fix: riva_server_uri

.github/workflows/docker-publish.yml

@@ -2,8 +2,16 @@ name: Docker
 
 on:
   push:
+    # Publish `main` as Docker `latest` image.
+    branches:
+      - main
+
+    # Publish `v1.2.3` tags as releases.
     tags:
-      - '*'
+      - v*
+
+env:
+  IMAGE_NAME: api-server
 
 jobs:
   push:
@@ -12,41 +20,32 @@ jobs:
     if: github.event_name == 'push'
 
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v3
 
-      - name: prepare tag 
-        id: prepare_tag
+      - name: Build image
+        run: docker build . --file Dockerfile --tag $IMAGE_NAME
+
+      - name: Log into registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Push image
         run: |
-            IMAGE_ID=$GITHUB_REPOSITORY
+          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
 
-            # Strip git ref prefix from version
-            VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
 
-            # Strip "v" prefix from tag name
-            [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
 
-            # Use Docker `latest` tag convention
-            [ "$VERSION" == "main" ] && VERSION=latest
+          # Strip "v" prefix from tag name
+          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
 
-            echo IMAGE_ID=$IMAGE_ID
-            echo VERSION=$VERSION
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "main" ] && VERSION=latest
 
-            echo "image_id=$IMAGE_ID" >> $GITHUB_OUTPUT
-            echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo IMAGE_ID=$IMAGE_ID
+          echo VERSION=$VERSION
 
-      - name: Login to Docker Hub 
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.prepare_tag.outputs.image_id }}:${{ steps.prepare_tag.outputs.version }}
-          build-args: |
-            GITHUB_REPOSITORY=$GITHUB_REPOSITORY
-            GITHUB_REF=$GITHUB_REF
+          docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+          docker push $IMAGE_ID:$VERSION

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 node:18.15-alpine3.16 as base
+FROM --platform=linux/amd64 node:18.12.1-alpine3.16 as base
 
 RUN apk --update --no-cache add --virtual .builds-deps build-base python3
 
@@ -20,4 +20,4 @@ ARG NODE_ENV
 
 ENV NODE_ENV $NODE_ENV
 
-CMD [ "node", "app.js" ]
+CMD [ "node", "app.js" ]

Dockerfile.db-create

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 node:18.15-alpine3.16 as base
+FROM --platform=linux/amd64 node:18.9.0-alpine3.16 as base
 
 RUN apk --update --no-cache add --virtual .builds-deps build-base python3
 

README.md

@@ -1,44 +1,29 @@
 # jambonz-api-server ![Build Status](https://github.com/jambonz/jambonz-api-server/workflows/CI/badge.svg)
 
-Jambones REST API server of the jambones platform.
+Jambones REST API server.
 
 ## Configuration
 
-Configuration is provided via environment variables:
+This process requires the following environment variables to be set.
 
-| variable | meaning | required?|
-|----------|----------|---------|
-|JWT_SECRET| secret for signing JWT token |yes|
-|JWT_EXPIRES_IN| expiration time for JWT token(in minutes) |no|
-|ENCRYPTION_SECRET| secret for credential encryption(JWT_SECRET is deprecated) |yes|
-|HTTP_PORT| tcp port to listen on for API requests from jambonz-api-server |no|
-|JAMBONES_LOGLEVEL| log level for application, 'info' or 'debug' |no|
-|JAMBONES_MYSQL_HOST| mysql host |yes|
-|JAMBONES_MYSQL_USER| mysql username |yes|
-|JAMBONES_MYSQL_PASSWORD|  mysql password |yes|
-|JAMBONES_MYSQL_DATABASE| mysql data |yes|
-|JAMBONES_MYSQL_PORT| mysql port |no|
-|JAMBONES_MYSQL_CONNECTION_LIMIT| mysql connection limit |no|
-|JAMBONES_REDIS_HOST| redis host |yes|
-|JAMBONES_REDIS_PORT| redis port |no|
-|RATE_LIMIT_WINDOWS_MINS| rate limit window |no|
-|RATE_LIMIT_MAX_PER_WINDOW| number of requests per window |no|
-|JAMBONES_TRUST_PROXY| trust proxies, must be a number |no|
-|JAMBONES_API_VERSION| api version |no|
-|JAMBONES_TIME_SERIES_HOST| influxdb host |yes|
-|JAMBONES_CLUSTER_ID| cluster id |no|
-|HOMER_BASE_URL| HOMER URL |no|
-|HOMER_USERNAME| HOMER username |no|
-|HOMER_PASSWORD| HOMER password |no|
-|K8S| service running as kubernetes service |no|
-|K8S_FEATURE_SERVER_SERVICE_NAME| feature server name(required for K8S) |no|
-|K8S_FEATURE_SERVER_SERVICE_PORT| feature server port(required for K8S) |no|
+```
+JAMBONES_MYSQL_HOST
+JAMBONES_MYSQL_USER
+JAMBONES_MYSQL_PASSWORD
+JAMBONES_MYSQL_DATABASE
+JAMBONES_MYSQL_CONNECTION_LIMIT   # defaults to 10
+JAMBONES_REDIS_HOST
+JAMBONES_REDIS_PORT
+JAMBONES_LOGLEVEL                 # defaults to info
+JAMBONES_API_VERSION              # defaults to v1
+HTTP_PORT                         # defaults to 3000
+```
 
 #### Database dependency
 A mysql database is used to store long-lived objects such as Accounts, Applications, etc. To create the database schema, use or review the scripts in the 'db' folder, particularly:
+- [create_db.sql](db/create_db.sql), which creates the database and associated user (you may want to edit the username and password),
 - [jambones-sql.sql](db/jambones-sql.sql), which creates the schema,
-- [seed-production-database-open-source.sql](db/seed-production-database-open-source.sql), which seeds the database with initial dataset(accounts, permissions, api keys, applications etc).
-- [create-admin-user.sql](db/create-admin-user.sql), which creates admin user with password set to "admin". The password will be forced to change after the first login.
+- [create-admin-token.sql](db/create-admin-token.sql), which creates an admin-level auth token that can be used for testing/exercising the API.
 
 > Note: due to the dependency on the npmjs [mysql](https://www.npmjs.com/package/mysql) package, the mysql database must be configured to use sql [native authentication](https://medium.com/@crmcmullen/how-to-run-mysql-8-0-with-native-password-authentication-502de5bac661).
 

app.js

@@ -1,9 +1,15 @@
 const assert = require('assert');
-const logger = require('./lib/logger');
+const opts = Object.assign({
+  timestamp: () => {
+    return `, "time": "${new Date().toISOString()}"`;
+  }
+}, {
+  level: process.env.JAMBONES_LOGLEVEL || 'info'
+});
+const logger = require('pino')(opts);
 const express = require('express');
 const app = express();
 const helmet = require('helmet');
-const nocache = require('nocache');
 const rateLimit = require('express-rate-limit');
 const cors = require('cors');
 const passport = require('passport');
@@ -15,9 +21,6 @@ assert.ok(process.env.JAMBONES_MYSQL_HOST &&
   process.env.JAMBONES_MYSQL_DATABASE, 'missing JAMBONES_MYSQL_XXX env vars');
 assert.ok(process.env.JAMBONES_REDIS_HOST, 'missing JAMBONES_REDIS_HOST env var');
 assert.ok(process.env.JAMBONES_TIME_SERIES_HOST, 'missing JAMBONES_TIME_SERIES_HOST env var');
-assert.ok(process.env.ENCRYPTION_SECRET || process.env.JWT_SECRET, 'missing ENCRYPTION_SECRET env var');
-assert.ok(process.env.JWT_SECRET, 'missing JWT_SECRET env var');
-
 const {
   queryCdrs,
   queryCdrsSP,
@@ -33,18 +36,14 @@ const {
   retrieveCall,
   deleteCall,
   listCalls,
-  listQueues,
   purgeCalls,
   retrieveSet,
   addKey,
   retrieveKey,
   deleteKey,
-  incrKey
-} = require('./lib/helpers/realtimedb-helpers');
-const {
   getTtsVoices
-} = require('@jambonz/speech-utils')({
-  host: process.env.JAMBONES_REDIS_HOST,
+} = require('@jambonz/realtimedb-helpers')({
+  host: process.env.JAMBONES_REDIS_HOST || 'localhost',
   port: process.env.JAMBONES_REDIS_PORT || 6379
 }, logger);
 const {
@@ -65,7 +64,6 @@ const {
 }, logger);
 const PORT = process.env.HTTP_PORT || 3000;
 const authStrategy = require('./lib/auth')(logger, retrieveKey);
-const {delayLoginMiddleware} = require('./lib/middleware');
 
 passport.use(authStrategy);
 
@@ -76,11 +74,9 @@ app.locals = {
   retrieveCall,
   deleteCall,
   listCalls,
-  listQueues,
   purgeCalls,
   retrieveSet,
   addKey,
-  incrKey,
   retrieveKey,
   deleteKey,
   getTtsVoices,
@@ -128,11 +124,9 @@ if (process.env.JAMBONES_TRUST_PROXY) {
 app.use(limiter);
 app.use(helmet());
 app.use(helmet.hidePoweredBy());
-app.use(nocache());
 app.use(passport.initialize());
 app.use(cors());
 app.use(express.urlencoded({extended: true}));
-app.use(delayLoginMiddleware);
 app.use(unless(['/stripe'], express.json()));
 app.use('/v1', unless(
   [

db/create-admin-user.sql

@@ -1,10 +0,0 @@
-/* hashed password is "admin" */
-insert into users (user_sid, name, email, hashed_password, force_change, provider, email_validated)
-values ('12c80508-edf9-4b22-8d09-55abd02648eb', 'admin', 'joe@foo.bar', '$argon2i$v=19$m=65536,t=3,p=4$c2FsdHNhbHRzYWx0c2FsdA$x5OO6gXFXS25oqUU2JvbYqrSgRxBujNUJBq6xv9EgjM', 1, 'local', 1);
-
-insert into user_permissions (user_permissions_sid, user_sid, permission_sid) 
-values ('8919e0dc-4d69-4de5-be56-a121598d9093', '12c80508-edf9-4b22-8d09-55abd02648eb', 'ffbc342a-546a-11ed-bdc3-0242ac120002');
-insert into user_permissions (user_permissions_sid, user_sid, permission_sid) 
-values ('d6fdf064-0a65-4b17-8b10-5500e956a159', '12c80508-edf9-4b22-8d09-55abd02648eb', 'ffbc3a10-546a-11ed-bdc3-0242ac120002');
-insert into user_permissions (user_permissions_sid, user_sid, permission_sid) 
-values ('f68185dd-0486-4767-a77d-a0b84c1b236e' ,'12c80508-edf9-4b22-8d09-55abd02648eb', 'ffbc3c5e-546a-11ed-bdc3-0242ac120002');

db/jambones-sql.sql

@@ -1,4 +1,5 @@
 /* SQLEditor (MySQL (2))*/
+
 SET FOREIGN_KEY_CHECKS=0;
 
 DROP TABLE IF EXISTS account_static_ips;
@@ -15,8 +16,6 @@ DROP TABLE IF EXISTS call_routes;
 
 DROP TABLE IF EXISTS dns_records;
 
-DROP TABLE IF EXISTS lcr;
-
 DROP TABLE IF EXISTS lcr_carrier_set_entry;
 
 DROP TABLE IF EXISTS lcr_routes;
@@ -53,8 +52,6 @@ DROP TABLE IF EXISTS smpp_addresses;
 
 DROP TABLE IF EXISTS speech_credentials;
 
-DROP TABLE IF EXISTS system_information;
-
 DROP TABLE IF EXISTS users;
 
 DROP TABLE IF EXISTS smpp_gateways;
@@ -139,23 +136,11 @@ PRIMARY KEY (dns_record_sid)
 CREATE TABLE lcr_routes
 (
 lcr_route_sid CHAR(36),
-lcr_sid CHAR(36) NOT NULL,
 regex VARCHAR(32) NOT NULL COMMENT 'regex-based pattern match against dialed number, used for LCR routing of PSTN calls',
 description VARCHAR(1024),
-priority INTEGER NOT NULL COMMENT 'lower priority routes are attempted first',
+priority INTEGER NOT NULL UNIQUE  COMMENT 'lower priority routes are attempted first',
 PRIMARY KEY (lcr_route_sid)
-) COMMENT='An ordered list of  digit patterns in an LCR table.  The patterns are tested in sequence until one matches';
-
-CREATE TABLE lcr
-(
-lcr_sid CHAR(36) NOT NULL UNIQUE ,
-name VARCHAR(64) COMMENT 'User-assigned name for this LCR table',
-is_active BOOLEAN NOT NULL DEFAULT 1,
-default_carrier_set_entry_sid CHAR(36) COMMENT 'default carrier/route to use when no digit match based results are found.',
-service_provider_sid CHAR(36),
-account_sid CHAR(36),
-PRIMARY KEY (lcr_sid)
-) COMMENT='An LCR (least cost routing) table that is used by a service provider or account to make decisions about routing outbound calls when multiple carriers are available.';
+) COMMENT='Least cost routing table';
 
 CREATE TABLE password_settings
 (
@@ -263,10 +248,7 @@ CREATE TABLE sbc_addresses
 sbc_address_sid CHAR(36) NOT NULL UNIQUE ,
 ipv4 VARCHAR(255) NOT NULL,
 port INTEGER NOT NULL DEFAULT 5060,
-tls_port INTEGER,
-wss_port INTEGER,
 service_provider_sid CHAR(36),
-last_updated DATETIME,
 PRIMARY KEY (sbc_address_sid)
 );
 
@@ -325,13 +307,6 @@ created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
 PRIMARY KEY (speech_credential_sid)
 );
 
-CREATE TABLE system_information
-(
-domain_name VARCHAR(255),
-sip_domain_name VARCHAR(255),
-monitoring_domain_name VARCHAR(255)
-);
-
 CREATE TABLE users
 (
 user_sid CHAR(36) NOT NULL UNIQUE ,
@@ -382,7 +357,6 @@ smpp_inbound_password VARCHAR(64),
 register_from_user VARCHAR(128),
 register_from_domain VARCHAR(255),
 register_public_ip_in_contact BOOLEAN NOT NULL DEFAULT false,
-register_status VARCHAR(4096),
 PRIMARY KEY (voip_carrier_sid)
 ) COMMENT='A Carrier or customer PBX that can send or receive calls';
 
@@ -429,7 +403,6 @@ inbound BOOLEAN NOT NULL COMMENT 'if true, whitelist this IP to allow inbound ca
 outbound BOOLEAN NOT NULL COMMENT 'if true, include in least-cost routing when placing calls to the PSTN',
 voip_carrier_sid CHAR(36) NOT NULL,
 is_active BOOLEAN NOT NULL DEFAULT 1,
-protocol ENUM('udp','tcp','tls', 'tls/srtp') DEFAULT 'udp' COMMENT 'Outbound call protocol',
 PRIMARY KEY (sip_gateway_sid)
 ) COMMENT='A whitelisted sip gateway used for origination/termination';
 
@@ -529,14 +502,6 @@ ALTER TABLE call_routes ADD FOREIGN KEY application_sid_idxfk (application_sid)
 CREATE INDEX dns_record_sid_idx ON dns_records (dns_record_sid);
 ALTER TABLE dns_records ADD FOREIGN KEY account_sid_idxfk_4 (account_sid) REFERENCES accounts (account_sid);
 
-CREATE INDEX lcr_sid_idx ON lcr_routes (lcr_sid);
-ALTER TABLE lcr_routes ADD FOREIGN KEY lcr_sid_idxfk (lcr_sid) REFERENCES lcr (lcr_sid);
-
-CREATE INDEX lcr_sid_idx ON lcr (lcr_sid);
-ALTER TABLE lcr ADD FOREIGN KEY default_carrier_set_entry_sid_idxfk (default_carrier_set_entry_sid) REFERENCES lcr_carrier_set_entry (lcr_carrier_set_entry_sid);
-
-CREATE INDEX service_provider_sid_idx ON lcr (service_provider_sid);
-CREATE INDEX account_sid_idx ON lcr (account_sid);
 CREATE INDEX permission_sid_idx ON permissions (permission_sid);
 CREATE INDEX predefined_carrier_sid_idx ON predefined_carriers (predefined_carrier_sid);
 CREATE INDEX predefined_sip_gateway_sid_idx ON predefined_sip_gateways (predefined_sip_gateway_sid);
@@ -683,4 +648,4 @@ ALTER TABLE accounts ADD FOREIGN KEY device_calling_application_sid_idxfk (devic
 
 ALTER TABLE accounts ADD FOREIGN KEY siprec_hook_sid_idxfk (siprec_hook_sid) REFERENCES applications (application_sid);
 
-SET FOREIGN_KEY_CHECKS=1;
+SET FOREIGN_KEY_CHECKS=1;

db/seed-integration-test.sql

@@ -27,14 +27,6 @@ values ('2708b1b3-2736-40ea-b502-c53d8396247f', 'default service provider', 'sip
 insert into accounts (account_sid, service_provider_sid, name, webhook_secret) 
 values ('9351f46a-678c-43f5-b8a6-d4eb58d131af','2708b1b3-2736-40ea-b502-c53d8396247f', 'default account', 'wh_secret_cJqgtMDPzDhhnjmaJH6Mtk');
 
--- create account level api key
-insert into api_keys (api_key_sid, token, service_provider_sid) 
-values ('3f35518f-5a0d-4c2e-90a5-2407bb3b36fa', '38700987-c7a4-4685-a5bb-af378f9734da', '9351f46a-678c-43f5-b8a6-d4eb58d131af');
-
--- create SP level api key
-insert into api_keys (api_key_sid, token, account_sid) 
-values ('3f35518f-5a0d-4c2e-90a5-2407bb3b36fs', '38700987-c7a4-4685-a5bb-af378f9734ds', '2708b1b3-2736-40ea-b502-c53d8396247f');
-
 -- create two applications
 insert into webhooks(webhook_sid, url, method)
 values 
@@ -87,7 +79,6 @@ VALUES
 ('81a0c8cb-a33e-42da-8f20-99083da6f02f', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.252.254.64', 30, 5060, 1, 0),
 ('eeeef07a-46b8-4ffe-a4f2-04eb32ca889e', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.169.127.128', 30, 5060, 1, 0),
 ('fbb6c194-4b68-4dff-9b42-52412be1c39e', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '177.71.206.192', 30, 5060, 1, 0),
-('973e7824-0cf3-4645-88e4-d2460ddb8577', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '168.86.128.0', 18, 5060, 1, 0),
 ('3ed1dd12-e1a7-44ff-811a-3cc5dc13dc72', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '<your-domain>.pstn.twilio.com', 32, 5060, 0, 1);
 
 -- voxbone gateways

db/seed-production-database-open-source.sql

@@ -76,7 +76,6 @@ VALUES
 ('81a0c8cb-a33e-42da-8f20-99083da6f02f', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.252.254.64', 30, 5060, 1, 0),
 ('eeeef07a-46b8-4ffe-a4f2-04eb32ca889e', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.169.127.128', 30, 5060, 1, 0),
 ('fbb6c194-4b68-4dff-9b42-52412be1c39e', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '177.71.206.192', 30, 5060, 1, 0),
-('973e7824-0cf3-4645-88e4-d2460ddb8577', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '168.86.128.0', 18, 5060, 1, 0),
 ('3ed1dd12-e1a7-44ff-811a-3cc5dc13dc72', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '<your-domain>.pstn.twilio.com', 32, 5060, 0, 1);
 
 -- voxbone gateways

db/seed-production-database.sql

@@ -53,7 +53,6 @@ VALUES
 ('81a0c8cb-a33e-42da-8f20-99083da6f02f', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.252.254.64', 30, 5060, 1, 0),
 ('eeeef07a-46b8-4ffe-a4f2-04eb32ca889e', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '54.169.127.128', 30, 5060, 1, 0),
 ('fbb6c194-4b68-4dff-9b42-52412be1c39e', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '177.71.206.192', 30, 5060, 1, 0),
-('973e7824-0cf3-4645-88e4-d2460ddb8577', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '168.86.128.0', 18, 5060, 1, 0),
 ('3ed1dd12-e1a7-44ff-811a-3cc5dc13dc72', '7d509a18-bbff-4c5d-b21e-b99bf8f8c49a', '<your-domain>.pstn.twilio.com', 32, 5060, 0, 1);
 
