Fix/tls transport (#141)

* fix scheme * add missing initialization of scheme * delete contact header explicitly * wip * wip * wip * fix bug with cseq * wip * deps * wip * wip --------- Co-authored-by: Markus Frindt <m.frindt@cognigy.com>
2025-12-18 20:17:46 +00:00 · 2024-07-24 15:27:01 -04:00
parent b21eaad1ff
commit bf1c670b40
4 changed files with 585 additions and 4625 deletions
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,4 +1,4 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"

-npm run jslint
+npm run jslint
--- a/lib/call-session.js
+++ b/lib/call-session.js
@@ -8,29 +8,45 @@ const debug = require('debug')('jambonz:sbc-outbound');

 const makeInviteInProgressKey = (callid) => `sbc-out-iip${callid}`;
 const IMMUTABLE_HEADERS = ['via', 'from', 'to', 'call-id', 'cseq', 'max-forwards', 'content-length'];
-/**
- * this is to make sure the outgoing From has the number in the incoming From
- * and not the incoming PAI
- */
-const createBLegFromHeader = (req, teams, register_from_domain = null) => {
+
+const createBLegFromHeader = ({
+  logger,
+  req,
+  host,
+  register_from_domain,
+  transport,
+  teams = false,
+  scheme = 'sip'
+}) => {
  const from = req.getParsedHeader('From');
  const uri = parseUri(from.uri);
-  let user = uri.user || 'anonymous';
-  let host = 'localhost';
-  if (teams) {
-    host = req.get('X-MS-Teams-Tenant-FQDN');
-  }
-  else if (req.has('X-Preferred-From-User') || req.has('X-Preferred-From-Host')) {
-    user = req.get('X-Preferred-From-User') || user;
-    host = req.get('X-Preferred-From-Host') || host;
-  } else if (register_from_domain) {
-    host = register_from_domain;
+  const transportParam = transport ? `;transport=${transport}` : '';
+
+  logger.debug({from, uri, host, scheme, transport, teams}, 'createBLegFromHeader');
+  /* user */
+  const user = req.get('X-Preferred-From-User') || uri.user || 'anonymous';
+
+  /* host */
+  if (!host) {
+    if (teams) {
+      host = req.get('X-MS-Teams-Tenant-FQDN');
+    }
+    else if (req.has('X-Preferred-From-User')) {
+      host = req.get('X-Preferred-From-Host');
+    } else if (register_from_domain) {
+      host = register_from_domain;
+    }
+    else {
+      host = 'localhost';
+    }
  }
+
  if (from.name) {
-    return `${from.name} <${this.scheme}:${user}@${host}>`;
+    return `${from.name} <${scheme}:${user}@${host}${transportParam}>`;
  }
-  return `${this.scheme}:${user}@${host}`;
+  return `<${scheme}:${user}@${host}${transportParam}>`;
 };
+
 const createBLegToHeader = (req, teams) => {
  const to = req.getParsedHeader('To');
  const host = teams ? req.get('X-MS-Teams-Tenant-FQDN') : 'localhost';
@@ -191,12 +207,9 @@ class CallSession extends Emitter {
    let encryptedMedia = false;

