# ----------- global configuration parameters ------------------------

debug=2
memdbg=3
fork=yes
log_stderror=yes
children=1
disable_tcp=1
disable_tls=1
disable_sctp=1


check_via=no	# (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5070
listen=udp:10.38.2.177:5070

flags
	AUTH_ADDED;

# ------------------ module loading ----------------------------------

loadpath "/home/mtirpak/SER/git/sip-router/"
loadmodule "modules_k/sl/sl.so"
loadmodule "modules/tm/tm.so"
loadmodule "modules_k/rr/rr.so"
loadmodule "modules_k/uac/uac.so"
loadmodule "modules_k/pv/pv.so"

modparam("uac","credential","username:domain:password")
modparam("uac","auth_realm_avp","$avp(s:realm)")
modparam("uac","auth_username_avp","$avp(s:user)")
modparam("uac","auth_password_avp","$avp(s:password)")


# ------------- routing logic --------------------------------------

route {
	route("first-provider");
}

route["first-provider"] {
	log(0, "FIRST PROVIDER #1\n");
	$avp(s:realm) = "foo.com";
	$avp(s:user) = "Alice";
	$avp(s:password) = "1234";

	rewritehostport("10.38.2.177:5080");
	resetflag(AUTH_ADDED);
	t_on_failure("first-provider-failure");
	t_on_branch("first-provider-prepare");
	t_relay();
}

# rewrite the From header from branch route so that it is done
# separately for each branch
branch_route["first-provider-prepare"] {
	uac_replace_from("sip:Alice@foo.com");
}

failure_route["first-provider-failure"] {
	if (!isflagset(AUTH_ADDED) && t_check_status("401|407")) {
		log(0, "FIRST PROVIDER #2\n");
		t_on_failure("first-provider-failure");
		t_on_branch("first-provider-prepare");
		if (!uac_auth()) {
			route("second-provider");
			return;
		}
		setflag(AUTH_ADDED);
		append_branch();
		t_drop_replies();
		if (!t_relay()) {
			route("second-provider");
			return;
		}
	} else {
		# Either the authentication did not work
		# or there was another failure
		log(0, "FIRST PROVIDER FAILED\n");
		t_drop_replies();
		route("second-provider");
	}
}

route["second-provider"] {
	log(0, "SECOND PROVIDER #1\n");
	$avp(s:realm) = "bar.com";
	$avp(s:user) = "Bob";
	$avp(s:password) = "5678";

	rewritehostport("10.38.2.177:5090");
	resetflag(AUTH_ADDED);
	t_on_failure("second-provider-failure");
	t_on_branch("second-provider-prepare");
	append_branch();
	t_relay();
}

branch_route["second-provider-prepare"] {
	uac_replace_from("sip:Bob@bar.com");
}

failure_route["second-provider-failure"] {
	if (!isflagset(AUTH_ADDED) && t_check_status("401|407")) {
		log(0, "SECOND PROVIDER #2\n");
		t_on_failure("second-provider-failure");
		t_on_branch("second-provider-prepare");
		if (!uac_auth()) {
			route("auth-error");
			return;
		}
		setflag(AUTH_ADDED);
		append_branch();
		t_drop_replies();
		if (!t_relay()) {
			route("auth-error");
			return;
		}
	} else {
		log(0, "SECOND PROVIDER FAILED\n");
		if (t_check_status("401|407")) {
			# Does not let the 401/407 forwarded.
			route("auth-error");
		}
	}
}

route["auth-error"] {
	t_reply("500", "failed to authenticate");
	drop;
}