 -- voxbone gateways

db/upgrade-jambonz-db.js

@@ -87,57 +87,6 @@ const sql = {
     'ALTER TABLE user_permissions ADD FOREIGN KEY user_sid_idxfk (user_sid) REFERENCES users (user_sid) ON DELETE CASCADE',
     'ALTER TABLE user_permissions ADD FOREIGN KEY permission_sid_idxfk (permission_sid) REFERENCES permissions (permission_sid)',
     'ALTER TABLE `users` ADD COLUMN `is_active` BOOLEAN NOT NULL default true',
-  ],
-  8003: [
-    'SET FOREIGN_KEY_CHECKS=0',
-    'ALTER TABLE `voip_carriers` ADD COLUMN `register_status` VARCHAR(4096)',
-    'ALTER TABLE `sbc_addresses` ADD COLUMN `last_updated` DATETIME',
-    'ALTER TABLE `sbc_addresses` ADD COLUMN `tls_port` INTEGER',
-    'ALTER TABLE `sbc_addresses` ADD COLUMN `wss_port` INTEGER',
-    `CREATE TABLE system_information
-    (
-    domain_name VARCHAR(255),
-    sip_domain_name VARCHAR(255),
-    monitoring_domain_name VARCHAR(255)
-    )`,
-    'DROP TABLE IF EXISTS `lcr_routes`',
-    'DROP TABLE IF EXISTS `lcr_carrier_set_entry`',
-    `CREATE TABLE lcr_routes
-    (
-    lcr_route_sid CHAR(36),
-    lcr_sid CHAR(36) NOT NULL,
-    regex VARCHAR(32) NOT NULL COMMENT 'regex-based pattern match against dialed number, used for LCR routing of PSTN calls',
-    description VARCHAR(1024),
-    priority INTEGER NOT NULL COMMENT 'lower priority routes are attempted first',
-    PRIMARY KEY (lcr_route_sid)
-    )`,
-    `CREATE TABLE lcr
-    (
-    lcr_sid CHAR(36) NOT NULL UNIQUE ,
-    name VARCHAR(64) COMMENT 'User-assigned name for this LCR table',
-    is_active BOOLEAN NOT NULL DEFAULT 1,
-    default_carrier_set_entry_sid CHAR(36) COMMENT 'default carrier/route to use when no digit match based results are found.',
-    service_provider_sid CHAR(36),
-    account_sid CHAR(36),
-    PRIMARY KEY (lcr_sid)
-    )`,
-    `CREATE TABLE lcr_carrier_set_entry
-    (
-    lcr_carrier_set_entry_sid CHAR(36),
-    workload INTEGER NOT NULL DEFAULT 1 COMMENT 'represents a proportion of traffic to send through the associated carrier; can be used for load balancing traffic across carriers with a common priority for a destination',
-    lcr_route_sid CHAR(36) NOT NULL,
-    voip_carrier_sid CHAR(36) NOT NULL,
-    priority INTEGER NOT NULL DEFAULT 0 COMMENT 'lower priority carriers are attempted first',
-    PRIMARY KEY (lcr_carrier_set_entry_sid)
-    )`,
-    'CREATE INDEX lcr_sid_idx ON lcr_routes (lcr_sid)',
-    'ALTER TABLE lcr_routes ADD FOREIGN KEY lcr_sid_idxfk (lcr_sid) REFERENCES lcr (lcr_sid)',
-    'CREATE INDEX lcr_sid_idx ON lcr (lcr_sid)',
-    'ALTER TABLE lcr ADD FOREIGN KEY default_carrier_set_entry_sid_idxfk (default_carrier_set_entry_sid) REFERENCES lcr_carrier_set_entry (lcr_carrier_set_entry_sid)',
-    'CREATE INDEX service_provider_sid_idx ON lcr (service_provider_sid)',
-    'CREATE INDEX account_sid_idx ON lcr (account_sid)',
-    'ALTER TABLE lcr_carrier_set_entry ADD FOREIGN KEY lcr_route_sid_idxfk (lcr_route_sid) REFERENCES lcr_routes (lcr_route_sid)',
-    'ALTER TABLE lcr_carrier_set_entry ADD FOREIGN KEY voip_carrier_sid_idxfk_3 (voip_carrier_sid) REFERENCES voip_carriers (voip_carrier_sid)',
   ]
 };
 
@@ -167,7 +116,6 @@ const doIt = async() => {
         if (val < 7006) upgrades.push(...sql['7006']);
         if (val < 7007) upgrades.push(...sql['7007']);
         if (val < 8000) upgrades.push(...sql['8000']);
-        if (val < 8003) upgrades.push(...sql['8003']);
 
         // perform all upgrades
         logger.info({upgrades}, 'applying schema upgrades..');

lib/auth/index.js

@@ -1,42 +1,41 @@
 const Strategy = require('passport-http-bearer').Strategy;
 const {getMysqlConnection} = require('../db');
+const {hashString} = require('../utils/password-utils');
 const debug = require('debug')('jambonz:api-server');
-const {cacheClient} = require('../helpers');
 const jwt = require('jsonwebtoken');
 const sql = `
   SELECT *
   FROM api_keys
   WHERE api_keys.token = ?`;
 
-function makeStrategy(logger) {
+function makeStrategy(logger, retrieveKey) {
   return new Strategy(
     async function(token, done) {
+      //logger.debug(`validating with token ${token}`);
       jwt.verify(token, process.env.JWT_SECRET, async(err, decoded) => {
         if (err) {
           if (err.name === 'TokenExpiredError') {
             logger.debug('jwt expired');
             return done(null, false);
           }
-          /* its not a jwt obtained through login, check api keys */
+          /* its not a jwt obtained through login, check api leys */
           checkApiTokens(logger, token, done);
         }
         else {
+          /* validated -- make sure it is not on blacklist */
           try {
-            const {user_sid} = decoded;
-            /* Valid jwt tokens are stored in redis by hashed user_id */
-            const redisKey = cacheClient.generateRedisKey('jwt', user_sid, 'v2');
-            const result = await cacheClient.get(redisKey);
-            if (result === null) {
-              debug(`result from searching for ${redisKey}: ${result}`);
+            const s = `jwt:${hashString(token)}`;
+            const result = await retrieveKey(s);
+            if (result) {
+              debug(`result from searching for ${s}: ${result}`);
               logger.info('jwt invalidated after logout');
               return done(null, false);
             }
-          } catch (error) {
+          } catch (err) {
             debug(err);
-            logger.info({err}, 'Error checking redis for jwt');
+            logger.info({err}, 'Error checking blacklist for jwt');
           }
-          const { user_sid, service_provider_sid, account_sid, email, name, scope, permissions } = decoded;
-
+          const {user_sid, service_provider_sid, account_sid, email, name, scope, permissions} = decoded;
           const user = {
             service_provider_sid,
             account_sid,
@@ -100,7 +99,7 @@ const checkApiTokens = (logger, token, done) => {
         hasServiceProviderAuth: scope === 'service_provider',
         hasAccountAuth: scope === 'account'
       };
-      logger.debug({user}, `successfully validated with scope ${scope}`);
+      logger.info(user, `successfully validated with scope ${scope}`);
       return done(null, user, {scope});
     });
   });

lib/helpers/cache-client.js

@@ -1,82 +0,0 @@
-const {
-  addKey: addKeyRedis,
-  deleteKey: deleteKeyRedis,
-  retrieveKey: retrieveKeyRedis,
-} = require('./realtimedb-helpers');
-const { hashString } = require('../utils/password-utils');
-const logger = require('../logger');
-
-class CacheClient {
-  constructor() { }
-
-  async set(params) {
-    const {
-      redisKey,
-      value = '1',
-      time = 3600,
-    } = params || {};
-
-    try {
-      await addKeyRedis(redisKey, value, time);
-
-    } catch (err) {
-      logger.error('CacheClient.get set', {
-        error: {
-          message: err.message,
-          name: err.name
-        },
-        ...params
-      });
-    }
-  }
-
-  async get(redisKey) {
-    try {
-      const result = await retrieveKeyRedis(redisKey);
-      return result;
-    } catch (err) {
-      logger.error('CacheClient.get error', {
-        error: {
-          message: err.message,
-          name: err.name
-        },
-        redisKey
-      });
-    }
-  }
-
-
-  async delete(key) {
-    try {
-      await deleteKeyRedis(key);
-      logger.debug('CacheClient.delete key from redis', { key });
-    } catch (err) {
-      logger.error('CacheClient.delete error', {
-        error: {
-          message: err.message,
-          name: err.name
-        },
-        key
-      });
-    }
-  }
-
-  generateRedisKey(type, key, version) {
-    let suffix = '';
-    if (version) {
-      suffix = `:version:${version}`;
-    }
-
-    switch (type) {
-      case 'reset-link':
-        return `reset-link:${key}`;
-      case 'jwt':
-      default:
-        return `jwt:${hashString(key)}${suffix}`;
-    }
-  }
-}
-
-const cacheClient = new CacheClient();
-
-module.exports = { cacheClient };

lib/helpers/index.js

@@ -1,4 +0,0 @@
-module.exports = {
-  ...require('./cache-client'),
-  ...require('./realtimedb-helpers'),
-};

lib/helpers/realtimedb-helpers.js

@@ -1,32 +0,0 @@
-const logger = require('../logger');
-
-const {
-  retrieveCall,
-  deleteCall,
-  listCalls,
-  listQueues,
-  purgeCalls,
-  retrieveSet,
-  addKey,
-  retrieveKey,
-  deleteKey,
-  incrKey,
-  client: redisClient,
-} = require('@jambonz/realtimedb-helpers')({
-  host: process.env.JAMBONES_REDIS_HOST || 'localhost',
-  port: process.env.JAMBONES_REDIS_PORT || 6379
-}, logger);
-
-module.exports = {
-  retrieveCall,
-  deleteCall,
-  listCalls,
-  listQueues,
-  purgeCalls,
-  retrieveSet,
-  addKey,
-  retrieveKey,
-  deleteKey,
-  redisClient,
-  incrKey
-};

lib/logger.js

@@ -1,11 +0,0 @@
-const opts = Object.assign({
-  timestamp: () => {
-    return `, "time": "${new Date().toISOString()}"`;
-  }
-}, {
-  level: process.env.JAMBONES_LOGLEVEL || 'info'
-});
-
-const logger = require('pino')(opts);
-
-module.exports = logger;

lib/middleware.js

@@ -1,32 +0,0 @@
-const logger = require('./logger');
-
-function delayLoginMiddleware(req, res, next) {
-  if (req.path.includes('/login') || req.path.includes('/signin')) {
-    const min = 200;
-    const max = 1000;
-    /* Random delay between 200 - 1000ms */
-    const sendStatusDelay = Math.floor(Math.random() * (max - min + 1)) + min;
-
-    /* the res.json take longer, we decrease the max delay slightly to 0-800ms */
-    const jsonDelay = Math.floor(Math.random() * 800);
-    logger.debug(`delayLoginMiddleware: sendStatus ${sendStatusDelay} - json ${jsonDelay}`);
-    const sendStatus = res.sendStatus;
-    const json = res.json;
-
-    res.sendStatus = function(status) {
-      setTimeout(() => {
-        sendStatus.call(res, status);
-      }, sendStatusDelay);
-    };
-    res.json = function(body) {
-      setTimeout(() => {
-        json.call(res, body);
-      }, jsonDelay);
-    };
-  }
-  next();
-}
-
-module.exports = {
-  delayLoginMiddleware
-};

lib/models/account.js

@@ -318,10 +318,6 @@ Account.fields = [
     name: 'siprec_hook_sid',
     type: 'string',
   },
-  {
-    name: 'lcr_sid',
-    type: 'string'
-  }
 ];
 
 module.exports = Account;

lib/models/lcr-carrier-set-entry.js

@@ -1,47 +0,0 @@
-const Model = require('./model');
-const {promisePool} = require('../db');
-
-class LcrCarrierSetEntry extends Model {
-  constructor() {
-    super();
-  }
-
-  static async retrieveAllByLcrRouteSid(sid) {
-    const sql = `SELECT * FROM ${this.table} WHERE lcr_route_sid = ? ORDER BY priority`;
-    const [rows] = await promisePool.query(sql, sid);
-    return rows;
-  }
-
-  static async deleteByLcrRouteSid(sid) {
-    const sql = `DELETE FROM ${this.table} WHERE lcr_route_sid = ?`;
-    const [rows] = await promisePool.query(sql, sid);
-    return rows.affectedRows;
-  }
-}
-
-LcrCarrierSetEntry.table = 'lcr_carrier_set_entry';
-LcrCarrierSetEntry.fields = [
-  {
-    name: 'lcr_carrier_set_entry_sid',
-    type: 'string',
-    primaryKey: true
-  },
-  {
-    name: 'workload',
-    type: 'number'
-  },
-  {
-    name: 'lcr_route_sid',
-    type: 'string'
-  },
-  {
-    name: 'voip_carrier_sid',
-    type: 'string'
-  },
-  {
-    name: 'priority',
-    type: 'number'
-  }
-];
-
-module.exports = LcrCarrierSetEntry;

lib/models/lcr-route.js

@@ -1,54 +0,0 @@
-const Model = require('./model');
-const {promisePool} = require('../db');
-
-
-class LcrRoutes extends Model {
-  constructor() {
-    super();
-  }
-
-  static async retrieveAllByLcrSid(sid) {
-    const sql = `SELECT * FROM ${this.table} WHERE lcr_sid = ? ORDER BY priority`;
-    const [rows] = await promisePool.query(sql, sid);
-    return rows;
-  }
-
-  static async deleteByLcrSid(sid) {
-    const sql = `DELETE FROM ${this.table} WHERE lcr_sid = ?`;
-    const [rows] = await promisePool.query(sql, sid);
-    return rows.affectedRows;
-  }
-
-  static async countAllByLcrSid(sid) {
-    const sql = `SELECT COUNT(*) AS count FROM ${this.table} WHERE lcr_sid = ?`;
-    const [rows] = await promisePool.query(sql, sid);
-    return rows.length ? rows[0].count : 0;
-  }
-}
-
-LcrRoutes.table = 'lcr_routes';
-LcrRoutes.fields = [
-  {
-    name: 'lcr_route_sid',
-    type: 'string',
-    primaryKey: true
-  },
-  {
-    name: 'lcr_sid',
-    type: 'string'
-  },
-  {
-    name: 'regex',
-    type: 'string'
-  },
-  {
-    name: 'description',
-    type: 'string'
-  },
-  {
-    name: 'priority',
-    type: 'number'
-  }
-];
-
-module.exports = LcrRoutes;

lib/models/lcr.js

@@ -1,54 +0,0 @@
-const Model = require('./model');
-const {promisePool} = require('../db');
-
-class Lcr extends Model {
-  constructor() {
-    super();
-  }
-
-  static async retrieveAllByAccountSid(account_sid) {
-    const sql = `SELECT * FROM ${this.table} WHERE account_sid = ?`;
-    const [rows] = await promisePool.query(sql, account_sid);
-    return rows;
-  }
-
-  static async retrieveAllByServiceProviderSid(sid) {
-    const sql = `SELECT * FROM ${this.table} WHERE service_provider_sid = ?`;
-    const [rows] = await promisePool.query(sql, sid);
-    return rows;
-  }
-
-  static async releaseDefaultEntry(sid) {
-    const sql = `UPDATE ${this.table} SET default_carrier_set_entry_sid = null WHERE lcr_sid = ?`;
-    const [rows] = await promisePool.query(sql, sid);
-    return rows;
-  }
-}
-
-Lcr.table = 'lcr';
-Lcr.fields = [
-  {
-    name: 'lcr_sid',
-    type: 'string',
-    primaryKey: true
-  },
-  {
-    name: 'name',
-    type: 'string',
-    required: true
-  },
-  {
-    name: 'account_sid',
-    type: 'string'
-  },
-  {
-    name: 'service_provider_sid',
-    type: 'string'
-  },
-  {
-    name: 'default_carrier_set_entry_sid',
-    type: 'string'
-  }
-];
-
-module.exports = Lcr;

lib/models/model.js

@@ -107,7 +107,7 @@ class Model extends Emitter {
       if (pk.name in obj) throw new DbErrorBadRequest(`primary key ${pk.name} is immutable`);
       getMysqlConnection((err, conn) => {
         if (err) return reject(err);
-        conn.query(`UPDATE ${this.table} SET ? WHERE ${pk.name} = ?`, [obj, sid], (err, results, fields) => {
+        conn.query(`UPDATE ${this.table} SET ? WHERE ${pk.name} = '${sid}'`, obj, (err, results, fields) => {
           conn.release();
           if (err) return reject(err);
           resolve(results.affectedRows);

lib/models/service-provider.js

@@ -89,10 +89,6 @@ ServiceProvider.fields = [
   {
     name: 'ms_teams_fqdn',
     type: 'string',
-  },
-  {
-    name: 'lcr_sid',
-    type: 'string'
   }
 
 ];

lib/models/sip-gateway.js

@@ -58,10 +58,6 @@ SipGateway.fields = [
   {
     name: 'application_sid',
     type: 'string'
-  },
-  {
-    name: 'protocol',
-    type: 'string'
   }
 ];
 

lib/models/system-information.js

@@ -1,38 +0,0 @@
-const Model = require('./model');
-const { promisePool } = require('../db');
-class SystemInformation extends Model {
-  constructor() {
-    super();
-  }
-
-  static async add(body) {
-    let [sysInfo] = await this.retrieveAll();
-    if (sysInfo) {
-      const sql = `UPDATE ${this.table} SET ?`;
-      await promisePool.query(sql, body);
-    } else {
-      const sql = `INSERT INTO ${this.table} SET ?`;
-      await promisePool.query(sql, body);
-    }
-    [sysInfo] = await this.retrieveAll();
-    return sysInfo;
-  }
-}
-
-SystemInformation.table = 'system_information';
-SystemInformation.fields = [
-  {
-    name: 'domain_name',
-    type: 'string',
-  },
-  {
-    name: 'sip_domain_name',
-    type: 'string',
-  },
-  {
-    name: 'monitoring_domain_name',
-    type: 'string',
-  },
-];
-
-module.exports = SystemInformation;

lib/models/voip-carrier.js

@@ -11,16 +11,10 @@ class VoipCarrier extends Model {
   static async retrieveAll(account_sid) {
     if (!account_sid) return super.retrieveAll();
     const [rows] = await promisePool.query(retrieveSql, account_sid);
-    if (rows) {
-      rows.map((r) => r.register_status = JSON.parse(r.register_status || '{}'));
-    }
     return rows;
   }
   static async retrieveAllForSP(service_provider_sid) {
     const [rows] = await promisePool.query(retrieveSqlForSP, service_provider_sid);
-    if (rows) {
-      rows.map((r) => r.register_status = JSON.parse(r.register_status || '{}'));
-    }
     return rows;
   }
 }
@@ -128,10 +122,6 @@ VoipCarrier.fields = [
   {
     name: 'register_public_ip_in_contact',
     type: 'number'
-  },
-  {
-    name: 'register_status',
-    type: 'string'
   }
 ];
 

lib/routes/api/accounts.js

@@ -12,14 +12,7 @@ const { v4: uuidv4 } = require('uuid');
 const snakeCase = require('../../utils/snake-case');
 const sysError = require('../error');
 const {promisePool} = require('../../db');
-const {
-  hasAccountPermissions,
-  parseAccountSid,
-  parseCallSid,
-  enableSubspace,
-  disableSubspace,
-  parseVoipCarrierSid
-} = require('./utils');
+const {hasAccountPermissions, parseAccountSid, enableSubspace, disableSubspace} = require('./utils');
 const short = require('short-uuid');
 const VoipCarrier = require('../../models/voip-carrier');
 const translator = short();
@@ -52,33 +45,18 @@ const stripPort = (hostport) => {
   return hostport;
 };
 
-const validateRequest = async(req, account_sid) => {
-  try {
-    if (req.user.hasScope('admin')) {
-      return;
-    }
-
-    if (req.user.hasScope('account')) {
-      if (account_sid === req.user.account_sid) {
-        return;
-      }
-
-      throw new DbErrorForbidden('insufficient permissions');
-    }
-
-    if (req.user.hasScope('service_provider')) {
-      const [r] = await promisePool.execute(
-        'SELECT service_provider_sid from accounts WHERE account_sid = ?', [account_sid]
-      );
-
-      if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) {
-        return;
-      }
-
-      throw new DbErrorForbidden('insufficient permissions');
-    }
-  } catch (error) {
-    throw error;
+const validateUpdateForCarrier = async(req) => {
+  const account_sid = parseAccountSid(req);
+  if (req.user.hasScope('admin')) return ;
+  if (req.user.hasScope('account')) {
+    if (account_sid === req.user.account_sid) return ;
+    throw new DbErrorForbidden('insufficient permissions to update account');
+  }
+  if (req.user.hasScope('service_provider')) {
+    const [r] = await promisePool.execute(
+      'SELECT service_provider_sid from accounts WHERE account_sid = ?', [account_sid]);
+    if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) return;
+    throw new DbErrorForbidden('insufficient permissions to update account');
   }
 };
 