    try {
-      this.contactHeader = createBLegFromHeader(this.req, teams);
      // determine where to send the call
      debug(`connecting call: ${JSON.stringify(this.req.locals)}`);
-      let headers = {
-        'From': createBLegFromHeader(this.req, teams),
-        'Contact': this.contactHeader,
+      const headers = {
        'To': createBLegToHeader(this.req, teams),
        Allow: 'INVITE, ACK, OPTIONS, CANCEL, BYE, NOTIFY, UPDATE, PRACK',
        'X-Account-Sid': this.account_sid
@@ -220,6 +233,7 @@ class CallSession extends Emitter {
        if (!contact.includes('transport=ws')) {
          proxy = this.req.locals.registration.proxy;
        }
+        this.logger.info(`sending call to registered user ${destUri}`);
      }
      else if (this.req.locals.target === 'forward') {
        uris = [{
@@ -244,10 +258,6 @@ class CallSession extends Emitter {
          private_network: false,
          uri: `sip:${this.req.calledNumber}@sip.pstnhub.microsoft.com`
        }];
-        headers = {
-          ...headers,
-          Contact: `sip:${this.req.calledNumber}@${this.req.get('X-MS-Teams-Tenant-FQDN')}:5061;transport=tls`
-        };
      }
      else {
        try {
@@ -297,23 +307,18 @@ class CallSession extends Emitter {
                this.req.calledNumber.slice(1) :
                this.req.calledNumber;
              const prefix = vc.tech_prefix || '';
-              const protocol =  o.protocol?.startsWith('tls') ? 'tls' : (o.protocol || 'udp');
+              const transport =  o.protocol?.startsWith('tls') ? 'tls' : (o.protocol || 'udp');
              const hostport = !o.port || 5060 === o.port ? o.ipv4 : `${o.ipv4}:${o.port}`;
              const prependPlus = vc.e164_leading_plus && !this.req.calledNumber.startsWith('0') ? '+' : '';
-              this.transport = `transport=${protocol}`;
-              const useSipsScheme = protocol === 'tls' &&
-                !process.env.JAMBONES_USE_BEST_EFFORT_TLS &&
-                o.use_sips_scheme;
-
-              if (useSipsScheme) {
-                this.scheme = 'sips';
-              }
-              const u = `${this.scheme}:${prefix}${prependPlus}${calledNumber}@${hostport};${this.transport}`;
+              const scheme = transport === 'tls' && !process.env.JAMBONES_USE_BEST_EFFORT_TLS && o.use_sips_scheme ?
+                'sips' : 'sip';
+              const u = `${scheme}:${prefix}${prependPlus}${calledNumber}@${hostport};transport=${transport}`;
              const obj = {
                name: vc.name,
                diversion: vc.diversion,
                hostport,
-                protocol: o.protocol,
+                transport,
+                scheme,
                register_from_domain: vc.register_from_domain
              };
              if (vc.register_username && vc.register_password) {
@@ -324,6 +329,7 @@ class CallSession extends Emitter {
              }
              mapGateways.set(u, obj);
              uris.push(u);
+              this.logger.debug({gateway: o}, `pushed uri ${u}`);
              if (o.protocol === 'tls/srtp') {
                /**  TODO: this is a bit of a hack in the sense that we are not
                 * supporting a scenario where you have a carrier with several outbound
@@ -336,7 +342,7 @@ class CallSession extends Emitter {
                encryptedMedia = true;
              }
            });
-            // Check private network for each gw
+            /* Check private network for each gw */
            uris = await Promise.all(uris.map(async(u) => {
              return {
                private_network: await isPrivateVoipNetwork(u),
@@ -358,14 +364,12 @@ class CallSession extends Emitter {
        debug(`sending call to PSTN ${uris}`);
      }

-      // private_network should be called at last
+      /* private_network should be called at last - try public first */
      uris = uris.sort((a, b) => a.private_network - b.private_network);
      const toPrivate = uris.some((u) => u.private_network === true);
      const toPublic = uris.some((u) => u.private_network === false);
      let isOfferUpdatedToPrivate = toPrivate && !toPublic;

