Daniel,
What whould you think about this variant:
event_route[xhttp:request] { xlog("L_INFO", "===== xhttp: request [$rv] $rm => $hu\n"); xdbg("===== xhttp: request [$rv] $rm => $hu\n"); if($hu=~"^/xcap-root/") { # xcap ops $xcapuri(u=>data) = $hu; if($xcapuri(u=>xuid)=~"^sip:.+@.+") $var(uri) = $xcapuri(u=>xuid); else if($xcapuri(u=>xuid)=~".+@.+") $var(uri) = "sip:"+ $xcapuri(u=>xuid); else $var(uri) = "sip:"+ $xcapuri(u=>xuid) + "@" + $Ri;
xlog("L_INFO", "===== xhttp: $xcapuri(u=>auid) : $xcapuri(u=>xuid)\n"); if($xcapuri(u=>auid)=="xcap-caps") { set_reply_close(); set_reply_no_connect();
$var(xbody) = ..
xhttp_reply("200", "ok", "application/xcap-caps+xml", "$var(xbody)"); exit; }
#!ifdef WITH_XHTTPAUTH #!ifdef WITH_MULTIDOMAIN if (!www_authorize("$(var(uri){uri.host})", "subscriber")) { www_challenge("$(var(uri){uri.host})", "0"); #!else if (!www_authorize("xcap", "subscriber")) { www_challenge("xcap", "0"); #!endif
exit; }
set_reply_close(); set_reply_no_connect();
#!ifdef WITH_XHTTPAUTH # be sure auth user access only its documents #!ifdef WITH_MULTIDOMAIN if($aU=~".+@.+") $var(tmp) = "sip:"+$aU; else $var(tmp) = "sip:"+$aU+"@"+$(var(uri){uri.host});
if ($var(uri)!=$var(tmp)) { xlog("L_INFO", "===== xhttp: Forbidden!!! $var(tmp) - $var(uri)\n"); #!else if ($au!=$(var(uri){uri.user})) { xlog("L_INFO", "===== xhttp: Forbidden!!! $au - $(var(uri){uri.user})\n"); #!endif
..
Regards, Andrey.