@@ -93,7 +71,6 @@ router.get('/:sid/Applications', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
     const account_sid = parseAccountSid(req);
-    await validateRequest(req, account_sid);
     const results = await Application.retrieveAll(null, account_sid);
     res.status(200).json(results);
   } catch (err) {
@@ -104,7 +81,6 @@ router.get('/:sid/VoipCarriers', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
     const account_sid = parseAccountSid(req);
-    await validateRequest(req, account_sid);
     const results = await VoipCarrier.retrieveAll(account_sid);
     res.status(200).json(results);
   } catch (err) {
@@ -113,18 +89,13 @@ router.get('/:sid/VoipCarriers', async(req, res) => {
 });
 router.put('/:sid/VoipCarriers/:voip_carrier_sid', async(req, res) => {
   const logger = req.app.locals.logger;
-
   try {
-    const sid = parseVoipCarrierSid(req);
-    const account_sid = parseAccountSid(req);
-    await validateRequest(req, account_sid);
-
-    const rowsAffected = await VoipCarrier.update(sid, req.body);
+    await validateUpdateForCarrier(req);
+    const rowsAffected = await VoipCarrier.update(req.params.voip_carrier_sid, req.body);
     if (rowsAffected === 0) {
       return res.sendStatus(404);
     }
-
-    return res.status(204).end();
+    res.status(204).end();
   } catch (err) {
     sysError(logger, res, err);
   }
@@ -135,8 +106,6 @@ router.post('/:sid/VoipCarriers', async(req, res) => {
   const payload = req.body;
   try {
     const account_sid = parseAccountSid(req);
-    await validateRequest(req, account_sid);
-
     logger.debug({payload}, 'POST /:sid/VoipCarriers');
     const uuid = await VoipCarrier.make({
       account_sid,
@@ -246,7 +215,6 @@ function validateTo(to) {
   }
   throw new DbErrorBadRequest(`missing or invalid to property: ${JSON.stringify(to)}`);
 }
-
 async function validateCreateCall(logger, sid, req) {
   const {lookupAppBySid} = req.app.locals;
   const obj = req.body;
@@ -347,7 +315,7 @@ async function validateCreateMessage(logger, sid, req) {
 async function validateAdd(req) {
   /* account-level token can not be used to add accounts */
   if (req.user.hasAccountAuth) {
-    throw new DbErrorForbidden('insufficient permissions');
+    throw new DbErrorUnprocessableRequest('insufficient permissions to create accounts');
   }
   if (req.user.hasServiceProviderAuth && req.user.service_provider_sid) {
     /* service providers can only create accounts under themselves */
@@ -366,10 +334,9 @@ async function validateAdd(req) {
     throw new DbErrorBadRequest('\'queue_event_hook\' must be an object when adding an account');
   }
 }
-
 async function validateUpdate(req, sid) {
   if (req.user.hasAccountAuth && req.user.account_sid !== sid) {
-    throw new DbErrorForbidden('insufficient privileges');
+    throw new DbErrorUnprocessableRequest('insufficient privileges to update this account');
   }
   if (req.user.hasAccountAuth && req.body.sip_realm) {
     throw new DbErrorBadRequest('use POST /Accounts/:sid/sip_realm/:realm to set or change the sip realm');
@@ -377,23 +344,12 @@ async function validateUpdate(req, sid) {
 
   if (req.user.service_provider_sid && !req.user.hasScope('admin')) {
     const result = await Account.retrieve(sid);
-    if (!result || result.length === 0) {
-      throw new DbErrorBadRequest(`account not found for sid ${sid}`);
-    }
     if (result[0].service_provider_sid !== req.user.service_provider_sid) {
-      throw new DbErrorForbidden('insufficient privileges');
-    }
-  }
-  if (req.user.hasScope('admin')) {
-    /* check to be sure that the account_sid exists */
-    const result = await Account.retrieve(sid);
-    if (!result || result.length === 0) {
-      throw new DbErrorBadRequest(`account not found for sid ${sid}`);
+      throw new DbErrorUnprocessableRequest('cannot update account from different service provider');
     }
   }
   if (req.body.service_provider_sid) throw new DbErrorBadRequest('service_provider_sid may not be modified');
 }
-
 async function validateDelete(req, sid) {
   if (req.user.hasAccountAuth && req.user.account_sid !== sid) {
     throw new DbErrorUnprocessableRequest('insufficient privileges to update this account');
@@ -401,11 +357,12 @@ async function validateDelete(req, sid) {
   if (req.user.service_provider_sid && !req.user.hasScope('admin')) {
     const result = await Account.retrieve(sid);
     if (result[0].service_provider_sid !== req.user.service_provider_sid) {
-      throw new DbErrorForbidden('insufficient privileges');
+      throw new DbErrorUnprocessableRequest('cannot delete account from different service provider');
     }
   }
 }
 
+
 /* add */
 router.post('/', async(req, res) => {
   const logger = req.app.locals.logger;
@@ -447,11 +404,8 @@ router.get('/', async(req, res) => {
 router.get('/:sid', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const account_sid = parseAccountSid(req);
-    await validateRequest(req, account_sid);
-
     const service_provider_sid = req.user.hasServiceProviderAuth ? req.user.service_provider_sid : null;
-    const results = await Account.retrieve(account_sid, service_provider_sid);
+    const results = await Account.retrieve(req.params.sid, service_provider_sid);
     if (results.length === 0) return res.status(404).end();
     return res.status(200).json(results[0]);
   }
@@ -463,15 +417,13 @@ router.get('/:sid', async(req, res) => {
 router.get('/:sid/WebhookSecret', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const account_sid = parseAccountSid(req);
-    await validateRequest(req, account_sid);
     const service_provider_sid = req.user.hasServiceProviderAuth ? req.user.service_provider_sid : null;
-    const results = await Account.retrieve(account_sid, service_provider_sid);
+    const results = await Account.retrieve(req.params.sid, service_provider_sid);
     if (results.length === 0) return res.status(404).end();
     let {webhook_secret} = results[0];
     if (req.query.regenerate) {
       const secret = `wh_secret_${translator.generate()}`;
-      await Account.update(account_sid, {webhook_secret: secret});
+      await Account.update(req.params.sid, {webhook_secret: secret});
       webhook_secret = secret;
     }
     return res.status(200).json({webhook_secret});
@@ -484,9 +436,8 @@ router.get('/:sid/WebhookSecret', async(req, res) => {
 router.post('/:sid/SubspaceTeleport', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const account_sid = parseAccountSid(req);
     const service_provider_sid = req.user.hasServiceProviderAuth ? req.user.service_provider_sid : null;
-    const results = await Account.retrieve(account_sid, service_provider_sid);
+    const results = await Account.retrieve(req.params.sid, service_provider_sid);
     if (results.length === 0) return res.status(404).end();
     const {subspace_client_id, subspace_client_secret} = results[0];
     const {destination} = req.body;
@@ -499,7 +450,7 @@ router.post('/:sid/SubspaceTeleport', async(req, res) => {
       destination: dest
     });
     logger.info({destination, teleport}, 'SubspaceTeleport - create teleport');
-    await Account.update(account_sid, {
+    await Account.update(req.params.sid, {
       subspace_sip_teleport_id: teleport.id,
       subspace_sip_teleport_destinations: JSON.stringify(teleport.teleport_entry_points)//hacky
     });
@@ -517,14 +468,13 @@ router.post('/:sid/SubspaceTeleport', async(req, res) => {
 router.delete('/:sid/SubspaceTeleport', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const account_sid = parseAccountSid(req);
     const service_provider_sid = req.user.hasServiceProviderAuth ? req.user.service_provider_sid : null;
-    const results = await Account.retrieve(account_sid, service_provider_sid);
+    const results = await Account.retrieve(req.params.sid, service_provider_sid);
     if (results.length === 0) return res.status(404).end();
     const {subspace_client_id, subspace_client_secret, subspace_sip_teleport_id} = results[0];
 
     await disableSubspace({subspace_client_id, subspace_client_secret, subspace_sip_teleport_id});
-    await Account.update(account_sid, {
+    await Account.update(req.params.sid, {
       subspace_sip_teleport_id: null,
       subspace_sip_teleport_destinations: null
     });
@@ -535,14 +485,11 @@ router.delete('/:sid/SubspaceTeleport', async(req, res) => {
   }
 });
 
-/**
- * update
- */
+/* update */
 router.put('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
-    const sid = parseAccountSid(req);
-    await validateRequest(req, sid);
 
     // create webhooks if provided
     const obj = Object.assign({}, req.body);
@@ -602,14 +549,12 @@ router.put('/:sid', async(req, res) => {
 
 /* delete */
 router.delete('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   const sqlDeleteGateways = `DELETE from sip_gateways 
     WHERE voip_carrier_sid IN
     (SELECT voip_carrier_sid from voip_carriers where account_sid = ?)`;
-
   try {
-    const sid = parseAccountSid(req);
-    await validateRequest(req, sid);
     await validateDelete(req, sid);
 
     const [account] = await promisePool.query('SELECT * FROM accounts WHERE account_sid = ?', sid);
@@ -673,19 +618,13 @@ account_subscriptions WHERE account_sid = ?)
   }
 });
 
-/**
- * retrieve account level api keys
- */
+/* retrieve account level api keys */
 router.get('/:sid/ApiKeys', async(req, res) => {
   const logger = req.app.locals.logger;
-
   try {
-    const sid = parseAccountSid(req);
-    await validateRequest(req, sid);
-
-    const results = await ApiKey.retrieveAll(sid);
+    const results = await ApiKey.retrieveAll(req.params.sid);
     res.status(200).json(results);
-    updateLastUsed(logger, sid, req).catch((err) => {});
+    updateLastUsed(logger, req.params.sid, req).catch((err) => {});
   } catch (err) {
     sysError(logger, res, err);
   }
@@ -695,40 +634,36 @@ router.get('/:sid/ApiKeys', async(req, res) => {
  * create a new Call
  */
 router.post('/:sid/Calls', async(req, res) => {
-  const {retrieveSet, logger} = req.app.locals;
+  const sid = req.params.sid;
   const setName = `${(process.env.JAMBONES_CLUSTER_ID || 'default')}:active-fs`;
+  const {retrieveSet, logger} = req.app.locals;
+
   const serviceUrl = await getFsUrl(logger, retrieveSet, setName);
-
   if (!serviceUrl) {
-    return res.status(480).json({msg: 'no available feature servers at this time'});
-  }
-
-  try {
-    const sid = parseAccountSid(req);
-    await validateRequest(req, sid);
-
-    await validateCreateCall(logger, sid, req);
-    updateLastUsed(logger, sid, req).catch((err) => {});
-    request({
-      url: serviceUrl,
-      method: 'POST',
-      json: true,
-      body: Object.assign(req.body, {account_sid: sid})
-    }, (err, response, body) => {
-      if (err) {
-        logger.error(err, `Error sending createCall POST to ${serviceUrl}`);
-        return res.sendStatus(500);
-      }
-
-      if (response.statusCode !== 201) {
-        logger.error({statusCode: response.statusCode}, `Non-success response returned by createCall ${serviceUrl}`);
-        return res.sendStatus(500);
-      }
-
-      return res.status(201).json(body);
-    });
-  } catch (err) {
-    sysError(logger, res, err);
+    res.status(480).json({msg: 'no available feature servers at this time'});
+  } else {
+    try {
+      await validateCreateCall(logger, sid, req);
+      updateLastUsed(logger, sid, req).catch((err) => {});
+      request({
+        url: serviceUrl,
+        method: 'POST',
+        json: true,
+        body: Object.assign(req.body, {account_sid: sid})
+      }, (err, response, body) => {
+        if (err) {
+          logger.error(err, `Error sending createCall POST to ${serviceUrl}`);
+          return res.sendStatus(500);
+        }
+        if (response.statusCode !== 201) {
+          logger.error({statusCode: response.statusCode}, `Non-success response returned by createCall ${serviceUrl}`);
+          return res.sendStatus(500);
+        }
+        res.status(201).json(body);
+      });
+    } catch (err) {
+      sysError(logger, res, err);
+    }
   }
 });
 
@@ -736,18 +671,11 @@ router.post('/:sid/Calls', async(req, res) => {
  * retrieve info for a group of calls under an account
  */
 router.get('/:sid/Calls', async(req, res) => {
+  const accountSid = req.params.sid;
   const {logger, listCalls} = req.app.locals;
-  const {direction, from, to, callStatus} = req.query || {};
+
   try {
-    const accountSid = parseAccountSid(req);
-    await validateRequest(req, accountSid);
-    const calls = await listCalls({
-      accountSid,
-      direction,
-      from,
-      to,
-      callStatus
-    });
+    const calls = await listCalls(accountSid);
     logger.debug(`retrieved ${calls.length} calls for account sid ${accountSid}`);
     res.status(200).json(coerceNumbers(snakeCase(calls)));
     updateLastUsed(logger, accountSid, req).catch((err) => {});
@@ -760,12 +688,11 @@ router.get('/:sid/Calls', async(req, res) => {
  * retrieve single call
  */
 router.get('/:sid/Calls/:callSid', async(req, res) => {
+  const accountSid = req.params.sid;
+  const callSid = req.params.callSid;
   const {logger, retrieveCall} = req.app.locals;
 
   try {
-    const accountSid = parseAccountSid(req);
-    await validateRequest(req, accountSid);
-    const callSid = parseCallSid(req);
     const callInfo = await retrieveCall(accountSid, callSid);
     if (callInfo) {
       logger.debug(callInfo, `retrieved call info for call sid ${callSid}`);
@@ -785,12 +712,11 @@ router.get('/:sid/Calls/:callSid', async(req, res) => {
  * delete call
  */
 router.delete('/:sid/Calls/:callSid', async(req, res) => {
+  const accountSid = req.params.sid;
+  const callSid = req.params.callSid;
   const {logger, deleteCall} = req.app.locals;
 
   try {
-    const accountSid = parseAccountSid(req);
-    await validateRequest(req, accountSid);
-    const callSid = parseCallSid(req);
     const result = await deleteCall(accountSid, callSid);
     if (result) {
       logger.debug(`successfully deleted call ${callSid}`);
@@ -810,12 +736,11 @@ router.delete('/:sid/Calls/:callSid', async(req, res) => {
  * update a call
  */
 const updateCall = async(req, res) => {
+  const accountSid = req.params.sid;
+  const callSid = req.params.callSid;
   const {logger, retrieveCall} = req.app.locals;
 
   try {
-    const accountSid = parseAccountSid(req);
-    await validateRequest(req, accountSid);
-    const callSid = parseCallSid(req);
     validateUpdateCall(req.body);
     const call = await retrieveCall(accountSid, callSid);
     if (call) {
@@ -842,7 +767,6 @@ const updateCall = async(req, res) => {
 router.post('/:sid/Calls/:callSid', async(req, res) => {
   await updateCall(req, res);
 });
-
 router.put('/:sid/Calls/:callSid', async(req, res) => {
   await updateCall(req, res);
 });
@@ -851,13 +775,11 @@ router.put('/:sid/Calls/:callSid', async(req, res) => {
  * create a new Message
  */
 router.post('/:sid/Messages', async(req, res) => {
+  const account_sid = parseAccountSid(req);
+  const setName = `${(process.env.JAMBONES_CLUSTER_ID || 'default')}:active-fs`;
   const {retrieveSet, logger} = req.app.locals;
 
   try {
-    const account_sid = parseAccountSid(req);
-    await validateRequest(req, account_sid);
-
-    const setName = `${(process.env.JAMBONES_CLUSTER_ID || 'default')}:active-fs`;
     const serviceUrl = await getFsUrl(logger, retrieveSet, setName);
     if (!serviceUrl) res.json({msg: 'no available feature servers at this time'}).status(480);
     await validateCreateMessage(logger, account_sid, req);
@@ -890,22 +812,4 @@ router.post('/:sid/Messages', async(req, res) => {
   }
 });
 
-/**
- * retrieve info for a group of queues under an account
- */
-router.get('/:sid/Queues', async(req, res) => {
-  const {logger, listQueues} = req.app.locals;
-  const { search } = req.query || {};
-  try {
-    const accountSid = parseAccountSid(req);
-    await validateRequest(req, accountSid);
-    const queues = search ? await listQueues(accountSid, search) : await listQueues(accountSid);
-    logger.debug(`retrieved ${queues.length} queues for account sid ${accountSid}`);
-    res.status(200).json(queues);
-    updateLastUsed(logger, accountSid, req).catch((err) => {});
-  } catch (err) {
-    sysError(logger, res, err);
-  }
-});
-
 module.exports = router;

lib/routes/api/add-from-predefined-carrier.js

@@ -24,13 +24,13 @@ router.post('/:sid', async(req, res) => {
   let service_provider_sid;
   const {account_sid} = req.user;
 
-  try {
-    if (!account_sid) {
-      service_provider_sid = parseServiceProviderSid(req);
-    } else {
-      service_provider_sid = req.user.service_provider_sid;
-    }
+  if (!account_sid) {
+    service_provider_sid = parseServiceProviderSid(req);
+  } else {
+    service_provider_sid = req.user.service_provider_sid;
+  }
 
+  try {
     const [template] = await PredefinedCarrier.retrieve(sid);
     logger.debug({template}, `Retrieved template carrier for sid ${sid}`);
     if (!template) return res.sendStatus(404);

lib/routes/api/alerts.js

@@ -1,13 +1,17 @@
 const router = require('express').Router();
 const sysError = require('../error');
 const {DbErrorBadRequest} = require('../../utils/errors');
-const { parseServiceProviderSid } = require('./utils');
 
 const parseAccountSid = (url) => {
   const arr = /Accounts\/([^\/]*)/.exec(url);
   if (arr) return arr[1];
 };
 
+const parseServiceProviderSid = (url) => {
+  const arr = /ServiceProviders\/([^\/]*)/.exec(url);
+  if (arr) return arr[1];
+};
+
 router.get('/', async(req, res) => {
   const {logger, queryAlerts, queryAlertsSP} = req.app.locals;
   try {

lib/routes/api/applications.js

@@ -1,48 +1,17 @@
 const router = require('express').Router();
-const {DbErrorBadRequest, DbErrorUnprocessableRequest, DbErrorForbidden} = require('../../utils/errors');
+const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/errors');
 const Application = require('../../models/application');
 const Account = require('../../models/account');
 const Webhook = require('../../models/webhook');
 const {promisePool} = require('../../db');
 const decorate = require('./decorate');
 const sysError = require('../error');
-const { validate } = require('@jambonz/verb-specifications');
-const { parseApplicationSid } = require('./utils');
+const jambonzAppJsonValidator = require('../../utils/jambonz-app-json-validation');
 const preconditions = {
   'add': validateAdd,
   'update': validateUpdate
 };
 
-const validateRequest = async(req, account_sid) => {
-  try {
-    if (req.user.hasScope('admin')) {
-      return;
-    }
-
-    if (req.user.hasScope('account')) {
-      if (account_sid === req.user.account_sid) {
-        return;
-      }
-
-      throw new DbErrorForbidden('insufficient permissions');
-    }
-
-    if (req.user.hasScope('service_provider')) {
-      const [r] = await promisePool.execute(
-        'SELECT service_provider_sid from accounts WHERE account_sid = ?', [account_sid]
-      );
-
-      if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) {
-        return;
-      }
-
-      throw new DbErrorForbidden('insufficient permissions');
-    }
-  } catch (error) {
-    throw error;
-  }
-};
-
 /* only user-level tokens can add applications */
 async function validateAdd(req) {
   if (req.user.account_sid) {
@@ -53,7 +22,7 @@ async function validateAdd(req) {
     if (!req.body.account_sid) throw new DbErrorBadRequest('missing required field: \'account_sid\'');
     const result = await Account.retrieve(req.body.account_sid, req.user.service_provider_sid);
     if (result.length === 0) {
-      throw new DbErrorForbidden('insufficient privileges');
+      throw new DbErrorBadRequest('insufficient privileges to create an application under the specified account');
     }
   }
   if (req.body.call_hook && typeof req.body.call_hook !== 'object') {
@@ -65,26 +34,12 @@ async function validateAdd(req) {
 }
 
 async function validateUpdate(req, sid) {
-  const app = await Application.retrieve(sid);
-  if (req.user.hasAccountAuth) {
-    if (!app || 0 === app.length || app[0].account_sid !== req.user.account_sid) {
-      throw new DbErrorForbidden('insufficient privileges');
+  if (req.user.account_sid) {
+    const app = await Application.retrieve(sid);
+    if (!app || !app.length || app[0].account_sid !== req.user.account_sid) {
+      throw new DbErrorBadRequest('you may not update or delete an application associated with a different account');
     }
   }
-
-  if (req.user.hasServiceProviderAuth) {
-    const [r] = await promisePool.execute(
-      'SELECT service_provider_sid from accounts WHERE account_sid = ?', [app[0].account_sid]
-    );
-
-    if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) {
-      return;
-    }
-
-    throw new DbErrorForbidden('insufficient permissions');
-  }
-
-
   if (req.body.call_hook && typeof req.body.call_hook !== 'object') {
     throw new DbErrorBadRequest('\'call_hook\' must be an object when updating an application');
   }
@@ -94,24 +49,13 @@ async function validateUpdate(req, sid) {
 }
 
 async function validateDelete(req, sid) {
-  const result = await Application.retrieve(sid);
   if (req.user.hasAccountAuth) {
+    const result = await Application.retrieve(sid);
     if (!result || 0 === result.length) throw new DbErrorBadRequest('application does not exist');
     if (result[0].account_sid !== req.user.account_sid) {
-      throw new DbErrorUnprocessableRequest('insufficient permissions');
+      throw new DbErrorUnprocessableRequest('cannot delete application owned by a different account');
     }
   }
-  if (req.user.hasServiceProviderAuth) {
-    const [r] = await promisePool.execute(
-      'SELECT service_provider_sid from accounts WHERE account_sid = ?', [result[0].account_sid]
-    );
-
-    if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) {
-      return;
-    }
-
-    throw new DbErrorForbidden('insufficient permissions');
-  }
   const assignedPhoneNumbers = await Application.getForeignKeyReferences('phone_numbers.application_sid', sid);
   if (assignedPhoneNumbers > 0) throw new DbErrorUnprocessableRequest('cannot delete application with phone numbers');
 }
@@ -136,11 +80,7 @@ router.post('/', async(req, res) => {
     // validate app json if required
     if (obj['app_json']) {
       const app_json = JSON.parse(obj['app_json']);
-      try {
-        validate(logger, app_json);
-      } catch (err) {
-        throw new DbErrorBadRequest(err);
-      }
+      jambonzAppJsonValidator(logger, app_json);
     }
 
     const uuid = await Application.make(obj);
@@ -167,12 +107,10 @@ router.get('/', async(req, res) => {
 router.get('/:sid', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const application_sid = parseApplicationSid(req);
     const service_provider_sid = req.user.hasServiceProviderAuth ? req.user.service_provider_sid : null;
     const account_sid = req.user.hasAccountAuth ? req.user.account_sid : null;
-    const results = await Application.retrieve(application_sid, service_provider_sid, account_sid);
+    const results = await Application.retrieve(req.params.sid, service_provider_sid, account_sid);
     if (results.length === 0) return res.status(404).end();
-    await validateRequest(req, results[0].account_sid);
     return res.status(200).json(results[0]);
   }
   catch (err) {
@@ -182,9 +120,9 @@ router.get('/:sid', async(req, res) => {
 