-
-      // rtpengine 'offer'
      const opts = updateRtpEngineFlags(this.req.body, {
        ...this.rtpEngineOpts.common,
        ...this.rtpEngineOpts.uac.mediaOpts,
@@ -374,7 +378,6 @@ class CallSession extends Emitter {
        sdp: this.req.body
      });
      let response = await this.offer(opts);
-      debug(`response from rtpengine to offer ${JSON.stringify(response)}`);
      this.logger.debug({offer: opts, response}, 'initial offer to rtpengine');
      if ('ok' !== response.result) {
        this.logger.error(`rtpengine offer failed with ${JSON.stringify(response)}`);
@@ -387,10 +390,12 @@ class CallSession extends Emitter {
      // crank through the list of gateways until connected, exhausted or caller hangs up
      let earlyMedia = false;
      while (uris.length) {
-        let hdrs = { ...headers};
+        let hdrs = { ...headers };
        const {private_network, uri} = uris.shift();
+
+        /* if we've exhausted attempts to public endpoints and are switching to trying private, we need new rtp */
        if (private_network && !isOfferUpdatedToPrivate) {
-          // Cannot make call to all public Uris, now come to talk with private network Uris
+          this.logger.info('switching to attempt to deliver call via private network now..');
          this.rtpEngineResource.destroy()
            .catch((err) => this.logger.info({err}, 'Error destroying rtpe to re-connect to private network'));
          response = await this.offer({
@@ -399,8 +404,8 @@ class CallSession extends Emitter {
          });
          isOfferUpdatedToPrivate = true;
        }
-        const gw = mapGateways.get(uri);
-        const passFailure = 0 === uris.length;  // only a single target
+
+        /* on the second and subsequent attempts, use the same Call-ID and CSeq from the first attempt */
        if (0 === uris.length) {
          try {
            const key = makeInviteInProgressKey(this.req.get('Call-ID'));
@@ -416,35 +421,75 @@ class CallSession extends Emitter {
            this.logger.info({err}, 'Error retrieving iip key');
          }
        }
-        // INVITE request line and To header should be the same.
-        hdrs = {...hdrs, 'To': uri};
-        if (gw) {
-          this.logger.info({gw}, `sending INVITE to ${uri} via carrier ${gw.name}`);
-          if (gw.diversion) {
-            let div = gw.diversion;
-            if (div.startsWith('+')) {
-              div = `<sip:${div}@${gw.hostport}>;reason=unknown;counter=1;privacy=off`;
-            }
-            else div = `<sip:+${div}@${gw.hostport}>;reason=unknown;counter=1;privacy=off`;
-            hdrs = {
-              ...hdrs,
-              'Diversion': div
-            };
-          }
-          if (gw.register_from_domain) {
-            hdrs = {
-              ...hdrs,
-              'From': createBLegFromHeader(this.req, teams, gw.register_from_domain)
-            };
-          }
-        }
-        else this.logger.info(`sending INVITE to ${uri} via proxy ${proxy})`);
-        try {
-          if (this.privateSipAddress) {
-            this.contactHeader = `<${this.scheme}:${this.privateSipAddress}>`;
-          }
-          const responseHeaders = this.privateSipAddress ? {Contact: this.contactHeader} : {};

