Commit Graph

5 Commits

Author SHA1 Message Date
Dave Horton bff9314622 fix(security): add authorization checks to prevent cross-account access (CWE-639) (#558)
- Add precondition support to decorate.js retrieve function
- Fix google-custom-voices.js typo and add delete precondition
- Check ownership via speech_credential for google-custom-voices
- Add retrieve/delete preconditions to lcr-carrier-set-entries.js
- Add retrieve precondition to sip-gateways.js and smpp-gateways.js
- Add scope check to lcr-routes.js custom GET handler
- Add full authorization to tenants.js for all CRUD operations
- Add scoped query methods to tenant model

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-06-27 15:53:51 -04:00
Dave Horton ed51d8b13f merge of features from hosted branch (#7)
major merge of features from the hosted branch that was created temporarily during the initial launch of jambonz.org
2021-06-17 15:56:21 -04:00
Dave Horton be011db109 add support for sbc_addresses and ms_teams_tenants tables 2020-04-20 11:44:49 -04:00
Dave Horton 0f06c44168 major updates and test suite 2019-12-04 21:43:27 -05:00
Dave Horton 47bb642854 revamped db schema and implemented some simple api 2019-12-02 16:49:25 -05:00