 /* delete */
 router.delete('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
-    const sid = parseApplicationSid(req);
     await validateDelete(req, sid);
 
     const [application] = await promisePool.query('SELECT * FROM applications WHERE application_sid = ?', sid);
@@ -223,9 +161,9 @@ router.delete('/:sid', async(req, res) => {
 
 /* update */
 router.put('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
-    const sid = parseApplicationSid(req);
     await validateUpdate(req, sid);
 
     // create webhooks if provided
@@ -251,11 +189,7 @@ router.put('/:sid', async(req, res) => {
     // validate app json if required
     if (obj['app_json']) {
       const app_json = JSON.parse(obj['app_json']);
-      try {
-        validate(logger, app_json);
-      } catch (err) {
-        throw new DbErrorBadRequest(err);
-      }
+      jambonzAppJsonValidator(logger, app_json);
     }
 
     const rowsAffected = await Application.update(sid, obj);

lib/routes/api/change-password.js

@@ -1,15 +1,15 @@
 const router = require('express').Router();
+//const debug = require('debug')('jambonz:api-server');
 const {DbErrorBadRequest} = require('../../utils/errors');
 const {generateHashedPassword, verifyPassword} = require('../../utils/password-utils');
 const {promisePool} = require('../../db');
-const {cacheClient} = require('../../helpers');
 const sysError = require('../error');
 const sqlUpdatePassword = `UPDATE users 
 SET hashed_password= ? 
 WHERE user_sid = ?`;
 
 router.post('/', async(req, res) => {
-  const {logger} = req.app.locals;
+  const {logger, retrieveKey, deleteKey} = req.app.locals;
   const {user_sid} = req.user;
   const {old_password, new_password} = req.body;
   try {
@@ -26,10 +26,10 @@ router.post('/', async(req, res) => {
 
       const isCorrect = await verifyPassword(r[0].hashed_password, old_password);
       if (!isCorrect) {
-        const key = cacheClient.generateRedisKey('reset-link', old_password);
-        const user_sid = await cacheClient.get(key);
+        const key = `reset-link:${old_password}`;
+        const user_sid = await retrieveKey(key);
         if (!user_sid) throw new DbErrorBadRequest('old_password is incorrect');
-        await cacheClient.delete(key);
+        await deleteKey(key);
       }
     }
 
@@ -42,9 +42,6 @@ router.post('/', async(req, res) => {
     sysError(logger, res, err);
     return;
   }
-
-  const redisKey = cacheClient.generateRedisKey('jwt', user_sid, 'v2');
-  await cacheClient.delete(redisKey);
 });
 
 module.exports = router;

lib/routes/api/error.js

@@ -1,10 +1,6 @@
-const { BadRequestError, DbErrorBadRequest, DbErrorUnprocessableRequest } = require('../../utils/errors');
+const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/errors');
 
 function sysError(logger, res, err) {
-  if (err instanceof BadRequestError) {
-    logger.info(err, err.message);
-    return res.status(400).json({msg: 'Bad request'});
-  }
   if (err instanceof DbErrorBadRequest) {
     logger.info(err, 'invalid client request');
     return res.status(400).json({msg: err.message});

lib/routes/api/forgot-password.js

@@ -4,7 +4,6 @@ const short = require('short-uuid');
 const translator = short();
 const {validateEmail, emailSimpleText} = require('../../utils/email-utils');
 const {promisePool} = require('../../db');
-const {cacheClient} = require('../../helpers');
 const sysError = require('../error');
 const sql = `SELECT * from users user 
 LEFT JOIN accounts AS acc 
@@ -46,7 +45,6 @@ function createResetEmailText(link) {
 router.post('/', async(req, res) => {
   const {logger, addKey} = req.app.locals;
   const {email} = req.body;
-
   let obj;
   try {
     if (!email || !validateEmail(email)) {
@@ -55,16 +53,11 @@ router.post('/', async(req, res) => {
 
     const [r] = await promisePool.query({sql, nestTables: true}, email);
     if (0 === r.length) {
-      logger.info('user not found');
-      return res.status(400).json({error: 'failed to reset your password'});
+      return res.status(400).json({error: 'email does not exist'});
     }
     obj = r[0];
-    if (!obj.user.is_active) {
-      logger.info(obj.user.name, 'user is inactive');
-      return res.status(400).json({error: 'failed to reset your password'});
-    } else if (obj.acc.account_sid !== null && !obj.acc.is_active) {
-      logger.info(obj.acc.account_sid, 'account is inactive');
-      return res.status(400).json({error: 'failed to reset your password'});
+    if (!obj.acc.is_active) {
+      return res.status(400).json({error: 'you may not reset the password of an inactive account'});
     }
     res.sendStatus(204);
   } catch (err) {
@@ -80,14 +73,10 @@ router.post('/', async(req, res) => {
   else {
     /* generate a link for this user to reset, send email */
     const link = translator.generate();
-    const redisKey = cacheClient.generateRedisKey('reset-link', link);
-    addKey(redisKey, obj.user.user_sid, 3600)
+    addKey(`reset-link:${link}`, obj.user.user_sid, 3600)
       .catch((err) => logger.error({err}, 'Error adding reset link to redis'));
     emailSimpleText(logger, email, 'Reset password request', createResetEmailText(link));
   }
-
-  const redisKey = cacheClient.generateRedisKey('jwt', obj.user.user_sid, 'v2');
-  await cacheClient.delete(redisKey);
 });
 
 module.exports = router;

lib/routes/api/index.js

@@ -16,7 +16,6 @@ const isAdminScope = (req, res, next) => {
 // };
 
 api.use('/BetaInviteCodes', isAdminScope, require('./beta-invite-codes'));
-api.use('/SystemInformation', isAdminScope, require('./system-information'));
 api.use('/ServiceProviders', require('./service-providers'));
 api.use('/VoipCarriers', require('./voip-carriers'));
 api.use('/Webhooks', require('./webhooks'));
@@ -46,10 +45,6 @@ api.use('/Invoices', require('./invoices'));
 api.use('/InviteCodes', require('./invite-codes'));
 api.use('/PredefinedCarriers', require('./predefined-carriers'));
 api.use('/PasswordSettings', require('./password-settings'));
-// Least Cost Routing
-api.use('/Lcrs', require('./lcrs'));
-api.use('/LcrRoutes', require('./lcr-routes'));
-api.use('/LcrCarrierSetEntries', require('./lcr-carrier-set-entries'));
 
 // messaging
 api.use('/Smpps', require('./smpps'));   // our smpp server info

lib/routes/api/lcr-carrier-set-entries.js

@@ -1,65 +0,0 @@
-const router = require('express').Router();
-const LcrCarrierSetEntry = require('../../models/lcr-carrier-set-entry');
-const LcrRoute = require('../../models/lcr-route');
-const decorate = require('./decorate');
-const {DbErrorBadRequest} = require('../../utils/errors');
-const sysError = require('../error');
-
-const validateAdd = async(req) => {
-  const {lookupCarrierBySid} = req.app.locals;
-  if (!req.body.lcr_route_sid) {
-    throw new DbErrorBadRequest('missing lcr_route_sid');
-  }
-  // check lcr_route_sid is exist
-  const lcrRoute = await LcrRoute.retrieve(req.body.lcr_route_sid);
-  if (lcrRoute.length === 0) {
-    throw new DbErrorBadRequest('unknown lcr_route_sid');
-  }
-  // check voip_carrier_sid is exist
-  if (!req.body.voip_carrier_sid) {
-    throw new DbErrorBadRequest('missing voip_carrier_sid');
-  }
-  const carrier = await lookupCarrierBySid(req.body.voip_carrier_sid);
-  if (!carrier) {
-    throw new DbErrorBadRequest('unknown voip_carrier_sid');
-  }
-};
-
-const validateUpdate = async(req) => {
-  const {lookupCarrierBySid} = req.app.locals;
-  if (req.body.lcr_route_sid) {
-    const lcrRoute = await LcrRoute.retrieve(req.body.lcr_route_sid);
-    if (lcrRoute.length === 0) {
-      throw new DbErrorBadRequest('unknown lcr_route_sid');
-    }
-  }
-
-  // check voip_carrier_sid is exist
-  if (req.body.voip_carrier_sid) {
-    const carrier = await lookupCarrierBySid(req.body.voip_carrier_sid);
-    if (!carrier) {
-      throw new DbErrorBadRequest('unknown voip_carrier_sid');
-    }
-  }
-};
-
-const preconditions = {
-  add: validateAdd,
-  update: validateUpdate,
-};
-
-decorate(router, LcrCarrierSetEntry, ['add', 'retrieve', 'update', 'delete'], preconditions);
-
-router.get('/', async(req, res) => {
-  const logger = req.app.locals.logger;
-  const lcr_route_sid = req.query.lcr_route_sid;
-  try {
-    const results = await LcrCarrierSetEntry.retrieveAllByLcrRouteSid(lcr_route_sid);
-    res.status(200).json(results);
-  } catch (err) {
-    sysError(logger, res, err);
-  }
-});
-
-
-module.exports = router;

lib/routes/api/lcr-routes.js

@@ -1,96 +0,0 @@
-const router = require('express').Router();
-const LcrRoute = require('../../models/lcr-route');
-const Lcr = require('../../models/lcr');
-const LcrCarrierSetEntry = require('../../models/lcr-carrier-set-entry');
-const decorate = require('./decorate');
-const {DbErrorBadRequest} = require('../../utils/errors');
-const sysError = require('../error');
-
-const validateAdd = async(req) => {
-  // check if lcr sid is available
-  if (!req.body.lcr_sid) {
-    throw new DbErrorBadRequest('missing parameter lcr_sid');
-  }
-
-  const lcr = await Lcr.retrieve(req.body.lcr_sid);
-  if (lcr.length === 0) {
-    throw new DbErrorBadRequest('unknown lcr_sid');
-  }
-};
-
-const validateUpdate = async(req) => {
-  if (req.body.lcr_sid) {
-    const lcr = await Lcr.retrieve(req.body.lcr_sid);
-    if (lcr.length === 0) {
-      throw new DbErrorBadRequest('unknown lcr_sid');
-    }
-  }
-};
-
-const validateDelete = async(req, sid) => {
-  // delete all lcr carrier set entries
-  await LcrCarrierSetEntry.deleteByLcrRouteSid(sid);
-};
-
-const checkUserScope = async(req, lcr_sid) => {
-  if (!lcr_sid) {
-    throw new DbErrorBadRequest('missing lcr_sid');
-  }
-
-  if (req.user.hasAdminAuth) return;
-
-  const lcrList = await Lcr.retrieve(lcr_sid);
-  if (lcrList.length === 0) throw new DbErrorBadRequest('unknown lcr_sid');
-  const lcr = lcrList[0];
-  if (req.user.hasAccountAuth) {
-    if (!lcr.account_sid || lcr.account_sid !== req.user.account_sid) {
-      throw new DbErrorBadRequest('unknown lcr_sid');
-    }
-  }
-
-  if (req.user.hasServiceProviderAuth) {
-    if (!lcr.service_provider_sid  || lcr.service_provider_sid !== req.user.service_provider_sid) {
-      throw new DbErrorBadRequest('unknown lcr_sid');
-    }
-  }
-};
-
-const preconditions = {
-  add: validateAdd,
-  update: validateUpdate,
-  delete: validateDelete,
-};
-
-decorate(router, LcrRoute, ['add', 'update', 'delete'], preconditions);
-
-router.get('/', async(req, res) => {
-  const logger = req.app.locals.logger;
-  const lcr_sid = req.query.lcr_sid;
-  try {
-    await checkUserScope(req, lcr_sid);
-    const results = await LcrRoute.retrieveAllByLcrSid(lcr_sid);
-    for (const r of results) {
-      r.lcr_carrier_set_entries = await LcrCarrierSetEntry.retrieveAllByLcrRouteSid(r.lcr_route_sid);
-    }
-    res.status(200).json(results);
-  } catch (err) {
-    sysError(logger, res, err);
-  }
-});
-
-router.get('/:sid', async(req, res) => {
-  const logger = req.app.locals.logger;
-  const lcr_route_sid = req.params.sid;
-  try {
-    const results = await LcrRoute.retrieve(lcr_route_sid);
-    if (results.length === 0) return res.sendStatus(404);
-    const route = results[0];
-    route.lcr_carrier_set_entries = await LcrCarrierSetEntry.retrieveAllByLcrRouteSid(route.lcr_route_sid);
-    res.status(200).json(route);
-  } catch (err) {
-    sysError(logger, res, err);
-  }
-});
-
-
-module.exports = router;

lib/routes/api/lcrs.js

@@ -1,138 +0,0 @@
-const router = require('express').Router();
-const Lcr = require('../../models/lcr');
-const LcrCarrierSetEntry = require('../../models/lcr-carrier-set-entry');
-const LcrRoutes = require('../../models/lcr-route');
-const decorate = require('./decorate');
-const {DbErrorBadRequest} = require('../../utils/errors');
-const sysError = require('../error');
-const ServiceProvider = require('../../models/service-provider');
-
-const validateAssociatedTarget = async(req, sid) => {
-  const {lookupAccountBySid} = req.app.locals;
-  if (req.body.account_sid) {
-    // Add only for account
-    req.body.service_provider_sid = null;
-    const account = await lookupAccountBySid(req.body.account_sid);
-    if (!account) throw new DbErrorBadRequest('unknown account_sid');
-    const lcr = await Lcr.retrieveAllByAccountSid(req.body.account_sid);
-    if (lcr.length > 0 && (!sid || sid !== lcr[0].lcr_sid)) {
-      throw new DbErrorBadRequest(`Account: ${account.name}  already has an active call routing table.`);
-    }
-  } else if (req.body.service_provider_sid) {
-    const serviceProviders = await ServiceProvider.retrieve(req.body.service_provider_sid);
-    if (serviceProviders.length === 0) throw new DbErrorBadRequest('unknown service_provider_sid');
-    const serviceProvider = serviceProviders[0];
-    const lcr = await Lcr.retrieveAllByServiceProviderSid(req.body.service_provider_sid);
-    if (lcr.length > 0 && (!sid || sid !== lcr[0].lcr_sid)) {
-      throw new DbErrorBadRequest(`Service Provider: ${serviceProvider.name} already 
-      has an active call routing table.`);
-    }
-  }
-};
-
-const validateAdd = async(req) => {
-  if (req.user.hasAccountAuth) {
-    // Account just create LCR for himself
-    req.body.account_sid = req.user.account_sid;
-  } else if (req.user.hasServiceProviderAuth) {
-    // SP just can create LCR for himself
-    req.body.service_provider_sid = req.user.service_provider_sid;
-    req.body.account_sid = null;
-  }
-
-  await validateAssociatedTarget(req);
-  // check if lcr_carrier_set_entry is available
-  if (req.body.lcr_carrier_set_entry) {
-    const e = await LcrCarrierSetEntry.retrieve(req.body.lcr_carrier_set_entry);
-    if (e.length === 0) throw new DbErrorBadRequest('unknown lcr_carrier_set_entry');
-  }
-
-};
-
-const validateUserPermissionForExistingEntity = async(req, sid) => {
-  const r = await Lcr.retrieve(sid);
-  if (r.length === 0) {
-    throw new DbErrorBadRequest('unknown lcr_sid');
-  }
-  const lcr = r[0];
-  if (req.user.hasAccountAuth) {
-    if (lcr.account_sid != req.user.account_sid) {
-      throw new DbErrorBadRequest('unknown lcr_sid');
-    }
-  } else if (req.user.hasServiceProviderAuth) {
-    if (lcr.service_provider_sid != req.user.service_provider_sid) {
-      throw new DbErrorBadRequest('unknown lcr_sid');
-    }
-  }
-};
-
-const validateUpdate = async(req, sid) => {
-  await validateUserPermissionForExistingEntity(req, sid);
-  await validateAssociatedTarget(req, sid);
-};
-
-const validateDelete = async(req, sid) => {
-  if (req.user.hasAccountAuth) {
-    /* can only delete Lcr for the user's account */
-    const r = await Lcr.retrieve(sid);
-    const lcr = r.length > 0 ? r[0] : null;
-    if (!lcr || (req.user.account_sid && lcr.account_sid != req.user.account_sid)) {
-      throw new DbErrorBadRequest('unknown lcr_sid');
-    }
-  }
-  await Lcr.releaseDefaultEntry(sid);
-  // fetch lcr route
-  const lcr_routes = await LcrRoutes.retrieveAllByLcrSid(sid);
-  // delete all lcr carrier set entries
-  for (const e of lcr_routes) {
-    await LcrCarrierSetEntry.deleteByLcrRouteSid(e.lcr_route_sid);
-  }
-
-  // delete all lcr routes
-  await LcrRoutes.deleteByLcrSid(sid);
-};
-
-const preconditions = {
-  add: validateAdd,
-  update: validateUpdate,
-  delete: validateDelete
-};
-
-decorate(router, Lcr, ['add', 'update', 'delete'], preconditions);
-
-router.get('/', async(req, res) => {
-  const logger = req.app.locals.logger;
-  try {
-    const results = req.user.hasAdminAuth ?
-      await Lcr.retrieveAll() : req.user.hasAccountAuth ?
-        await Lcr.retrieveAllByAccountSid(req.user.hasAccountAuth ? req.user.account_sid : null) :
-        await Lcr.retrieveAllByServiceProviderSid(req.user.service_provider_sid);
-
-    for (const lcr of results) {
-      lcr.number_routes = await LcrRoutes.countAllByLcrSid(lcr.lcr_sid);
-    }
-    res.status(200).json(results);
-  } catch (err) {
-    sysError(logger, res, err);
-  }
-});
-
-router.get('/:sid', async(req, res) => {
-  const logger = req.app.locals.logger;
-  try {
-    const results = await Lcr.retrieve(req.params.sid);
-    if (results.length === 0) return res.sendStatus(404);
-    const lcr = results[0];
-    if (req.user.hasAccountAuth && lcr.account_sid !== req.user.account_sid) {
-      return res.sendStatus(404);
-    } else if (req.user.hasServiceProviderAuth && lcr.service_provider_sid !== req.user.service_provider_sid) {
-      return res.sendStatus(404);
-    }
-    lcr.number_routes = await LcrRoutes.countAllByLcrSid(lcr.lcr_sid);
-    return res.status(200).json(lcr);
-  } catch (err) {
-    sysError(logger, res, err);
-  }
-});
-
-module.exports = router;

