ben.carrasco/jambonz-api-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-api-server.git synced 2026-01-25 02:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix small issues in the code (#145)

Browse Source 
Co-authored-by: eglehelms <e.helms@cognigy.com>
This commit is contained in:
EgleH
2023-04-06 13:31:14 +02:00
committed by GitHub
parent b2dce18c7a
commit 9c7f8b4e7b
4 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/routes/api/phone-numbers.js
View File

@@ -22,6 +22,10 @@ async function validateAdd(req) {
req.body.account_sid = req.user.account_sid;
}
if (req.user.hasServiceProviderAuth) {
req.body.service_provider_sid = req.user.service_provider_sid;
}
if (!req.body.number) throw new DbErrorBadRequest('number is required');
const formattedNumber = e164(req.body.number);
req.body.number = formattedNumber;
@@ -62,7 +66,11 @@ async function validateUpdate(req, sid) {
throw new DbErrorForbidden('insufficient privileges');
}
}
if (req.user.hasServiceProviderAuth) {
if (phoneNumber && phoneNumber.length && phoneNumber[0].service_provider_sid !== req.user.service_provider_sid) {
throw new DbErrorForbidden('insufficient privileges');
}
}
// TODO: if we are assigning to an account, verify it exists
// TODO: if we are assigning to an application, verify it is associated to the same account
@@ -98,7 +106,7 @@ router.get('/:sid', async(req, res) => {
const account_sid = results[0].account_sid;
const [r] = await promisePool.execute(
'SELECT service_provider_sid from accounts WHERE account_sid = ?', [account_sid]);
if (r.length === 1 && r[0].service_provider_sid === !req.user.service_provider_sid) {
if (r.length === 1 && r[0].service_provider_sid !== req.user.service_provider_sid) {
throw new DbErrorBadRequest('insufficient privileges');
}
}

4
lib/routes/api/sip-gateways.js
View File

@@ -7,6 +7,10 @@ const sysError = require('../error');
const checkUserScope = async(req, voip_carrier_sid) => {
const {lookupCarrierBySid} = req.app.locals;
if (!voip_carrier_sid) {
throw new DbErrorBadRequest('missing voip_carrier_sid');
}
if (req.user.hasAdminAuth) return;
if (req.user.hasAccountAuth) {
const carrier = await lookupCarrierBySid(voip_carrier_sid);

4
lib/routes/api/smpp-gateways.js
View File

@@ -6,6 +6,10 @@ const sysError = require('../error');
const checkUserScope = async(req, voip_carrier_sid) => {
const {lookupCarrierBySid} = req.app.locals;
if (!voip_carrier_sid) {
throw new DbErrorBadRequest('missing voip_carrier_sid');
}
if (req.user.hasAdminAuth) return;
if (req.user.hasAccountAuth) {

2
lib/routes/api/webhooks.js
View File

@@ -20,7 +20,7 @@ router.get('/:sid', async(req, res) => {
if (req.user.hasAccountAuth) {
/* can only update carriers for the user's account */
if (results[0].account_sid != req.user.account_sid) {
if (results[0].account_sid !== req.user.account_sid) {
throw new DbErrorForbidden('insufficient privileges');
}
}