+        /* INVITE request line and To header should be the same. */
+        hdrs = {...hdrs, 'To': uri};
+
+        /* only now can we set Contact & From header since they depend on transport and scheme of gw */
+        const gw = mapGateways.get(uri);
+        if (gw) {
+          const {scheme, transport} = gw;
+          this.logger.info({gw}, `sending INVITE to ${uri} via carrier ${gw.name}`);
+          hdrs = {
+            ...hdrs,
+            From: gw.register_from_domain ?
+              createBLegFromHeader({
+                logger: this.logger,
+                req: this.req,
+                register_from_domain: gw.register_from_domain,
+                scheme,
+                transport,
+                ...(private_network && {host: this.privateSipAddress})
+              }) :
+              createBLegFromHeader({
+                logger: this.logger,
+                req: this.req,
+                scheme,
+                transport,
+                ...(private_network && {host: this.privateSipAddress})
+              }),
+            Contact: createBLegFromHeader({
+              logger: this.logger,
+              req: this.req,
+              scheme,
+              transport,
+              ...(private_network && {host: this.privateSipAddress})
+            }),
+            ...(gw.diversion && {
+              Diversion: gw.diversion.startsWith('+') ?
+                `<sip:${gw.diversion}@${gw.hostport}>;reason=unknown;counter=1;privacy=off` :
+                `<sip:+${gw.diversion}@${gw.hostport}>;reason=unknown;counter=1;privacy=off`
+            })
+          };
+        }
+        else if (teams) {
+          hdrs = {
+            ...hdrs,
+            'From': createBLegFromHeader({logger: this.logger, req: this.req, teams: true, transport: 'tls'}),
+            'Contact': `sip:${this.req.calledNumber}@${this.req.get('X-MS-Teams-Tenant-FQDN')}:5061;transport=tls`
+          };
+        }
+        else {
+          hdrs = {
+            ...hdrs,
+            'From': createBLegFromHeader({
+              logger: this.logger,
+              req: this.req,
+              ...(private_network && {host: this.privateSipAddress})
+            }),
+            'Contact': createBLegFromHeader({
+              logger: this.logger,
+              req: this.req,
+              ...(private_network && {host: this.privateSipAddress})
+            })
+          };
+          const p = proxy ? ` via ${proxy}` : '';
+          this.logger.info({uri, p}, `sending INVITE to ${uri}${p}`);
+        }
+
+        /* now launch an outbound call attempt */
+        const passFailure = 0 === uris.length;  // only propagate failure on last attempt
+        try {
          const {uas, uac} = await this.srf.createB2BUA(this.req, this.res, uri, {
            proxy,
            passFailure,
@@ -470,7 +515,6 @@ class CallSession extends Emitter {
              '-Session-Expires'
            ],
            headers: hdrs,
-            responseHeaders,
            auth: gw ? gw.auth : undefined,
            localSdpB: response.sdp,
            localSdpA: async(sdp, res) => {
@@ -523,6 +567,9 @@ class CallSession extends Emitter {
              } catch (err) {
                this.logger.error({err}, 'Error saving Call-ID/CSeq');
              }
+
+              this.contactHeader = inv.get('Contact');
+              this.logger.info(`outbound call attempt to ${uri} has contact header ${this.contactHeader}`);
            },
            cbProvisional: (response) => {
              if (!earlyMedia && [180, 183].includes(response.status) && response.body) earlyMedia = true;
@@ -795,7 +842,7 @@ Duration=${payload.duration} `
        sdp
      };
      response = await this.answer(opts);
-      /* now remove asymeetric as B party (looking at you Genesys ring group) may need port re-learning on invites  */
+      /* now remove asymmetric as B party (looking at you Genesys ring group) may need port re-learning on invites  */
      answerMedia.flags = answerMedia.flags.filter((f) => f !== 'asymmetric');
      if ('ok' !== response.result) {
        res.send(488);
@@ -1049,25 +1096,15 @@ Duration=${payload.duration} `
        const referredBy = req.getParsedHeader('Referred-By');
        if (!referredBy) return res.send(400);
        const u = parseUri(referredBy.uri);
-        const farEnd = parseUri(this.connectedUri);
-        uri.host = farEnd.host;
-        uri.port = farEnd.port;
-        this.scheme = farEnd.scheme;

-        if (farEnd.params?.transport) {
-          this.transport = `transport=${farEnd.params.transport}`;
-        }
-        /* TODO: we receive a lowercase 'contact' from feature-server */
+        /* delete contact if it was there from feature server */
        delete customHeaders['contact'];

-        this.referContactHeader = `<${this.scheme}:${uri.user}@${uri.host}:${uri.port}>;${this.transport}`;
        const response = await this.uac.request({
          method: 'REFER',
          headers: {
-            // Make sure the uri is protected by <> if uri is complex form
            'Refer-To': `<${stringifyUri(uri)}>`,
            'Referred-By': `<${stringifyUri(u)}>`,
-            'Contact': this.referContactHeader,
            ...customHeaders
          }
        });
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -27,8 +27,8 @@
    "jslint": "eslint app.js lib --fix"    
  },
  "dependencies": {
-    "@jambonz/db-helpers": "^0.9.3",
-    "@jambonz/realtimedb-helpers": "^0.8.8",
+    "@jambonz/db-helpers": "^0.9.6",
+    "@jambonz/realtimedb-helpers": "^0.8.9",
    "@jambonz/http-health-check": "^0.0.1",
    "@jambonz/mw-registrar": "0.2.7",
    "@jambonz/rtpengine-utils": "^0.4.4",