lib/routes/api/limits.js

@@ -22,25 +22,22 @@ DELETE FROM account_limits
 WHERE account_sid = ? 
 AND category = ?
 `;
-
 router.post('/', async(req, res) => {
   const logger = req.app.locals.logger;
   const {
     category,
     quantity
   } = req.body;
-
-  try {
-    let service_provider_sid;
-    const account_sid = parseAccountSid(req);
-    if (!account_sid) {
-      if (!req.user.hasServiceProviderAuth && !req.user.hasAdminAuth) {
-        logger.error('POST /SpeechCredentials invalid credentials');
-        return res.sendStatus(403);
-      }
-      service_provider_sid = parseServiceProviderSid(req);
+  const account_sid = parseAccountSid(req);
+  let service_provider_sid;
+  if (!account_sid) {
+    if (!req.user.hasServiceProviderAuth && !req.user.hasAdminAuth) {
+      logger.error('POST /SpeechCredentials invalid credentials');
+      return res.sendStatus(403);
     }
-
+    service_provider_sid = parseServiceProviderSid(req);
+  }
+  try {
     let uuid;
     if (account_sid) {
       const existing = (await AccountLimits.retrieve(account_sid) || [])
@@ -83,11 +80,10 @@ router.post('/', async(req, res) => {
  */
 router.get('/', async(req, res) => {
   let service_provider_sid;
+  const account_sid = parseAccountSid(req);
+  if (!account_sid) service_provider_sid = parseServiceProviderSid(req);
   const logger = req.app.locals.logger;
-
   try {
-    const account_sid = parseAccountSid(req);
-    if (!account_sid) service_provider_sid = parseServiceProviderSid(req);
     const limits = account_sid ?
       await AccountLimits.retrieve(account_sid) :
       await ServiceProviderLimits.retrieve(service_provider_sid);
@@ -103,11 +99,10 @@ router.get('/', async(req, res) => {
 
 router.delete('/', async(req, res) => {
   const logger = req.app.locals.logger;
-
+  const account_sid = parseAccountSid(req);
+  const {category} = req.query;
+  const service_provider_sid = parseServiceProviderSid(req);
   try {
-    const account_sid = parseAccountSid(req);
-    const {category} = req.query;
-    const service_provider_sid = parseServiceProviderSid(req);
     if (account_sid) {
       if (category) {
         await promisePool.execute(sqlDeleteAccountLimitsByCategory, [account_sid, category]);

lib/routes/api/login.js

@@ -2,7 +2,6 @@ const router = require('express').Router();
 const jwt = require('jsonwebtoken');
 const {verifyPassword} = require('../../utils/password-utils');
 const {promisePool} = require('../../db');
-const {cacheClient} = require('../../helpers');
 const Account = require('../../models/account');
 const ServiceProvider = require('../../models/service-provider');
 const sysError = require('../error');
@@ -17,7 +16,7 @@ const tokenSql = 'SELECT token from api_keys where account_sid IS NULL AND servi
 
 
 router.post('/', async(req, res) => {
-  const {logger, incrKey, retrieveKey} = req.app.locals;
+  const logger = req.app.locals.logger;
   const {username, password} = req.body;
   if (!username || !password) {
     logger.info('Bad POST to /login is missing username or password');
@@ -31,28 +30,8 @@ router.post('/', async(req, res) => {
       return res.sendStatus(403);
     }
     logger.info({r}, 'successfully retrieved user account');
-
-    const maxLoginAttempts = process.env.LOGIN_ATTEMPTS_MAX_RETRIES || 6;
-    const loginAttempsBlocked = await retrieveKey(`login:${r[0].user_sid}`) >= maxLoginAttempts;
-
-    if (loginAttempsBlocked) {
-      logger.info(`User ${r[0].user_sid} was blocked due to excessive login attempts with incorrect credentials.`);
-      return res.status(403)
-        .json({error: 'Maximum login attempts reached. Please try again later or reset your password.'});
-    }
-
     const isCorrect = await verifyPassword(r[0].hashed_password, password);
-    if (!isCorrect) {
-      const attempTime = process.env.LOGIN_ATTEMPTS_TIME || 1800;
-      const newAttempt = await incrKey(`login:${r[0].user_sid}`, attempTime)
-        .catch((err) => logger.error({err}, 'Error adding logging attempt to redis'));
-      if (newAttempt >= maxLoginAttempts) {
-        logger.info(`User ${r[0].user_sid} is now blocked due to excessive login attempts with incorrect credentials.`);
-        return res.status(403)
-          .json({error: `Maximum login attempts reached. Please try again in ${attempTime} seconds.`});
-      }
-      return res.sendStatus(403);
-    }
+    if (!isCorrect) return res.sendStatus(403);
     const force_change = !!r[0].force_change;
     const [t] = await promisePool.query(tokenSql);
     if (t.length === 0) {
@@ -92,22 +71,12 @@ router.post('/', async(req, res) => {
       }),
       user_sid: obj.user_sid
     };
-
-    const expiresIn = parseInt(process.env.JWT_EXPIRES_IN || 60) * 60;
     const token = jwt.sign(
       payload,
       process.env.JWT_SECRET,
-      { expiresIn }
+      { expiresIn: parseInt(process.env.JWT_EXPIRES_IN || 60) * 60 }
     );
     res.json({token, ...obj});
-
-    /* Store jwt based on user_id after successful login */
-    await cacheClient.set({
-      redisKey: cacheClient.generateRedisKey('jwt', obj.user_sid, 'v2'),
-      value: token,
-      time: expiresIn,
-    });
-
   } catch (err) {
     sysError(logger, res, err);
   }

lib/routes/api/logout.js

@@ -1,18 +1,19 @@
 const router = require('express').Router();
 const debug = require('debug')('jambonz:api-server');
-const {cacheClient} = require('../../helpers');
+const {hashString} = require('../../utils/password-utils');
 const sysError = require('../error');
 
 router.post('/', async(req, res) => {
-  const {logger} = req.app.locals;
-  const {user_sid} = req.user;
+  const {logger, addKey} = req.app.locals;
+  const {jwt} = req.user;
 
-  debug(`logout user and invalidate jwt token for user: ${user_sid}`);
+  debug(`adding jwt to blacklist: ${jwt}`);
 
   try {
-    const redisKey = cacheClient.generateRedisKey('jwt', user_sid, 'v2');
-    await cacheClient.delete(redisKey);
-
+    /* add key to blacklist */
+    const s = `jwt:${hashString(jwt)}`;
+    const result = await addKey(s, '1', 3600);
+    debug(`result from adding ${s}: ${result}`);
     res.sendStatus(204);
   } catch (err) {
     sysError(logger, res, err);

lib/routes/api/password-settings.js

@@ -15,9 +15,6 @@ const validate = (obj) => {
 router.post('/', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    if (!req.user.hasAdminAuth) {
-      return res.sendStatus(403);
-    }
     validate(req.body);
     const [existing] = (await PasswordSettings.retrieve() || []);
     if (existing) {

lib/routes/api/phone-numbers.js

@@ -1,10 +1,8 @@
 const router = require('express').Router();
-const {DbErrorBadRequest, DbErrorForbidden} = require('../../utils/errors');
+const {DbErrorUnprocessableRequest, DbErrorBadRequest} = require('../../utils/errors');
 const PhoneNumber = require('../../models/phone-number');
 const VoipCarrier = require('../../models/voip-carrier');
-const Account = require('../../models/account');
 const decorate = require('./decorate');
-const {promisePool} = require('../../db');
 const {e164} = require('../../utils/phone-number-utils');
 const preconditions = {
   'add': validateAdd,
@@ -12,7 +10,6 @@ const preconditions = {
   'update': validateUpdate
 };
 const sysError = require('../error');
-const { parsePhoneNumberSid } = require('./utils');
 
 
 /* check for required fields when adding */
@@ -23,10 +20,6 @@ async function validateAdd(req) {
       req.body.account_sid = req.user.account_sid;
     }
 
-    if (req.user.hasServiceProviderAuth) {
-      req.body.service_provider_sid = req.user.service_provider_sid;
-    }
-
     if (!req.body.number) throw new DbErrorBadRequest('number is required');
     const formattedNumber = e164(req.body.number);
     req.body.number = formattedNumber;
@@ -48,11 +41,11 @@ async function checkInUse(req, sid) {
   const phoneNumber = await PhoneNumber.retrieve(sid);
   if (req.user.hasAccountAuth) {
     if (phoneNumber && phoneNumber.length && phoneNumber[0].account_sid !== req.user.account_sid) {
-      throw new DbErrorForbidden('insufficient privileges');
+      throw new DbErrorUnprocessableRequest('cannot delete a phone number that belongs to another account');
     }
   }
   if (!req.user.hasAccountAuth && phoneNumber.account_sid) {
-    throw new DbErrorForbidden('insufficient privileges');
+    throw new DbErrorUnprocessableRequest('cannot delete phone number that is assigned to an account');
   }
 }
 
@@ -64,23 +57,10 @@ async function validateUpdate(req, sid) {
   const phoneNumber = await PhoneNumber.retrieve(sid);
   if (req.user.hasAccountAuth) {
     if (phoneNumber && phoneNumber.length && phoneNumber[0].account_sid !== req.user.account_sid) {
-      throw new DbErrorForbidden('insufficient privileges');
+      throw new DbErrorUnprocessableRequest('cannot operate on a phone number that belongs to another account');
     }
   }
-  if (req.user.hasServiceProviderAuth) {
-    let service_provider_sid;
 
-    if (!phoneNumber[0].service_provider_sid) {
-      const [r] = await Account.retrieve(phoneNumber[0].account_sid);
-      service_provider_sid = r.service_provider_sid;
-    } else {
-      service_provider_sid = phoneNumber[0].service_provider_sid;
-    }
-
-    if (phoneNumber && phoneNumber.length && service_provider_sid !== req.user.service_provider_sid) {
-      throw new DbErrorForbidden('insufficient privileges');
-    }
-  }
   // TODO: if we are assigning to an account, verify it exists
 
   // TODO: if we are assigning to an application, verify it is associated to the same account
@@ -94,9 +74,7 @@ decorate(router, PhoneNumber, ['add', 'update', 'delete'], preconditions);
 router.get('/', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const results = req.user.hasAdminAuth ?
-      await PhoneNumber.retrieveAll(req.user.hasAccountAuth ? req.user.account_sid : null) :
-      await PhoneNumber.retrieveAllForSP(req.user.service_provider_sid);
+    const results = await PhoneNumber.retrieveAll(req.user.hasAccountAuth ? req.user.account_sid : null);
     res.status(200).json(results);
   } catch (err) {
     sysError(logger, res, err);
@@ -107,19 +85,9 @@ router.get('/', async(req, res) => {
 router.get('/:sid', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const sid = parsePhoneNumberSid(req);
     const account_sid = req.user.hasAccountAuth ? req.user.account_sid : null;
-    const results = await PhoneNumber.retrieve(sid, account_sid);
+    const results = await PhoneNumber.retrieve(req.params.sid, account_sid);
     if (results.length === 0) return res.status(404).end();
-
-    if (req.user.hasServiceProviderAuth && results.length === 1) {
-      const account_sid = results[0].account_sid;
-      const [r] = await promisePool.execute(
-        'SELECT service_provider_sid from accounts WHERE account_sid = ?', [account_sid]);
-      if (r.length === 1 && r[0].service_provider_sid !== req.user.service_provider_sid) {
-        throw new DbErrorBadRequest('insufficient privileges');
-      }
-    }
     return res.status(200).json(results[0]);
   }
   catch (err) {

lib/routes/api/recent-calls.js

@@ -2,8 +2,6 @@ const router = require('express').Router();
 const sysError = require('../error');
 const {DbErrorBadRequest} = require('../../utils/errors');
 const {getHomerApiKey, getHomerSipTrace, getHomerPcap} = require('../../utils/homer-utils');
-const {getJaegerTrace} = require('../../utils/jaeger-utils');
-
 const parseAccountSid = (url) => {
   const arr = /Accounts\/([^\/]*)/.exec(url);
   if (arr) return arr[1];
@@ -95,20 +93,4 @@ router.get('/:call_id/pcap', async(req, res) => {
   }
 });
 
-router.get('/trace/:trace_id', async(req, res) => {
-  const {logger} = req.app.locals;
-  const {trace_id} = req.params;
-  try {
-    const obj = await getJaegerTrace(logger, trace_id);
-    if (!obj) {
-      logger.info(`/RecentCalls: unable to get spans from jaeger for ${trace_id}`);
-      return res.sendStatus(404);
-    }
-    res.status(200).json(obj.result);
-  } catch (err) {
-    logger.error({err}, `/RecentCalls error retrieving jaeger trace ${trace_id}`);
-    res.sendStatus(500);
-  }
-});
-
 module.exports = router;

lib/routes/api/register.js

@@ -4,7 +4,6 @@ const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/er
 const {promisePool} = require('../../db');
 const {doGithubAuth, doGoogleAuth, doLocalAuth} = require('../../utils/oauth-utils');
 const {validateEmail} = require('../../utils/email-utils');
-const {cacheClient} = require('../../helpers');
 const { v4: uuid } = require('uuid');
 const short = require('short-uuid');
 const translator = short();
@@ -339,19 +338,16 @@ router.post('/', async(req, res) => {
         /* deactivate the old/replaced user */
         const [r] = await promisePool.execute('DELETE FROM users WHERE user_sid = ?', [user_sid]);
         logger.debug({r}, 'register - removed old user');
-        const redisKey = cacheClient.generateRedisKey('jwt', user_sid, 'v2');
-        await cacheClient.delete(redisKey);
       }
     }
 
-    const expiresIn = parseInt(process.env.JWT_EXPIRES_IN || 60) * 60 ;
     // generate a json web token for this user
     const token = jwt.sign({
       user_sid: userProfile.user_sid,
       account_sid: userProfile.account_sid,
       email: userProfile.email,
       name: userProfile.name
-    }, process.env.JWT_SECRET, { expiresIn });
+    }, process.env.JWT_SECRET, { expiresIn: parseInt(process.env.JWT_EXPIRES_IN || 60) * 60 });
 
     logger.debug({
       user_sid: userProfile.user_sid,
@@ -360,13 +356,6 @@ router.post('/', async(req, res) => {
 
     res.json({jwt: token, ...userProfile});
 
-    /* Store jwt based on user_id after successful login */
-    await cacheClient.set({
-      redisKey: cacheClient.generateRedisKey('jwt', userProfile.user_sid, 'v2'),
-      value: token,
-      time: expiresIn,
-    });
-
   } catch (err) {
     debug(err, 'Error');
     sysError(logger, res, err);

lib/routes/api/sbcs.js

@@ -2,53 +2,25 @@ const router = require('express').Router();
 const Sbc = require('../../models/sbc');
 const decorate = require('./decorate');
 const sysError = require('../error');
-const {DbErrorBadRequest} = require('../../utils/errors');
-const {promisePool} = require('../../db');
+//const {DbErrorBadRequest} = require('../../utils/errors');
+//const {promisePool} = require('../../db');
 
-const validate = (req, res) => {
-  if (req.user.hasScope('admin')) return;
-  res.status(403).json({
-    status: 'fail',
-    message: 'insufficient privileges'
-  });
-};
-
-const preconditions = {
-  'add': validate,
-  'delete': validate
-};
-
-decorate(router, Sbc, ['add', 'delete'], preconditions);
+decorate(router, Sbc, ['add', 'delete']);
 
 /* list */
 router.get('/', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    let service_provider_sid = req.query.service_provider_sid;
-
+    const service_provider_sid = req.query.service_provider_sid;
+    /*
     if (req.user.hasAccountAuth) {
       const [r] = await promisePool.query('SELECT * from accounts WHERE account_sid = ?', req.user.account_sid);
       if (0 === r.length) throw new Error('invalid account_sid');
-
       service_provider_sid = r[0].service_provider_sid;
     }
-
-    if (req.user.hasServiceProviderAuth) {
-      const [r] = await promisePool.query(
-        'SELECT * from service_providers where service_provider_sid = ?',
-        service_provider_sid);
-      if (0 === r.length) throw new Error('invalid account_sid');
-
-      service_provider_sid = r[0].service_provider_sid;
-
-      if (!service_provider_sid) throw new DbErrorBadRequest('missing service_provider_sid in query');
-    }
-
-    /** generally, we have a global set of SBCs that all accounts use.
-     * However, we can have a set of SBCs that are specific for use by a service provider.
-     */
-    let results = await Sbc.retrieveAll(service_provider_sid);
-    if (results.length === 0) results = await Sbc.retrieveAll();
+    if (!service_provider_sid) throw new DbErrorBadRequest('missing service_provider_sid in query');
+    */
+    const results = await Sbc.retrieveAll(service_provider_sid);
     res.status(200).json(results);
   } catch (err) {
     sysError(logger, res, err);

lib/routes/api/service-providers.js

@@ -1,6 +1,6 @@
 const router = require('express').Router();
 const {promisePool} = require('../../db');
-const {DbErrorForbidden} = require('../../utils/errors');
+const {DbErrorUnprocessableRequest, DbErrorForbidden} = require('../../utils/errors');
 const Webhook = require('../../models/webhook');
 const ServiceProvider = require('../../models/service-provider');
 const Account = require('../../models/account');
@@ -8,11 +8,7 @@ const VoipCarrier = require('../../models/voip-carrier');
 const Application = require('../../models/application');
 const PhoneNumber = require('../../models/phone-number');
 const ApiKey = require('../../models/api-key');
-const {
-  hasServiceProviderPermissions,
-  parseServiceProviderSid,
-  parseVoipCarrierSid,
-} = require('./utils');
+const {hasServiceProviderPermissions, parseServiceProviderSid} = require('./utils');
 const sysError = require('../error');
 const decorate = require('./decorate');
 const preconditions = {
@@ -39,59 +35,50 @@ function validateAdd(req) {
 }
 
 async function validateRetrieve(req) {
-  try {
-    const service_provider_sid = parseServiceProviderSid(req);
-
-    if (req.user.hasScope('admin')) {
-      return;
-    }
-
-    if (req.user.hasScope('service_provider') || req.user.hasScope('account')) {
-      if (service_provider_sid === req.user.service_provider_sid) return;
-    }
-
-    throw new DbErrorForbidden('insufficient permissions');
-  } catch (error) {
-    throw error;
+  const service_provider_sid = parseServiceProviderSid(req);
+  if (req.user.hasScope('admin')) return ;
+  if (req.user.hasScope('service_provider')) {
+    if (service_provider_sid === req.user.service_provider_sid) return ;
   }
+  if (req.user.hasScope('account')) {
+    /* allow account users to retrieve service provider data from parent SP */
+    const sid = req.user.account_sid;
+    const [r] = await promisePool.execute('SELECT service_provider_sid from accounts WHERE account_sid = ?', [sid]);
+    if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) return;
+  }
+  throw new DbErrorForbidden('insufficient permissions to update service provider');
 }
 
 function validateUpdate(req) {
-  try {
+  if (req.user.hasScope('admin')) return ;
+  if (req.user.hasScope('service_provider')) {
     const service_provider_sid = parseServiceProviderSid(req);
-
-    if (req.user.hasScope('admin')) {
-      return;
-    }
-
-    if (req.user.hasScope('service_provider')) {
-      if (service_provider_sid === req.user.service_provider_sid) return;
-    }
-
-    throw new DbErrorForbidden('insufficient permissions to update service provider');
-  } catch (error) {
-    throw error;
+    if (service_provider_sid === req.user.service_provider_sid) return ;
   }
+  throw new DbErrorForbidden('insufficient permissions to update service provider');
 }
 
-/* can not delete a service provider if it has any active accounts or users*/
+/* can not delete a service provider if it has any active accounts */
 async function noActiveAccountsOrUsers(req, sid) {
   if (!req.user.hasAdminAuth) {
     throw new DbErrorForbidden('only admin users can delete a service provider');
   }
   const activeAccounts = await ServiceProvider.getForeignKeyReferences('accounts.service_provider_sid', sid);
   const activeUsers = await ServiceProvider.getForeignKeyReferences('users.service_provider_sid', sid);
-  if (activeAccounts > 0 && activeUsers > 0) throw new DbErrorForbidden('insufficient privileges');
+  if (activeAccounts > 0 && activeUsers > 0) throw new DbErrorUnprocessableRequest(
+    'cannot delete service provider with active accounts or users'
+  );
 
-  if (activeAccounts > 0) throw new DbErrorForbidden('insufficient privileges');
-  if (activeUsers > 0) throw new DbErrorForbidden('insufficient privileges');
+  if (activeAccounts > 0) throw new DbErrorUnprocessableRequest('cannot delete service provider with active accounts');
+  if (activeUsers > 0) throw new DbErrorUnprocessableRequest(
+    'cannot delete service provider with active service provider level users'
+  );
 
