oberstet
commented
2 years ago short answer: WAMP is explicitly designed to decouple caller/callee, and hence the callee does not need to and should not care about the IP address of a caller. the caller might not even have an IP address! eg router-embedded (function based transport) or Unix domain socket or pipes or serial wire transports lack an IP address.
longer answer: a caller can (if allowed) be "disclosed" by the router, and the callee then gets the caller WAMP session ID, authid and authrole as part of an invocation. if the router implements the WAMP meta API (like eg Crossbar.io), you can then retrieve all connection details given the session ID. and that includes IP and also serialization in use, TLS cert, etc
even longer answer: Crossbar.io support dynamic authentication and dynamic authorization. you can write regular WAMP components that authenticate and authorize other components. using a dynamic authorizer would allow you to deny individual calls (from being forwarded by the router to a callee as an invocation) based on IP address of caller. you can have any custom logic - but you do not have access to the call's app payload (args|kwargs)
https://github.com/crossbario/crossbar-examples/tree/master/disclose https://github.com/crossbario/crossbar-examples/tree/master/metaapi https://github.com/crossbario/crossbar-examples/blob/master/authorization/dynamic/embedded/authorizer.py
pntzio
Hi,
Is it at all possible to see some kind of connection ID or IP address in a provided procedure. For example in
examples/callee_new.cpp, could I theoretically deny an invocation based on a connection ID or IP address from there, or is it entirely up to the WAMP router?Thanks!