ben.carrasco/jambonz-api-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-api-server.git synced 2026-01-25 02:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix API for Carriers & SIP Gateways (#492)

Browse Source 
* allow account api keys to get/post sip gateways

* require sp sid when creating carriers

* allow account level api keys to query carriers

* lookup and set the service_provider_sid on account create carrier
This commit is contained in:
Sam Machin
2025-08-28 13:46:42 +01:00
committed by GitHub
parent 9c8bfebd53
commit 2e0ea56925
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/routes/api/accounts.js
View File

@@ -161,6 +161,9 @@ router.post('/:sid/VoipCarriers', async(req, res) => {
try { try {
const account_sid = parseAccountSid(req); const account_sid = parseAccountSid(req);
await validateRequest(req, account_sid); await validateRequest(req, account_sid);
// Set the service_provder_sid to the relevent value for the account
const account = await Account.retrieve(req.user.account_sid);
payload.service_provider_sid = account[0].service_provider_sid;
logger.debug({payload}, 'POST /:sid/VoipCarriers'); logger.debug({payload}, 'POST /:sid/VoipCarriers');
const uuid = await VoipCarrier.make({ const uuid = await VoipCarrier.make({

8
lib/routes/api/service-providers.js
View File

@@ -46,10 +46,16 @@ async function validateRetrieve(req) {
return; return;
} }
if (req.user.hasScope('service_provider') || req.user.hasScope('account')) { if (req.user.hasScope('service_provider')) {
if (service_provider_sid === req.user.service_provider_sid) return; if (service_provider_sid === req.user.service_provider_sid) return;
} }
if (req.user.hasScope('account')) {
const results = await Account.retrieve(req.user.account_sid);
if (service_provider_sid === results[0].service_provider_sid) return;
}
throw new DbErrorForbidden('insufficient permissions'); throw new DbErrorForbidden('insufficient permissions');
} catch (error) { } catch (error) {
throw error; throw error;

3
lib/routes/api/sip-gateways.js
View File

@@ -18,8 +18,7 @@ const checkUserScope = async(req, voip_carrier_sid) => {
const carrier = await lookupCarrierBySid(voip_carrier_sid); const carrier = await lookupCarrierBySid(voip_carrier_sid);
if (!carrier) throw new DbErrorBadRequest('invalid voip_carrier_sid'); if (!carrier) throw new DbErrorBadRequest('invalid voip_carrier_sid');
if ((!carrier.service_provider_sid || carrier.service_provider_sid === req.user.service_provider_sid) && if (!carrier.account_sid || carrier.account_sid === req.user.account_sid) {
(!carrier.account_sid || carrier.account_sid === req.user.account_sid)) {
if (req.method !== 'GET' && !carrier.account_sid) { if (req.method !== 'GET' && !carrier.account_sid) {
throw new DbErrorForbidden('insufficient privileges'); throw new DbErrorForbidden('insufficient privileges');