   /* ok we can delete -- no active accounts.  remove carriers and speech credentials */
   await promisePool.execute('DELETE from speech_credentials WHERE service_provider_sid = ?', [sid]);
   await promisePool.query(sqlDeleteSipGateways, [sid]);
   await promisePool.query(sqlDeleteSmppGateways, [sid]);
   await promisePool.query('DELETE from voip_carriers WHERE service_provider_sid = ?', [sid]);
-  await promisePool.query('DELETE from api_keys WHERE service_provider_sid = ?', [sid]);
 }
 
 decorate(router, ServiceProvider, ['delete'], preconditions);
@@ -115,7 +102,6 @@ router.get('/:sid/Accounts', async(req, res) => {
     sysError(logger, res, err);
   }
 });
-
 router.get('/:sid/Applications', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
@@ -175,8 +161,7 @@ router.put('/:sid/VoipCarriers/:voip_carrier_sid', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
     validateUpdate(req);
-    const sid = parseVoipCarrierSid(req);
-    const rowsAffected = await VoipCarrier.update(sid, req.body);
+    const rowsAffected = await VoipCarrier.update(req.params.voip_carrier_sid, req.body);
     if (rowsAffected === 0) {
       return res.sendStatus(404);
     }
@@ -206,6 +191,7 @@ router.post('/', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
     validateAdd(req);
+
     // create webhooks if provided
     const obj = Object.assign({}, req.body);
     for (const prop of ['registration_hook']) {
@@ -226,6 +212,7 @@ router.post('/', async(req, res) => {
 /* list */
 router.get('/', async(req, res) => {
   const logger = req.app.locals.logger;
+
   try {
     const results = await ServiceProvider.retrieveAll();
     logger.debug({results, user: req.user}, 'ServiceProvider.retrieveAll');
@@ -244,9 +231,7 @@ router.get('/', async(req, res) => {
 router.get('/:sid', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    await validateRetrieve(req);
-    const sid = parseServiceProviderSid(req);
-    const results = await ServiceProvider.retrieve(sid);
+    const results = await ServiceProvider.retrieve(req.params.sid);
     if (results.length === 0) return res.status(404).end();
     return res.status(200).json(results[0]);
   }
@@ -257,10 +242,10 @@ router.get('/:sid', async(req, res) => {
 
 /* update */
 router.put('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
     validateUpdate(req);
-    const sid = parseServiceProviderSid(req);
 
     // create webhooks if provided
     const obj = Object.assign({}, req.body);
@@ -270,14 +255,15 @@ router.put('/:sid', async(req, res) => {
           const sid = obj[prop]['webhook_sid'];
           delete obj[prop]['webhook_sid'];
           await Webhook.update(sid, obj[prop]);
-        } else {
+        }
+        else {
           const sid = await Webhook.make(obj[prop]);
           obj[`${prop}_sid`] = sid;
         }
-      } else {
+      }
+      else {
         obj[`${prop}_sid`] = null;
       }
-
       delete obj[prop];
     }
 
@@ -285,7 +271,6 @@ router.put('/:sid', async(req, res) => {
     if (rowsAffected === 0) {
       return res.status(404).end();
     }
-
     res.status(204).end();
   } catch (err) {
     sysError(logger, res, err);

lib/routes/api/signin.js

@@ -3,17 +3,10 @@ const router = require('express').Router();
 const {DbErrorBadRequest} = require('../../utils/errors');
 const {promisePool} = require('../../db');
 const {verifyPassword} = require('../../utils/password-utils');
-const {cacheClient} = require('../../helpers');
 const jwt = require('jsonwebtoken');
 const sysError = require('../error');
-const retrievePermissionsSql = `
-SELECT p.name 
-FROM permissions p, user_permissions up 
-WHERE up.permission_sid = p.permission_sid 
-AND up.user_sid = ? 
-`;
 
-const validateRequest = (req) => {
+const validateRequest = async(req) => {
   const {email, password} = req.body || {};
 
   /* check required properties are there */
@@ -59,7 +52,6 @@ router.post('/', async(req, res) => {
       email: user.email,
       phone: user.phone,
       account_sid: user.account_sid,
-      service_provider_sid: a[0].service_provider_sid,
       force_change: !!user.force_change,
       provider: user.provider,
       provider_userid: user.provider_userid,
@@ -72,22 +64,11 @@ router.post('/', async(req, res) => {
       pristine: false
     });
 
-    const [p] = await promisePool.query(retrievePermissionsSql, user.user_sid);
-    const permissions = p.map((x) => x.name);
-
-    const expiresIn = parseInt(process.env.JWT_EXPIRES_IN || 60) * 60;
     // generate a json web token for this session
-    const payload = {
-      scope: 'account',
-      permissions,
+    const token = jwt.sign({
       user_sid: userProfile.user_sid,
-      account_sid: userProfile.account_sid,
-      service_provider_sid: userProfile.service_provider_sid
-    };
-    const token = jwt.sign(payload,
-      process.env.JWT_SECRET,
-      { expiresIn }
-    );
+      account_sid: userProfile.account_sid
+    }, process.env.JWT_SECRET, { expiresIn: parseInt(process.env.JWT_EXPIRES_IN || 60) * 60 });
 
     logger.debug({
       user_sid: userProfile.user_sid,
@@ -95,14 +76,6 @@ router.post('/', async(req, res) => {
     }, 'generated jwt');
 
     res.json({jwt: token, ...userProfile});
-
-    /* Store jwt based on user_id after successful login */
-    await cacheClient.set({
-      redisKey: cacheClient.generateRedisKey('jwt', userProfile.user_sid, 'v2'),
-      value: token,
-      time: expiresIn,
-    });
-
   } catch (err) {
     sysError(logger, res, err);
   }

lib/routes/api/sip-gateways.js

@@ -1,46 +1,11 @@
 const router = require('express').Router();
 const SipGateway = require('../../models/sip-gateway');
-const {DbErrorBadRequest, DbErrorForbidden} = require('../../utils/errors');
-//const {parseSipGatewaySid} = require('./utils');
+const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/errors');
 const decorate = require('./decorate');
 const sysError = require('../error');
 
-const checkUserScope = async(req, voip_carrier_sid) => {
-  const {lookupCarrierBySid} = req.app.locals;
-  if (!voip_carrier_sid) {
-    throw new DbErrorBadRequest('missing voip_carrier_sid');
-  }
-
-  if (req.user.hasAdminAuth) return;
-  if (req.user.hasAccountAuth) {
-    const carrier = await lookupCarrierBySid(voip_carrier_sid);
-    if (!carrier) throw new DbErrorBadRequest('invalid voip_carrier_sid');
-
-    if ((!carrier.service_provider_sid || carrier.service_provider_sid === req.user.service_provider_sid) &&
-      (!carrier.account_sid || carrier.account_sid === req.user.account_sid)) {
-
-      if (req.method !== 'GET' && !carrier.account_sid) {
-        throw new DbErrorForbidden('insufficient privileges');
-      }
-
-      return;
-    }
-  }
-  if (req.user.hasServiceProviderAuth) {
-    const carrier = await lookupCarrierBySid(voip_carrier_sid);
-    if (!carrier) {
-      throw new DbErrorBadRequest('invalid voip_carrier_sid');
-    }
-
-    if (carrier.service_provider_sid === req.user.service_provider_sid) {
-      return;
-    }
-  }
-  throw new DbErrorForbidden('insufficient privileges');
-};
-
 const validate = async(req, sid) => {
-  const {lookupSipGatewayBySid} = req.app.locals;
+  const {lookupCarrierBySid, lookupSipGatewayBySid} = req.app.locals;
   let voip_carrier_sid;
 
   if (sid) {
@@ -52,7 +17,13 @@ const validate = async(req, sid) => {
     voip_carrier_sid = req.body.voip_carrier_sid;
     if (!voip_carrier_sid) throw new DbErrorBadRequest('missing voip_carrier_sid');
   }
-  await checkUserScope(req, voip_carrier_sid);
+  if (req.hasAccountAuth) {
+    const carrier = await lookupCarrierBySid(voip_carrier_sid);
+    if (!carrier) throw new DbErrorBadRequest('invalid voip_carrier_sid');
+    if (carrier.account_sid !== req.user.account_sid) {
+      throw new DbErrorUnprocessableRequest('user can not add gateway for voip_carrier belonging to other account');
+    }
+  }
 };
 
 const preconditions = {
@@ -68,7 +39,6 @@ router.get('/', async(req, res) => {
   const logger = req.app.locals.logger;
   const voip_carrier_sid = req.query.voip_carrier_sid;
   try {
-    await checkUserScope(req, voip_carrier_sid);
     if (!voip_carrier_sid) {
       logger.info('GET /SipGateways missing voip_carrier_sid param');
       return res.status(400).json({message: 'missing voip_carrier_sid query param'});

lib/routes/api/smpp-gateways.js

@@ -1,38 +1,11 @@
 const router = require('express').Router();
 const SmppGateway = require('../../models/smpp-gateway');
-const {DbErrorBadRequest, DbErrorForbidden} = require('../../utils/errors');
+const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/errors');
 const decorate = require('./decorate');
 const sysError = require('../error');
 
-const checkUserScope = async(req, voip_carrier_sid) => {
-  const {lookupCarrierBySid} = req.app.locals;
-  if (!voip_carrier_sid) {
-    throw new DbErrorBadRequest('missing voip_carrier_sid');
-  }
-
-  if (req.user.hasAdminAuth) return;
-
-  if (req.user.hasAccountAuth) {
-    const carrier = await lookupCarrierBySid(voip_carrier_sid);
-    if (!carrier) throw new DbErrorBadRequest('invalid voip_carrier_sid');
-
-    if ((!carrier.service_provider_sid || carrier.service_provider_sid === req.user.service_provider_sid) &&
-      (!carrier.account_sid || carrier.account_sid === req.user.account_sid)) {
-      return;
-    }
-  }
-  if (req.user.hasServiceProviderAuth) {
-    const carrier = await lookupCarrierBySid(voip_carrier_sid);
-    if (!carrier) throw new DbErrorBadRequest('invalid voip_carrier_sid');
-    if (carrier.service_provider_sid === req.user.service_provider_sid) {
-      return;
-    }
-  }
-  throw new DbErrorForbidden('insufficient privileges');
-};
-
 const validate = async(req, sid) => {
-  const {lookupSmppGatewayBySid} = req.app.locals;
+  const {lookupCarrierBySid, lookupSmppGatewayBySid} = req.app.locals;
   let voip_carrier_sid;
 
   if (sid) {
@@ -44,8 +17,13 @@ const validate = async(req, sid) => {
     voip_carrier_sid = req.body.voip_carrier_sid;
     if (!voip_carrier_sid) throw new DbErrorBadRequest('missing voip_carrier_sid');
   }
-
-  await checkUserScope(req, voip_carrier_sid);
+  if (req.hasAccountAuth) {
+    const carrier = await lookupCarrierBySid(voip_carrier_sid);
+    if (!carrier) throw new DbErrorBadRequest('invalid voip_carrier_sid');
+    if (carrier.account_sid !== req.user.account_sid) {
+      throw new DbErrorUnprocessableRequest('user can not add gateway for voip_carrier belonging to other account');
+    }
+  }
 };
 
 const preconditions = {
@@ -61,7 +39,6 @@ router.get('/', async(req, res) => {
   const logger = req.app.locals.logger;
   const voip_carrier_sid = req.query.voip_carrier_sid;
   try {
-    await checkUserScope(req, voip_carrier_sid);
     if (!voip_carrier_sid) {
       logger.info('GET /SmppGateways missing voip_carrier_sid param');
       return res.status(400).json({message: 'missing voip_carrier_sid query param'});

lib/routes/api/speech-credentials.js

@@ -4,8 +4,8 @@ const Account = require('../../models/account');
 const SpeechCredential = require('../../models/speech-credential');
 const sysError = require('../error');
 const {decrypt, encrypt} = require('../../utils/encrypt-decrypt');
-const {parseAccountSid, parseServiceProviderSid, parseSpeechCredentialSid} = require('./utils');
-const {DbErrorUnprocessableRequest, DbErrorForbidden} = require('../../utils/errors');
+const {parseAccountSid, parseServiceProviderSid} = require('./utils');
+const {DbErrorUnprocessableRequest} = require('../../utils/errors');
 const {
   testGoogleTts,
   testGoogleStt,
@@ -17,87 +17,9 @@ const {
   testNuanceStt,
   testNuanceTts,
   testDeepgramStt,
-  testSonioxStt,
   testIbmTts,
   testIbmStt
 } = require('../../utils/speech-utils');
-const {promisePool} = require('../../db');
-
-const validateAdd = async(req) => {
-  const account_sid = parseAccountSid(req);
-  const service_provider_sid = parseServiceProviderSid(req);
-
-  if (service_provider_sid) {
-    if (req.user.hasServiceProviderAuth && service_provider_sid !== req.user.service_provider_sid) {
-      throw new DbErrorForbidden('Insufficient privileges');
-    }
-    if (req.user.hasAccountAuth && service_provider_sid !== req.user.service_provider_sid &&
-      req.body.account_sid !== req.user.account_sid) {
-      throw new DbErrorForbidden('Insufficient privileges');
-    }
-  }
-
-  if (account_sid) {
-    if (req.user.hasAccountAuth && account_sid !== req.user.account_sid) {
-      throw new DbErrorForbidden('Insufficient privileges');
-    }
-
-    const [r] = await promisePool.execute(
-      'SELECT service_provider_sid from accounts WHERE account_sid = ?', [account_sid]
-    );
-
-    if (req.user.hasServiceProviderAuth && r[0].service_provider_sid !== req.user.service_provider_sid) {
-      throw new DbErrorForbidden('Insufficient privileges');
-    }
-  }
-  return;
-};
-
-const validateRetrieveUpdateDelete = async(req, speech_credentials) => {
-  if (req.user.hasServiceProviderAuth && speech_credentials[0].service_provider_sid !== req.user.service_provider_sid) {
-    throw new DbErrorForbidden('Insufficient privileges');
-  }
-
-  if (req.user.hasAccountAuth && speech_credentials[0].account_sid !== req.user.account_sid) {
-    throw new DbErrorForbidden('Insufficient privileges');
-  }
-  return;
-};
-
-const validateRetrieveList = async(req) => {
-  const service_provider_sid = parseServiceProviderSid(req);
-
-  if (service_provider_sid) {
-    if ((req.user.hasServiceProviderAuth || req.user.hasAccountAuth) &&
-     service_provider_sid !== req.user.service_provider_sid) {
-      throw new DbErrorForbidden('Insufficient privileges');
-    }
-  }
-  return;
-};
-
-const validateTest = async(req, speech_credentials) => {
-  if (req.user.hasAdminAuth) {
-    return;
-  }
-
-  if (!req.user.hasAdminAuth && speech_credentials.service_provider_sid !== req.user.service_provider_sid) {
-    throw new DbErrorForbidden('Insufficient privileges');
-  }
-
-  if (speech_credentials.service_provider_sid === req.user.service_provider_sid) {
-    if (req.user.hasServiceProviderAuth) {
-      return;
-    }
-
-    if (req.user.hasAccountAuth && (!speech_credentials.account_sid ||
-       speech_credentials.account_sid === req.user.account_sid)) {
-      return;
-    }
-
-    throw new DbErrorForbidden('Insufficient privileges');
-  }
-};
 
 const obscureKey = (key) => {
   const key_spoiler_length = 6;
@@ -121,8 +43,6 @@ const encryptCredential = (obj) => {
     region,
     client_id,
     secret,
-    nuance_tts_uri,
-    nuance_stt_uri,
     use_custom_tts,
     custom_tts_endpoint,
     use_custom_stt,
@@ -132,10 +52,7 @@ const encryptCredential = (obj) => {
     stt_api_key,
     stt_region,
     riva_server_uri,
-    instance_id,
-    custom_stt_url,
-    custom_tts_url,
-    auth_token = ''
+    instance_id
   } = obj;
 
   switch (vendor) {
@@ -176,10 +93,9 @@ const encryptCredential = (obj) => {
       return encrypt(wsData);
 
     case 'nuance':
-      const checked = (client_id && secret) || (nuance_tts_uri || nuance_stt_uri);
-      assert(checked, 'invalid nuance speech credential: either entered client id and\
-        secret or entered a nuance_tts_uri or nuance_stt_uri');
-      const nuanceData = JSON.stringify({client_id, secret, nuance_tts_uri, nuance_stt_uri});
+      assert(client_id, 'invalid nuance speech credential: client_id is required');
+      assert(secret, 'invalid nuance speech credential: secret is required');
+      const nuanceData = JSON.stringify({client_id, secret});
       return encrypt(nuanceData);
 
     case 'deepgram':
@@ -196,42 +112,28 @@ const encryptCredential = (obj) => {
       const nvidiaData = JSON.stringify({ riva_server_uri });
       return encrypt(nvidiaData);
 
-    case 'soniox':
-      assert(api_key, 'invalid soniox speech credential: api_key is required');
-      const sonioxData = JSON.stringify({api_key});
-      return encrypt(sonioxData);
-
     default:
-      if (vendor.startsWith('custom:')) {
-        const customData = JSON.stringify({auth_token, custom_stt_url, custom_tts_url});
-        return encrypt(customData);
-      }
-      else assert(false, `invalid or missing vendor: ${vendor}`);
+      assert(false, `invalid or missing vendor: ${vendor}`);
   }
 };
 
 router.post('/', async(req, res) => {
   const logger = req.app.locals.logger;
-
-  try {
-    const {
-      use_for_stt,
-      use_for_tts,
-      vendor,
-    } = req.body;
-    const account_sid = req.user.account_sid || req.body.account_sid;
-    const service_provider_sid = req.user.service_provider_sid ||
-    req.body.service_provider_sid || parseServiceProviderSid(req);
-
-    await validateAdd(req);
-
-    if (!account_sid) {
-      if (!req.user.hasServiceProviderAuth && !req.user.hasAdminAuth) {
-        logger.error('POST /SpeechCredentials invalid credentials');
-        return res.sendStatus(403);
-      }
+  const {
+    use_for_stt,
+    use_for_tts,
+    vendor,
+  } = req.body;
+  const account_sid = req.user.account_sid || req.body.account_sid;
+  const service_provider_sid = req.user.service_provider_sid ||
+  req.body.service_provider_sid || parseServiceProviderSid(req);
+  if (!account_sid) {
+    if (!req.user.hasServiceProviderAuth && !req.user.hasAdminAuth) {
+      logger.error('POST /SpeechCredentials invalid credentials');
+      return res.sendStatus(403);
     }
-
+  }
+  try {
     const encrypted_credential = encryptCredential(req.body);
     const uuid = await SpeechCredential.make({
       account_sid,
@@ -251,14 +153,10 @@ router.post('/', async(req, res) => {
  * retrieve all speech credentials for an account
  */
 router.get('/', async(req, res) => {
+  const account_sid = parseAccountSid(req) || req.user.account_sid;
+  const service_provider_sid = parseServiceProviderSid(req) || req.user.service_provider_sid;
   const logger = req.app.locals.logger;
-
   try {
-    const account_sid = parseAccountSid(req) ? parseAccountSid(req) : req.user.account_sid;
-    const service_provider_sid = parseServiceProviderSid(req);
-
-    await validateRetrieveList(req);
-
     const credsAccount = account_sid ? await SpeechCredential.retrieveAll(account_sid) : [];
     const credsSP = service_provider_sid ?
       await SpeechCredential.retrieveAllForSP(service_provider_sid) :
@@ -272,7 +170,6 @@ router.get('/', async(req, res) => {
 
