Added AUTH_JWT module

In some cases ( ie. WebRTC ) the user authenticates on another
layer ( eg. on the actual website ), so it makes no sense to
double-authenticate it on the SIP layer.
Thus, the WebRTC client will simply present the JWT auth token
it received from the server, and pass it on to
OpenSIPS ( ie. Authorization: Bearer jwt_token_here )
which will use that for authentication purposes.

Author: vladpaiu

Makefile.conf.template

@@ -1,4 +1,5 @@
 #aaa_radius= Radius implementation for the AAA API from the core | Radius client development library, typically radiusclient-ng 0.5.0 or higher
+#auth_jwt= JWT auth support | JWT client development library, libjwt-dev
 #b2b_logic= Logic engine of B2BUA, responsible of actually implementing the B2BUA services | xml parsing development library, typically libxml2-dev
 #cachedb_cassandra= Implementation of a cache system designed to work with Cassandra servers | thrift 0.6.1
 #cachedb_couchbase= Implementation of a cache system designed to work with CouchBase servers | libcouchbase >= 2.0
@@ -62,7 +63,7 @@
 #xmpp= Gateway between OpenSIPS and a jabber server. It enables the exchange of IMs between SIP clients and XMPP(jabber) clients. | parsing/building XML files, typically libexpat1-devel
 #uuid= UUID generator | uuid-dev
 
-exclude_modules?= aaa_radius b2b_logic cachedb_cassandra cachedb_couchbase cachedb_memcached cachedb_mongodb cachedb_redis carrierroute cgrates compression cpl_c db_berkeley db_http db_mysql db_oracle db_perlvdb db_postgres db_sqlite db_unixodbc dialplan emergency event_rabbitmq h350 httpd identity jabber json ldap lua mi_xmlrpc_ng mmgeoip osp perl pi_http presence presence_dialoginfo presence_mwi presence_xml presence_dfks proto_sctp proto_tls proto_wss pua pua_bla pua_dialoginfo pua_mi pua_usrloc pua_xmpp python regex rabbitmq rabbitmq_consumer rest_client rls siprec sngtc snmpstats stir_shaken tls_mgm uuid xcap xcap_client xml xmpp
+exclude_modules?= aaa_radius auth_jwt b2b_logic cachedb_cassandra cachedb_couchbase cachedb_memcached cachedb_mongodb cachedb_redis carrierroute cgrates compression cpl_c db_berkeley db_http db_mysql db_oracle db_perlvdb db_postgres db_sqlite db_unixodbc dialplan emergency event_rabbitmq h350 httpd identity jabber json ldap lua mi_xmlrpc_ng mmgeoip osp perl pi_http presence presence_dialoginfo presence_mwi presence_xml presence_dfks proto_sctp proto_tls proto_wss pua pua_bla pua_dialoginfo pua_mi pua_usrloc pua_xmpp python regex rabbitmq rabbitmq_consumer rest_client rls siprec sngtc snmpstats stir_shaken tls_mgm uuid xcap xcap_client xml xmpp
 
 include_modules?=
 

db/schema/auth_jwt_profiles.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE table PUBLIC "-//opensips.org//DTD DBSchema V1.1//EN" 
+  "https://opensips.org/pub/opensips/dbschema/dtd/1.1/dbschema.dtd" [
+
+<!ENTITY % entities SYSTEM "entities.xml">
+%entities;
+
+]>
+
+<table id="jwt_profiles" xmlns:db="http://docbook.org/ns/docbook">
+	<name>jwt_profiles</name>
+	<version>1</version>
+	<type db="mysql">&MYSQL_TABLE_TYPE;</type>
+	<description>
+		<db:para>This table is used by the AUTH_JWT module to read the actual JWT profiles info
+		More information can be found at: &OPENSIPS_MOD_DOC;auth_jwt.html.
+		</db:para>
+	</description>
+
+	<column id="id">
+		<name>id</name>
+		<type>unsigned int</type>
+		<size>&table_id_len;</size>
+		<autoincrement/>
+		<natural/>
+		<primary/>
+		<type db="dbtext">int,auto</type>
+		<description>Table key, not used by module</description>
+	</column>
+
+	<column id="tag">
+		<name>tag</name>
+		<type>string</type>
+		<size>128</size>
+		<description>Unique ID of the JWT profile</description>
+	</column>
+
+	<column id="sip_username">
+		<name>sip_username</name>
+		<type>string</type>
+		<size>128</size>
+		<description>The SIP username associated with the JWT profile
+		</description>
+	</column>
+
+	<index>
+		<name>jwt_tag_idx</name>
+		<colref linkend="tag"/>
+		<unique/>
+	</index>
+
+
+</table>

db/schema/auth_jwt_secrets.xml

@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE table PUBLIC "-//opensips.org//DTD DBSchema V1.1//EN" 
+  "https://opensips.org/pub/opensips/dbschema/dtd/1.1/dbschema.dtd" [
+
+<!ENTITY % entities SYSTEM "entities.xml">
+%entities;
+
+]>
+
+<table id="jwt_secrets" xmlns:db="http://docbook.org/ns/docbook">
+	<name>jwt_secrets</name>
+	<version>1</version>
+	<type db="mysql">&MYSQL_TABLE_TYPE;</type>
+	<description>
+		<db:para>This table is used by the AUTH_JWT module to read the actual JWT secrets which are used for authentication
+		More information can be found at: &OPENSIPS_MOD_DOC;auth_jwt.html.
+		</db:para>
+	</description>
+
+	<column id="id">
+		<name>id</name>
+		<type>unsigned int</type>
+		<size>&table_id_len;</size>
+		<autoincrement/>
+		<natural/>
+		<primary/>
+		<type db="dbtext">int,auto</type>
+		<description>Table key, not used by module</description>
+	</column>
+
+	<column id="corresponding_tag">
+		<name>corresponding_tag</name>
+		<type>string</type>
+		<size>128</size>
+		<description>JWT profile tag which this secret belongs to</description>
+	</column>
+
+	<column id="secret">
+		<name>secret</name>
+		<type>string</type>
+		<size>2048</size>
+		<description>The KEY used for signing the JWT
+		</description>
+	</column>
+
+	<column id="start_ts">
+		<name>start_ts</name>
+		<type>int</type>
+		<description>UNIX TS for the START period on which the JWT secret is valid
+		</description>
+	</column>
+
+	<column id="end_ts">
+		<name>end_ts</name>
+		<type>int</type>
+		<description>UNIX TS for the END period on which the JWT secret is valid
+		</description>
+	</column>
+
+</table>

db/schema/opensips-authjwt.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE database PUBLIC "-//opensips.org//DTD DBSchema V1.1//EN"
+	"https://opensips.org/pub/opensips/dbschema/dtd/1.1/dbschema.dtd" [
+
+<!ENTITY % entities SYSTEM "entities.xml">
+%entities;
+
+]>
+
+<database xmlns:xi="http://www.w3.org/2001/XInclude">
+	<name>Dynamic Routing</name>
+	<xi:include href="auth_jwt_profiles.xml"/>
+	<xi:include href="auth_jwt_secrets.xml"/>
+</database>

modules/auth_jwt/Makefile

@@ -0,0 +1,13 @@
+# $Id$
+#
+# JWT Authentication
+#
+# 
+# WARNING: do not run this directly, it should be run by the master Makefile
+
+include ../../Makefile.defs
+auto_gen=
+NAME=auth_jwt.so
+LIBS+=-ljwt
+
+include ../../Makefile.modules