* protect service provider data retrieval so only admin users and appropriate service provider users can access
* allow accounts to access ServiceProvider API but filter response data so they dont see other accounts or data they should not
* initial changes for jwt auth
* return permissions as an array of string
* basic GET, POST, DELETE user api calls
* add permission checks
* hide hashed_password
* cleanup
* add check if admin user is active
* return account and serviceProvider sid un user object
* add more values to user PUT
* logout user after self delete, fix scope assignment
* add admin scope user tests
* fix test case and align jwt and api key data model in req.user
* fixes for ibm speech
* add limits license_count and voice_call_minutes
* update limits enum again
* rebase to main
* allow predefined carriers and speech credentials for Account user
* reverse the hasAccountPermissions changes
* SpeechCredentials permissions
* fix /Users/me api non-saas jambonz
Co-authored-by: Dave Horton <daveh@beachdognet.com>
Co-authored-by: eglehelms <e.helms@cognigy.com>
* initial changes for jwt auth
* return permissions as an array of string
* Add JWT expiration environment variable (#74)
* allow fromHost in createCall REST API
* add JWT_EXPIRES_IN=<mins> env variable, 60 mins by default
* add jwt expiration in register.js and signin.js
* fix tests - add permissions and scope to encoded obj in jwt
Co-authored-by: Dave Horton <daveh@beachdognet.com>
Co-authored-by: eglehelms <e.helms@cognigy.com>
* return only the jwt-token in the api response
* update swagger.yaml
* add /users api
* apply review comments
* add users test case
* added User model
* bugfix: admin user should be able to create a carrier for a service provider
Co-authored-by: EgleH <egle.helms@gmail.com>
Co-authored-by: eglehelms <e.helms@cognigy.com>
* initial changes for jwt auth
* return permissions as an array of string
* Add JWT expiration environment variable (#74)
* allow fromHost in createCall REST API
* add JWT_EXPIRES_IN=<mins> env variable, 60 mins by default
* add jwt expiration in register.js and signin.js
* fix tests - add permissions and scope to encoded obj in jwt
Co-authored-by: Dave Horton <daveh@beachdognet.com>
Co-authored-by: eglehelms <e.helms@cognigy.com>
* return only the jwt-token in the api response
Co-authored-by: EgleH <egle.helms@gmail.com>
Co-authored-by: eglehelms <e.helms@cognigy.com>
* obscuring api key when called from webapp
* changes suggested and fix wellsaid apikey return
* hope this works?
* Apikey obscure unobscure Aws Apikey
* handle edge case for short key strings
Co-authored-by: kitajchuk <bk@kitajchuk.com>