     res.status(200).json(creds.map((c) => {
       const {credential, ...obj} = c;
-
       if ('google' === obj.vendor) {
         const o = JSON.parse(decrypt(credential));
         const key_header = '-----BEGIN PRIVATE KEY-----\n';
@@ -306,7 +203,7 @@ router.get('/', async(req, res) => {
       else if ('nuance' === obj.vendor) {
         const o = JSON.parse(decrypt(credential));
         obj.client_id = o.client_id;
-        obj.secret = o.secret ? obscureKey(o.secret) : null;
+        obj.secret = obscureKey(o.secret);
       }
       else if ('deepgram' === obj.vendor) {
         const o = JSON.parse(decrypt(credential));
@@ -323,25 +220,6 @@ router.get('/', async(req, res) => {
         const o = JSON.parse(decrypt(credential));
         obj.riva_server_uri = o.riva_server_uri;
       }
-      else if ('soniox' === obj.vendor) {
-        const o = JSON.parse(decrypt(credential));
-        obj.api_key = obscureKey(o.api_key);
-      }
-      else if (obj.vendor.startsWith('custom:')) {
-        const o = JSON.parse(decrypt(credential));
-        obj.auth_token = obscureKey(o.auth_token);
-        obj.custom_stt_url = o.custom_stt_url;
-        obj.custom_tts_url = o.custom_tts_url;
-      }
-
-      if (req.user.hasAccountAuth && obj.account_sid === null) {
-        delete obj.api_key;
-        delete obj.secret_access_key;
-        delete obj.secret;
-        delete obj.auth_token;
-        delete obj.stt_api_key;
-        delete obj.tts_api_key;
-      }
       return obj;
     }));
   } catch (err) {
@@ -353,14 +231,11 @@ router.get('/', async(req, res) => {
  * retrieve a specific speech credential
  */
 router.get('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
-    const sid = parseSpeechCredentialSid(req);
     const cred = await SpeechCredential.retrieve(sid);
     if (0 === cred.length) return res.sendStatus(404);
-
-    await validateRetrieveUpdateDelete(req, cred);
-
     const {credential, ...obj} = cred[0];
     if ('google' === obj.vendor) {
       const o = JSON.parse(decrypt(credential));
@@ -393,9 +268,7 @@ router.get('/:sid', async(req, res) => {
     else if ('nuance' === obj.vendor) {
       const o = JSON.parse(decrypt(credential));
       obj.client_id = o.client_id;
-      obj.secret = o.secret ? obscureKey(o.secret) : null;
-      obj.nuance_tts_uri = o.nuance_tts_uri;
-      obj.nuance_stt_uri = o.nuance_stt_uri;
+      obj.secret = obscureKey(o.secret);
     }
     else if ('deepgram' === obj.vendor) {
       const o = JSON.parse(decrypt(credential));
@@ -412,26 +285,6 @@ router.get('/:sid', async(req, res) => {
       const o = JSON.parse(decrypt(credential));
       obj.riva_server_uri = o.riva_server_uri;
     }
-    else if ('soniox' === obj.vendor) {
-      const o = JSON.parse(decrypt(credential));
-      obj.api_key = obscureKey(o.api_key);
-    }
-    else if (obj.vendor.startsWith('custom:')) {
-      const o = JSON.parse(decrypt(credential));
-      obj.auth_token = obscureKey(o.auth_token);
-      obj.custom_stt_url = o.custom_stt_url;
-      obj.custom_tts_url = o.custom_tts_url;
-    }
-
-    if (req.user.hasAccountAuth && obj.account_sid === null) {
-      delete obj.api_key;
-      delete obj.secret_access_key;
-      delete obj.secret;
-      delete obj.auth_token;
-      delete obj.stt_api_key;
-      delete obj.tts_api_key;
-    }
-
     res.status(200).json(obj);
   } catch (err) {
     sysError(logger, res, err);
@@ -442,11 +295,9 @@ router.get('/:sid', async(req, res) => {
  * delete a speech credential
  */
 router.delete('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
-    const sid = parseSpeechCredentialSid(req);
-    const cred = await SpeechCredential.retrieve(sid);
-    await validateRetrieveUpdateDelete(req, cred);
     const count = await SpeechCredential.remove(sid);
     if (0 === count) return res.sendStatus(404);
     res.sendStatus(204);
@@ -460,11 +311,10 @@ router.delete('/:sid', async(req, res) => {
  * update a speech credential -- we only allow use_for_tts and use_for_stt to be updated
  */
 router.put('/:sid', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
-    const sid = parseSpeechCredentialSid(req);
-    const {use_for_tts, use_for_stt, region, aws_region, stt_region, tts_region,
-      riva_server_uri, nuance_tts_uri, nuance_stt_uri} = req.body;
+    const {use_for_tts, use_for_stt, region, aws_region, stt_region, tts_region, riva_server_uri} = req.body;
     if (typeof use_for_tts === 'undefined' && typeof use_for_stt === 'undefined') {
       throw new DbErrorUnprocessableRequest('use_for_tts and use_for_stt are the only updateable fields');
     }
@@ -479,9 +329,6 @@ router.put('/:sid', async(req, res) => {
     /* update the credential if provided */
     try {
       const cred = await SpeechCredential.retrieve(sid);
-
-      await validateRetrieveUpdateDelete(req, cred);
-
       if (1 === cred.length) {
         const {credential, vendor} = cred[0];
         const o = JSON.parse(decrypt(credential));
@@ -503,9 +350,7 @@ router.put('/:sid', async(req, res) => {
           custom_stt_endpoint,
           stt_region,
           tts_region,
-          riva_server_uri,
-          nuance_stt_uri,
-          nuance_tts_uri
+          riva_server_uri
         };
         logger.info({o, newCred}, 'updating speech credential with this new credential');
         obj.credential = encryptCredential(newCred);
@@ -534,15 +379,12 @@ router.put('/:sid', async(req, res) => {
  * Test a credential
  */
 router.get('/:sid/test', async(req, res) => {
+  const sid = req.params.sid;
   const logger = req.app.locals.logger;
   try {
-    const sid = parseSpeechCredentialSid(req);
     const creds = await SpeechCredential.retrieve(sid);
-
     if (!creds || 0 === creds.length) return res.sendStatus(404);
 
-    await validateTest(req, creds[0]);
-
     const cred = creds[0];
     const credential = JSON.parse(decrypt(cred.credential));
     const results = {
@@ -560,8 +402,7 @@ router.get('/:sid/test', async(req, res) => {
 
       if (cred.use_for_tts) {
         try {
-          const {getTtsVoices} = req.app.locals;
-          await testGoogleTts(logger, getTtsVoices, credential);
+          await testGoogleTts(logger, credential);
           results.tts.status = 'ok';
           SpeechCredential.ttsTestResult(sid, true);
         } catch (err) {
@@ -583,9 +424,8 @@ router.get('/:sid/test', async(req, res) => {
     }
     else if (cred.vendor === 'aws') {
       if (cred.use_for_tts) {
-        const {getTtsVoices} = req.app.locals;
         try {
-          await testAwsTts(logger, getTtsVoices, {
+          await testAwsTts(logger, {
             accessKeyId: credential.access_key_id,
             secretAccessKey: credential.secret_access_key,
             region: credential.aws_region || process.env.AWS_REGION
@@ -667,16 +507,13 @@ router.get('/:sid/test', async(req, res) => {
 
       const {
         client_id,
-        secret,
-        nuance_tts_uri,
-        nuance_stt_uri
+        secret
       } = credential;
       if (cred.use_for_tts) {
         try {
           await testNuanceTts(logger, getTtsVoices, {
             client_id,
-            secret,
-            nuance_tts_uri
+            secret
           });
           results.tts.status = 'ok';
           SpeechCredential.ttsTestResult(sid, true);
@@ -691,7 +528,7 @@ router.get('/:sid/test', async(req, res) => {
       }
       if (cred.use_for_stt) {
         try {
-          await testNuanceStt(logger, {client_id, secret, nuance_stt_uri});
+          await testNuanceStt(logger, {client_id, secret});
           results.stt.status = 'ok';
           SpeechCredential.sttTestResult(sid, true);
         } catch (err) {
@@ -746,22 +583,8 @@ router.get('/:sid/test', async(req, res) => {
         }
       }
     }
-    else if (cred.vendor === 'soniox') {
-      const {api_key} = credential;
-      if (cred.use_for_stt) {
-        try {
-          await testSonioxStt(logger, {api_key});
-          results.stt.status = 'ok';
-          SpeechCredential.sttTestResult(sid, true);
-        } catch (err) {
-          results.stt = {status: 'fail', reason: err.message};
-          SpeechCredential.sttTestResult(sid, false);
-        }
-      }
-    }
 
     res.status(200).json(results);
-
   } catch (err) {
     sysError(logger, res, err);
   }

lib/routes/api/system-information.js

@@ -1,14 +0,0 @@
-const router = require('express').Router();
-const SystemInformation = require('../../models/system-information');
-
-router.post('/', async(req, res) => {
-  const sysInfo = await SystemInformation.add(req.body);
-  res.status(201).json(sysInfo);
-});
-
-router.get('/', async(req, res) => {
-  const [sysInfo] = await SystemInformation.retrieveAll();
-  res.status(200).json(sysInfo || {});
-});
-
-module.exports = router;

lib/routes/api/users.js

@@ -1,11 +1,11 @@
 const router = require('express').Router();
 const User = require('../../models/user');
-const {DbErrorBadRequest, BadRequestError, DbErrorForbidden} = require('../../utils/errors');
+const jwt = require('jsonwebtoken');
+const request = require('request');
+const {DbErrorBadRequest} = require('../../utils/errors');
 const {generateHashedPassword, verifyPassword} = require('../../utils/password-utils');
 const {promisePool} = require('../../db');
-const {validatePasswordSettings, parseUserSid} = require('./utils');
 const {decrypt} = require('../../utils/encrypt-decrypt');
-const {cacheClient} = require('../../helpers');
 const sysError = require('../error');
 const retrieveMyDetails = `SELECT * 
 FROM users user
@@ -28,8 +28,7 @@ AND account_subscriptions.pending=0`;
 const updateSql = 'UPDATE users set hashed_password = ?, force_change = false WHERE user_sid = ?';
 const retrieveStaticIps = 'SELECT * FROM account_static_ips WHERE account_sid = ?';
 
-const validateRequest = async(user_sid, req) => {
-  const payload = req.body;
+const validateRequest = async(user_sid, payload) => {
   const {
     old_password,
     new_password,
@@ -38,53 +37,15 @@ const validateRequest = async(user_sid, req) => {
     email,
     email_activation_code,
     force_change,
-    is_active
-  } = payload;
+    is_active} = payload;
 
   const [r] = await promisePool.query(retrieveSql, user_sid);
-  if (r.length === 0) {
-    throw new DbErrorBadRequest('Invalid request: user_sid does not exist');
-  }
+  if (r.length === 0) return null;
   const user = r[0];
 
-  /* it is not allowed for anyone to promote a user to a higher level of authority */
-  if (null === payload.account_sid || null === payload.service_provider_sid) {
-    throw new DbErrorBadRequest('Invalid request: user may not be promoted');
-  }
-
-  if (req.user.hasAccountAuth) {
-    /* account user may not change modify account_sid or service_provider_sid */
-    if ('account_sid' in payload && payload.account_sid !== user.account_sid) {
-      throw new DbErrorBadRequest('Invalid request: user may not be promoted or moved to another account');
-    }
-    if ('service_provider_sid' in payload && payload.service_provider_sid !== user.service_provider_sid) {
-      throw new DbErrorBadRequest('Invalid request: user may not be promoted or moved to another service provider');
-    }
-  }
-  if (req.user.hasServiceProviderAuth) {
-    if ('service_provider_sid' in payload && payload.service_provider_sid !== user.service_provider_sid) {
-      throw new DbErrorBadRequest('Invalid request: user may not be promoted or moved to another service provider');
-    }
-  }
-  if ('account_sid' in payload) {
-    const [r] = await promisePool.query('SELECT * FROM accounts WHERE account_sid = ?', payload.account_sid);
-    if (r.length === 0) throw new DbErrorBadRequest('Invalid request: account_sid does not exist');
-    const {service_provider_sid} = r[0];
-    if (service_provider_sid !== user.service_provider_sid) {
-      throw new DbErrorBadRequest('Invalid request: user may not be moved to another service provider');
-    }
-  }
-
-  if (initial_password) {
-    await validatePasswordSettings(initial_password);
-  }
-
   if ((old_password && !new_password) || (new_password && !old_password)) {
     throw new DbErrorBadRequest('new_password and old_password both required');
   }
-  if (new_password) {
-    await validatePasswordSettings(new_password);
-  }
   if (new_password && name) throw new DbErrorBadRequest('can not change name and password simultaneously');
   if (new_password && user.provider !== 'local') {
     throw new DbErrorBadRequest('can not change password when using oauth2');
@@ -99,62 +60,25 @@ const validateRequest = async(user_sid, req) => {
   return user;
 };
 
-const getActiveAdminUsers = (users) => {
-  return users.filter((e) => !e.account_sid && !e.service_provider_sid && e.is_active);
-};
-
-const ensureUserActionIsAllowed = (req, user) => {
-  if (req.user.hasAdminAuth) {
-    return;
-  }
-
-  if (req.user.hasServiceProviderAuth && req.user.service_provider_sid === user.service_provider_sid) {
-    return;
-  }
-
-  if (req.user.hasAccountAuth && req.user.account_sid === user.account_sid) {
-    return;
-  }
-
-  throw new DbErrorForbidden('insufficient permissions');
-};
-
-const ensureUserDeletionIsAllowed = (req, activeAdminUsers, user) => {
-  try {
-    if (req.user.hasAdminAuth && activeAdminUsers.length === 1 && activeAdminUsers[0].user_sid === user[0].user_sid) {
-      throw new BadRequestError('cannot delete this admin user - there are no other active admin users');
-    }
-
-    ensureUserActionIsAllowed(req, user[0]);
-    return;
-  } catch (error) {
-    throw error;
-  }
-};
-
-const ensureUserRetrievalIsAllowed = (req, user) => {
-  try {
-    ensureUserActionIsAllowed(req, user);
-    return;
-  } catch (error) {
-    throw error;
-  }
-};
-
 router.get('/', async(req, res) => {
   const logger = req.app.locals.logger;
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
 
   let usersList;
   try {
     let results;
-    if (req.user.hasAdminAuth) {
+    if (decodedJwt.scope === 'admin') {
       results = await User.retrieveAll();
     }
-    else if (req.user.hasAccountAuth) {
-      results = await User.retrieveAllForAccount(req.user.account_sid, true);
+    else if (decodedJwt.scope === 'account') {
+      results = await User.retrieveAllForAccount(decodedJwt.account_sid, true);
     }
-    else if (req.user.hasServiceProviderAuth) {
-      results = await User.retrieveAllForServiceProvider(req.user.service_provider_sid, true);
+    else if (decodedJwt.scope === 'service_provider') {
+      results = await User.retrieveAllForServiceProvider(decodedJwt.service_provider_sid, true);
+    }
+    else {
+      throw new DbErrorBadRequest(`invalid scope: ${decodedJwt.scope}`);
     }
 
     if (results.length === 0) throw new Error('failure retrieving users list');
@@ -298,20 +222,24 @@ router.get('/me', async(req, res) => {
 
 router.get('/:user_sid', async(req, res) => {
   const logger = req.app.locals.logger;
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
+  const {user_sid} = req.params;
 
   try {
-    const user_sid = parseUserSid(req);
     const [user] = await User.retrieve(user_sid);
+    // eslint-disable-next-line no-unused-vars
+    const {hashed_password, ...rest} = user;
+    if (!user) throw new Error('failure retrieving user');
 
-    if (!user) {
-      throw new Error('failure retrieving user');
+    if (decodedJwt.scope === 'admin' ||
+    decodedJwt.scope === 'account' && decodedJwt.account_sid === user.account_sid ||
+    decodedJwt.scope === 'service_provider' && decodedJwt.service_provider_sid === user.service_provider_sid) {
+      res.status(200).json(rest);
+    } else {
+      res.sendStatus(403);
     }
 
-    ensureUserRetrievalIsAllowed(req, user);
-
-    // eslint-disable-next-line no-unused-vars
-    const { hashed_password, ...rest } = user;
-    return res.status(200).json(rest);
   } catch (err) {
     sysError(logger, res, err);
   }
@@ -321,7 +249,8 @@ router.put('/:user_sid', async(req, res) => {
   const logger = req.app.locals.logger;
   const {user_sid} = req.params;
   const user = await User.retrieve(user_sid);
-  const {hasAccountAuth, hasServiceProviderAuth, hasAdminAuth} = req.user;
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
   const {
     old_password,
     new_password,
@@ -337,15 +266,15 @@ router.put('/:user_sid', async(req, res) => {
 
   //if (req.user.user_sid && req.user.user_sid !== user_sid) return res.sendStatus(403);
 
-  if (!hasAdminAuth &&
-  !(hasAccountAuth && req.user.account_sid === user[0].account_sid) &&
-  !(hasServiceProviderAuth && req.user.service_provider_sid === user[0].service_provider_sid) &&
+  if (decodedJwt.scope !== 'admin' &&
+  !(decodedJwt.scope === 'account' && decodedJwt.account_sid === user[0].account_sid) &&
+  !(decodedJwt.scope === 'service_provider' && decodedJwt.service_provider_sid === user[0].service_provider_sid) &&
   (req.user.user_sid && req.user.user_sid !== user_sid)) {
     return res.sendStatus(403);
   }
 
   try {
-    const user = await validateRequest(user_sid, req);
+    const user = await validateRequest(user_sid, req.body);
     if (!user) return res.sendStatus(404);
 
     if (new_password) {
@@ -398,8 +327,6 @@ router.put('/:user_sid', async(req, res) => {
         'UPDATE users SET account_sid = ? WHERE user_sid = ?',
         [account_sid, user_sid]);
       if (0 === r.changedRows) throw new Error('database update failed');
-      const redisKey = cacheClient.generateRedisKey('jwt', user_sid, 'v2');
-      await cacheClient.delete(redisKey);
     }
 
     if (service_provider_sid || service_provider_sid === null) {
@@ -407,8 +334,6 @@ router.put('/:user_sid', async(req, res) => {
         'UPDATE users SET service_provider_sid = ? WHERE user_sid = ?',
         [service_provider_sid, user_sid]);
       if (0 === r.changedRows) throw new Error('database update failed');
-      const redisKey = cacheClient.generateRedisKey('jwt', user_sid, 'v2');
-      await cacheClient.delete(redisKey);
     }
 
     if (email) {
@@ -442,46 +367,48 @@ router.post('/', async(req, res) => {
     hashed_password: passwordHash,
   };
   const allUsers = await User.retrieveAll();
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
   delete payload.initial_password;
 
   try {
-    if (req.body.initial_password) {
-      await validatePasswordSettings(req.body.initial_password);
-    }
     const email = allUsers.find((e) => e.email === payload.email);
     const name = allUsers.find((e) => e.name === payload.name);
 
     if (name) {
       logger.debug({payload}, 'user with this username already exists');
-      return res.status(422).json({msg: 'invalid username or email'});
+      return res.status(422).json({msg: 'user with this username already exists'});
     }
 
     if (email) {
       logger.debug({payload}, 'user with this email already exists');
-      return res.status(422).json({msg: 'invalid username or email'});
+      return res.status(422).json({msg: 'user with this email already exists'});
     }
 
-    if (req.user.hasAdminAuth) {
+    if (decodedJwt.scope === 'admin') {
       logger.debug({payload}, 'POST /users');
       const uuid = await User.make(payload);
       res.status(201).json({user_sid: uuid});
     }
-    else if (req.user.hasAccountAuth) {
+    else if (decodedJwt.scope === 'account') {
       logger.debug({payload}, 'POST /users');
       const uuid = await User.make({
         ...payload,
-        account_sid: req.user.account_sid,
+        account_sid: decodedJwt.account_sid,
       });
       res.status(201).json({user_sid: uuid});
     }
-    else if (req.user.hasServiceProviderAuth) {
+    else if (decodedJwt.scope === 'service_provider') {
       logger.debug({payload}, 'POST /users');
       const uuid = await User.make({
         ...payload,
-        service_provider_sid: req.user.service_provider_sid,
+        service_provider_sid: decodedJwt.service_provider_sid,
       });
       res.status(201).json({user_sid: uuid});
     }
+    else {
+      throw new DbErrorBadRequest(`invalid scope: ${decodedJwt.scope}`);
+    }
   } catch (err) {
     sysError(logger, res, err);
   }
@@ -489,24 +416,44 @@ router.post('/', async(req, res) => {
 
 router.delete('/:user_sid', async(req, res) => {
   const logger = req.app.locals.logger;
+  const {user_sid} = req.params;
+  const token = req.user.jwt;
+  const decodedJwt = jwt.verify(token, process.env.JWT_SECRET);
+  const allUsers = await User.retrieveAll();
+  const activeAdminUsers = allUsers.filter((e) => !e.account_sid && !e.service_provider_sid && e.is_active);
+  const user = await User.retrieve(user_sid);
 
   try {
-    const user_sid = parseUserSid(req);
-    const allUsers = await User.retrieveAll();
-    const activeAdminUsers = getActiveAdminUsers(allUsers);
-    const user = allUsers.filter((user) => user.user_sid === user_sid);
+    if (decodedJwt.scope === 'admin' && !user.account_sid && !user.service_provider_sid &&
+     activeAdminUsers.length === 1) {
+      throw new Error('cannot delete this admin user - there are no other active admin users');
+    }
 
-    ensureUserDeletionIsAllowed(req, activeAdminUsers, user);
-    await User.remove(user_sid);
-
-    /* invalidate the jwt of the deleted user */
-    const redisKey = cacheClient.generateRedisKey('jwt', user_sid, 'v2');
-    await cacheClient.delete(redisKey);
-
-    return res.sendStatus(204);
+    if (decodedJwt.scope === 'admin' ||
+    (decodedJwt.scope === 'account' && decodedJwt.account_sid === user[0].account_sid) ||
+    (decodedJwt.scope === 'service_provider' && decodedJwt.service_provider_sid === user[0].service_provider_sid)) {
+      await User.remove(user_sid);
+      //logout user after self-delete
+      if (decodedJwt.user_sid === user_sid) {
+        request({
+          url:'http://localhost:3000/v1/logout',
+          method: 'POST',
+        }, (err) => {
+          if (err) {
+            logger.error(err, 'could not log out user');
+            return res.sendStatus(500);
+          }
+          logger.debug({user}, 'user deleted and logged out');
+        });
+      }
+      return res.sendStatus(204);
+    } else {
+      throw new DbErrorBadRequest(`invalid scope: ${decodedJwt.scope}`);
+    }
   } catch (err) {
     sysError(logger, res, err);
   }
 });
 
+
 module.exports = router;

lib/routes/api/utils.js

@@ -1,10 +1,9 @@
-const { v4: uuid, validate } = require('uuid');
+const { v4: uuid } = require('uuid');
 const bent = require('bent');
 const Account = require('../../models/account');
 const {promisePool} = require('../../db');
 const {cancelSubscription, detachPaymentMethod} = require('../../utils/stripe-utils');
 const freePlans = require('../../utils/free_plans');
-const { BadRequestError, DbErrorBadRequest } = require('../../utils/errors');
 const insertAccountSubscriptionSql = `INSERT INTO account_subscriptions 
 (account_subscription_sid, account_sid) 
 values (?, ?)`;
@@ -138,179 +137,39 @@ const createTestAlerts = async(writeAlerts, AlertType, account_sid) => {
 
