xerr("Invalid RPC user : [$au].\n");
        xhttp_reply(
            "403", "Unauthorized", "text/plain", "403 Unauthorized\r\n"
        );
        exit;
    }

    if ( !pv_www_authenticate("$Ri", "$def(RPC_PASS)", "0") ) {
        switch ( $rc ) {
            case -2:
                xerr("Invalid RPC password for user $au\n");
                xhttp_reply(
                    "403", "Unauthorized", "text/plain", "403 Unauthorized\r\n"
                );
                exit;
            case -5:
                xinfo("HTTP request with no crednetials. Send challenge\n");
                www_challenge("$Ri", "0");
                exit;
            default:
                xinfo("Misc. WWW auth failure. $$rc [$rc]\n");
                xhttp_reply(
                    "503", "Server Error", "text/plain", "503 Server Error\r\n"
                );
                exit;
        }
    }

    consume_credentials();
}

route[VALIDATE_RPC_METHOD] {
	json_get_field("$rb", "method", "$avp(rpc_method)");
    $avp(rpc_method) = $(avp(rpc_method){s.unquote});

    if ( $sht(rpc_allow=>$avp(rpc_method)) == 1 ) {
        return;
    }

    xhttp_reply("403", "Not Allowed", "text/plain", "Not Allowed\n");
    exit;
}

event_route[htable:mod-init] {
    $sht(rpc_allow=>stats.fetch)  = 1;
    $sht(rpc_allow=>core.version) = 1;
    $sht(rpc_allow=>mod.stats)    = 1;
}

---

现在做测试

export RPC_USER=allen

export RPC_PASS=1234

kamailio # 启动 kamailio

curl -X POST -H 'Content-Type: application/json' -d '{"jsonrpc":"2.0","method":"stats.fetch","id":"1","params":["all"]}' --digest -u allen:1234 http://127.0.0.1:8081 -vvv

输出省略

还是要多动手