 };
 
-const validateSid = (model, req) => {
-  const arr = new RegExp(`${model}\/([^\/]*)`).exec(req.originalUrl);
-
-  if (arr) {
-    const sid = arr[1];
-    const sid_validation = validate(sid);
-    if (!sid_validation) {
-      throw new BadRequestError(`invalid ${model}Sid format`);
-    }
-
-    return arr[1];
-  }
-
-  return;
-};
-
 const parseServiceProviderSid = (req) => {
-  try {
-    return validateSid('ServiceProviders', req);
-  } catch (error) {
-    throw error;
-  }
+  const arr = /ServiceProviders\/([^\/]*)/.exec(req.originalUrl);
+  if (arr) return arr[1];
 };
 
 const parseAccountSid = (req) => {
-  try {
-    return validateSid('Accounts', req);
-  } catch (error) {
-    throw error;
-  }
+  const arr = /Accounts\/([^\/]*)/.exec(req.originalUrl);
+  if (arr) return arr[1];
 };
 
-const parseApplicationSid = (req) => {
-  try {
-    return validateSid('Applications', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parseCallSid = (req) => {
-  try {
-    return validateSid('Calls', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parsePhoneNumberSid = (req) => {
-  try {
-    return validateSid('PhoneNumbers', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parseSpeechCredentialSid = (req) => {
-  try {
-    return validateSid('SpeechCredentials', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parseVoipCarrierSid = (req) => {
-  try {
-    return validateSid('VoipCarriers', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parseWebhookSid = (req) => {
-  try {
-    return validateSid('Webhooks', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parseSipGatewaySid = (req) => {
-  try {
-    return validateSid('SipGateways', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parseUserSid = (req) => {
-  try {
-    return validateSid('Users', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const parseLcrSid = (req) => {
-  try {
-    return validateSid('Lcrs', req);
-  } catch (error) {
-    throw error;
-  }
-};
-
-const hasAccountPermissions = async(req, res, next) => {
-  try {
-    if (req.user.hasScope('admin')) {
-      return next();
-    }
-
-    if (req.user.hasScope('service_provider')) {
-      const service_provider_sid = parseServiceProviderSid(req);
-      const account_sid = parseAccountSid(req);
-      if (service_provider_sid) {
-        if (service_provider_sid === req.user.service_provider_sid) {
-          return next();
-        }
-      }
-      if (account_sid) {
-        const [r] = await Account.retrieve(account_sid);
-        if (r && r.service_provider_sid === req.user.service_provider_sid) {
-          return next();
-        }
-      }
-    }
-
-    if (req.user.hasScope('account')) {
-      const account_sid = parseAccountSid(req);
-      const service_provider_sid = parseServiceProviderSid(req);
-      const [r] = await Account.retrieve(account_sid);
-
-      if (account_sid) {
-        if (r && r.account_sid === req.user.account_sid) {
-          return next();
-        }
-      }
-
-      if (service_provider_sid) {
-        if (r && r.service_provider_sid === req.user.service_provider_sid) {
-          return next();
-        }
-      }
-    }
-
-    res.status(403).json({
-      status: 'fail',
-      message: 'insufficient privileges'
-    });
-  } catch (error) {
-    throw error;
+const hasAccountPermissions = (req, res, next) => {
+  if (req.user.hasScope('admin')) return next();
+  if (req.user.hasScope('service_provider')) return next();
+  if (req.user.hasScope('account')) {
+    const account_sid = parseAccountSid(req);
+    if (account_sid === req.user.account_sid) return next();
   }
+  res.status(403).json({
+    status: 'fail',
+    message: 'insufficient privileges'
+  });
 };
 
 const hasServiceProviderPermissions = (req, res, next) => {
-  try {
-    if (req.user.hasScope('admin')) {
-      return next();
-    }
-
-    if (req.user.hasScope('service_provider')) {
-      const service_provider_sid = parseServiceProviderSid(req);
-      if (service_provider_sid === req.user.service_provider_sid) {
-        return next();
-      }
-    }
-
-    res.status(403).json({
-      status: 'fail',
-      message: 'insufficient privileges'
-    });
-  } catch (error) {
-    throw error;
+  if (req.user.hasScope('admin')) return next();
+  if (req.user.hasScope('service_provider')) {
+    const service_provider_sid = parseServiceProviderSid(req);
+    if (service_provider_sid === req.user.service_provider_sid) return next();
   }
+  res.status(403).json({
+    status: 'fail',
+    message: 'insufficient privileges'
+  });
 };
 
 const checkLimits = async(req, res, next) => {
@@ -415,50 +274,15 @@ const disableSubspace = async(opts) => {
   return;
 };
 
-const validatePasswordSettings = async(password) => {
-  const sql = 'SELECT * from password_settings';
-  const [rows] = await promisePool.execute(sql);
-  const specialChars = /[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]+/;
-  const numbers = /[0-9]+/;
-  if (rows.length === 0) {
-    if (password.length < 8 || password.length > 20) {
-      throw new DbErrorBadRequest('password length must be between 8 and 20');
-    }
-  } else {
-    if (rows[0].min_password_length && password.length < rows[0].min_password_length) {
-      throw new DbErrorBadRequest(`password must be at least ${rows[0].min_password_length} characters long`);
-    }
-
-    if (rows[0].require_digit === 1 && !numbers.test(password)) {
-      throw new DbErrorBadRequest('password must contain at least one digit');
-    }
-
-    if (rows[0].require_special_character === 1 && !specialChars.test(password)) {
-      throw new DbErrorBadRequest('password must contain at least one special character');
-    }
-  }
-  return;
-};
-
 module.exports = {
   setupFreeTrial,
   createTestCdrs,
   createTestAlerts,
   parseAccountSid,
-  parseApplicationSid,
-  parseCallSid,
-  parsePhoneNumberSid,
   parseServiceProviderSid,
-  parseSpeechCredentialSid,
-  parseVoipCarrierSid,
-  parseWebhookSid,
-  parseSipGatewaySid,
-  parseUserSid,
-  parseLcrSid,
   hasAccountPermissions,
   hasServiceProviderPermissions,
   checkLimits,
   enableSubspace,
-  disableSubspace,
-  validatePasswordSettings
+  disableSubspace
 };

lib/routes/api/voip-carriers.js

@@ -4,7 +4,6 @@ const VoipCarrier = require('../../models/voip-carrier');
 const {promisePool} = require('../../db');
 const decorate = require('./decorate');
 const sysError = require('../error');
-const { parseVoipCarrierSid } = require('./utils');
 
 const validate = async(req) => {
   const {lookupAppBySid, lookupAccountBySid} = req.app.locals;
@@ -74,14 +73,7 @@ decorate(router, VoipCarrier, ['add', 'update', 'delete'], preconditions);
 router.get('/', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const results = req.user.hasAdminAuth ?
-      await VoipCarrier.retrieveAll(req.user.hasAccountAuth ? req.user.account_sid : null) :
-      await VoipCarrier.retrieveAllForSP(req.user.service_provider_sid);
-
-    if (req.user.hasScope('account')) {
-      return res.status(200).json(results.filter((c) => c.account_sid === req.user.account_sid || !c.account_sid));
-    }
-
+    const results = await VoipCarrier.retrieveAll(req.user.hasAccountAuth ? req.user.account_sid : null);
     res.status(200).json(results);
   } catch (err) {
     sysError(logger, res, err);
@@ -92,24 +84,9 @@ router.get('/', async(req, res) => {
 router.get('/:sid', async(req, res) => {
   const logger = req.app.locals.logger;
   try {
-    const sid = parseVoipCarrierSid(req);
     const account_sid = req.user.hasAccountAuth ? req.user.account_sid : null;
-    const results = await VoipCarrier.retrieve(sid, account_sid);
+    const results = await VoipCarrier.retrieve(req.params.sid, account_sid);
     if (results.length === 0) return res.status(404).end();
-    const ret = results[0];
-    ret.register_status = JSON.parse(ret.register_status || '{}');
-
-    if (req.user.hasServiceProviderAuth && results.length === 1) {
-      if (results.length === 1 && results[0].service_provider_sid !== req.user.service_provider_sid) {
-        throw new DbErrorBadRequest('insufficient privileges');
-      }
-    }
-    if (req.user.hasAccountAuth && results.length === 1) {
-      if (results.length === 1 && results[0].account_sid !== req.user.account_sid) {
-        throw new DbErrorBadRequest('insufficient privileges');
-      }
-    }
-
     return res.status(200).json(results[0]);
   }
   catch (err) {

lib/routes/api/webhooks.js

@@ -2,37 +2,15 @@ const router = require('express').Router();
 const Webhook = require('../../models/webhook');
 const decorate = require('./decorate');
 const sysError = require('../error');
-const {DbErrorForbidden} = require('../../utils/errors');
-const { parseWebhookSid } = require('./utils');
-const {promisePool} = require('../../db');
 
 decorate(router, Webhook, ['add']);
 
 /* retrieve */
 router.get('/:sid', async(req, res) => {
   const logger = req.app.locals.logger;
-
   try {
-    const sid = parseWebhookSid(req);
-    const results = await Webhook.retrieve(sid);
-
+    const results = await Webhook.retrieve(req.params.sid);
     if (results.length === 0) return res.status(404).end();
-
-    if (req.user.hasAccountAuth) {
-      /* can only update carriers for the user's account */
-      if (results[0].account_sid !== req.user.account_sid) {
-        throw new DbErrorForbidden('insufficient privileges');
-      }
-    }
-    if (req.user.hasServiceProviderAuth) {
-      const [r] = await promisePool.execute(
-        'SELECT service_provider_sid from accounts WHERE account_sid = ?', [results[0].account_sid]
-      );
-      if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) {
-        return;
-      }
-      throw new DbErrorForbidden('insufficient permissions');
-    }
     return res.status(200).json(results[0]);
   }
   catch (err) {

lib/routes/error.js

@@ -1,15 +1,6 @@
-const {
-  BadRequestError,
-  DbErrorBadRequest,
-  DbErrorUnprocessableRequest,
-  DbErrorForbidden
-} = require('../utils/errors');
+const {DbErrorBadRequest, DbErrorUnprocessableRequest, DbErrorForbidden} = require('../utils/errors');
 
 function sysError(logger, res, err) {
-  if (err instanceof BadRequestError) {
-    logger.info(err, err.message);
-    return res.status(400).json({msg: 'Bad request'});
-  }
   if (err instanceof DbErrorBadRequest) {
     logger.info(err, 'invalid client request');
     return res.status(400).json({msg: err.message});

lib/utils/email-utils.js

@@ -1,7 +1,6 @@
 const formData = require('form-data');
 const Mailgun = require('mailgun.js');
 const mailgun = new Mailgun(formData);
-const bent = require('bent');
 const validateEmail = (email) => {
   // eslint-disable-next-line max-len
   const re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
@@ -9,44 +8,6 @@ const validateEmail = (email) => {
 };
 
 const emailSimpleText = async(logger, to, subject, text) => {
-  const from = 'jambonz Support <support@jambonz.org>';
-  if (process.env.CUSTOM_EMAIL_VENDOR_URL) {
-    await sendEmailByCustomVendor(logger, from, to, subject, text);
-  } else {
-    await sendEmailByMailgun(logger, from, to, subject, text);
-  }
-
-};
-
-const sendEmailByCustomVendor = async(logger, from, to, subject, text) => {
-  try {
-    const post = bent('POST', {
-      'Content-Type': 'application/json',
-      ...((process.env.CUSTOM_EMAIL_VENDOR_USERNAME && process.env.CUSTOM_EMAIL_VENDOR_PASSWORD) &&
-        ({
-          'Authorization':`Basic ${Buffer.from(
-            `${process.env.CUSTOM_EMAIL_VENDOR_USERNAME}:${process.env.CUSTOM_EMAIL_VENDOR_PASSWORD}`
-          ).toString('base64')}`
-        }))
-    });
-
-    const res = await post(process.env.CUSTOM_EMAIL_VENDOR_URL, {
-      from,
-      to,
-      subject,
-      text
-    });
-    logger.debug({
-      res
-    }, 'sent email to custom vendor.');
-  } catch (err) {
-    logger.info({
-      err
-    }, 'Error sending email From Custom email vendor');
-  }
-};
-
-const sendEmailByMailgun = async(logger, from, to, subject, text) => {
   const mg = mailgun.client({
     username: 'api',
     key: process.env.MAILGUN_API_KEY
@@ -56,18 +17,14 @@ const sendEmailByMailgun = async(logger, from, to, subject, text) => {
 
   try {
     const res = await mg.messages.create(process.env.MAILGUN_DOMAIN, {
-      from,
+      from: 'jambonz Support <support@jambonz.org>',
       to,
       subject,
       text
     });
-    logger.debug({
-      res
-    }, 'sent email');
+    logger.debug({res}, 'sent email');
   } catch (err) {
-    logger.info({
-      err
-    }, 'Error sending email From mailgun');
+    logger.info({err}, 'Error sending email');
   }
 };
 

lib/utils/encrypt-decrypt.js

@@ -2,9 +2,9 @@ const crypto = require('crypto');
 const algorithm = process.env.LEGACY_CRYPTO ? 'aes-256-ctr' : 'aes-256-cbc';
 const iv = crypto.randomBytes(16);
 const secretKey = crypto.createHash('sha256')
-  .update(process.env.ENCRYPTION_SECRET || process.env.JWT_SECRET)
+  .update(String(process.env.JWT_SECRET))
   .digest('base64')
-  .substring(0, 32);
+  .substr(0, 32);
 
 const encrypt = (text) => {
   const cipher = crypto.createCipheriv(algorithm, secretKey, iv);

lib/utils/errors.js

@@ -1,9 +1,3 @@
-class BadRequestError extends Error {
-  constructor(msg) {
-    super(msg);
-  }
-}
-
 class DbError extends Error {
   constructor(msg) {
     super(msg);
@@ -29,7 +23,6 @@ class DbErrorForbidden extends DbError {
 }
 
 module.exports = {
-  BadRequestError,
   DbError,
   DbErrorBadRequest,
   DbErrorUnprocessableRequest,

lib/utils/homer-utils.js

@@ -39,17 +39,11 @@ const getHomerSipTrace = async(logger, apiKey, callId) => {
     const obj = await postJSON('/api/v3/call/transaction', {
       param: {
         transaction: {
-          call: true,
-          registration: true,
-          rest: false
+          call: true
         },
-        orlogic: true,
         search: {
           '1_call': {
             callid: [callId]
-          },
-          '1_registration': {
-            callid: [callId]
           }
         },
       },
@@ -73,17 +67,11 @@ const getHomerPcap = async(logger, apiKey, callIds) => {
     const stream = await postPcap('/api/v3/export/call/messages/pcap', {
       param: {
         transaction: {
-          call: true,
-          registration: true,
-          rest: false
+          call: true
         },
-        orlogic: true,
         search: {
           '1_call': {
             callid: callIds
-          },
-          '1_registration': {
-            callid: callIds
           }
         },
       },

lib/utils/jaeger-utils.js

@@ -1,18 +0,0 @@
-const bent = require('bent');
-const getJSON = bent(process.env.JAEGER_BASE_URL || 'http://127.0.0.1', 'GET', 'json', 200);
-
-const getJaegerTrace = async(logger, traceId) => {
-  if (!process.env.JAEGER_BASE_URL) {
-    logger.debug('getJaegerTrace: jaeger integration not installed');
-    return null;
-  }
-  try {
-    return await getJSON(`/api/v3/traces/${traceId}`);
-  } catch (err) {
-    logger.error({err}, `getJaegerTrace: Error retrieving spans for traceId ${traceId}`);
-  }
-};
-
-module.exports = {
-  getJaegerTrace
-};

lib/utils/jambonz-app-json-validation.js

@@ -0,0 +1,112 @@
+const {DbErrorBadRequest} = require('../utils/errors');
+const assert = require('assert');
+const _specData = require('./specs');
+const specs = new Map();
+for (const key in _specData) { specs.set(key, _specData[key]); }
+
+function normalizeJambones(logger, obj) {
+  if (!Array.isArray(obj)) throw new DbErrorBadRequest('malformed jambonz payload: must be array');
+  const document = [];
+  for (const tdata of obj) {
+    if (typeof tdata !== 'object') throw new DbErrorBadRequest('malformed jambonz payload: must be array of objects');
+    if ('verb' in tdata) {
+      // {verb: 'say', text: 'foo..bar'..}
+      const name = tdata.verb;
+      const o = {};
+      Object.keys(tdata)
+        .filter((k) => k !== 'verb')
+        .forEach((k) => o[k] = tdata[k]);
+      const o2 = {};
+      o2[name] = o;
+      document.push(o2);
+    }
+    else if (Object.keys(tdata).length === 1) {
+      // {'say': {..}}
+      document.push(tdata);
+    }
+    else {
+      logger.info(tdata, 'malformed jambonz payload: missing verb property');
+      throw new DbErrorBadRequest('malformed jambonz payload: missing verb property');
+    }
+  }
+  logger.debug({ document }, `normalizeJambones: returning document with ${document.length} tasks`);
+  return document;
+}
+
+function validate(logger, obj) {
+  normalizeJambones(logger, obj).map((tdata) => {
+    const keys = Object.keys(tdata);
+    const name = keys[0];
+    const data = tdata[name];
+    validateVerb(name, data, logger);
+  });
+}
+
+function validateVerb(name, data, logger) {
+  logger.debug(`validating ${name} with data ${JSON.stringify(data)}`);
+  // validate the instruction is supported
+  if (!specs.has(name)) throw new DbErrorBadRequest(`invalid instruction: ${name}`);
+
+  // check type of each element and make sure required elements are present
+  const specData = specs.get(name);
+  let required = specData.required || [];
+  for (const dKey in data) {
+    if (dKey in specData.properties) {
+      const dVal = data[dKey];
+      const dSpec = specData.properties[dKey];
+      logger.debug(`Task:validate validating property ${dKey} with value ${JSON.stringify(dVal)}`);
+
+      if (typeof dSpec === 'string' && dSpec === 'array') {
+        if (!Array.isArray(dVal)) throw new DbErrorBadRequest(`${name}: property ${dKey} is not an array`);
+      }
+      else if (typeof dSpec === 'string' && dSpec.includes('|')) {
+        const types = dSpec.split('|').map((t) => t.trim());
+        if (!types.includes(typeof dVal) && !(types.includes('array') && Array.isArray(dVal))) {
+          throw new DbErrorBadRequest(`${name}: property ${dKey} has invalid data type, must be one of ${types}`);
+        }
+      }
+      else if (typeof dSpec === 'string' && ['number', 'string', 'object', 'boolean'].includes(dSpec)) {
+        // simple types
+        if (typeof dVal !== specData.properties[dKey]) {
+          throw new DbErrorBadRequest(`${name}: property ${dKey} has invalid data type`);
+        }
+      }
+      else if (Array.isArray(dSpec) && dSpec[0].startsWith('#')) {
+        const name = dSpec[0].slice(1);
+        for (const item of dVal) {
+          validate(name, item);
+        }
+      }
+      else if (typeof dSpec === 'object') {
+        // complex types
+        const type = dSpec.type;
+        assert.ok(['number', 'string', 'object', 'boolean'].includes(type),
+          `invalid or missing type in spec ${JSON.stringify(dSpec)}`);
+        if (type === 'string' && dSpec.enum) {
+          assert.ok(Array.isArray(dSpec.enum), `enum must be an array ${JSON.stringify(dSpec.enum)}`);
+          if (!dSpec.enum.includes(dVal)) {
+            throw new DbErrorBadRequest(`invalid value ${dVal} must be one of ${dSpec.enum}`);
+          }
+        }
+      }
+      else if (typeof dSpec === 'string' && dSpec.startsWith('#')) {
+        // reference to another datatype (i.e. nested type)
+        const name = dSpec.slice(1);
+        //const obj = {};
+        //obj[name] = dVal;
+        validate(name, dVal);
+      }
+      else {
+        assert.ok(0, `invalid spec ${JSON.stringify(dSpec)}`);
+      }
+      required = required.filter((item) => item !== dKey);
+    }
+    else if (dKey === '_') {
+      /* no op: allow arbitrary info to be carried here, used by conference e.g in transfer */
+    }
+    else throw new DbErrorBadRequest(`${name}: unknown property ${dKey}`);
+  }
+  if (required.length > 0) throw new DbErrorBadRequest(`${name}: missing value for ${required}`);
+}
+
+module.exports = validate;

lib/utils/password-utils.js

@@ -1,19 +1,18 @@
 const crypto = require('crypto');
-const argon2 = require('argon2');
+const { argon2i } = require('argon2-ffi');
 const util = require('util');
 
-const { argon2i } = argon2;
-
 const getRandomBytes = util.promisify(crypto.randomBytes);
 
 const generateHashedPassword = async(password) => {
   const salt = await getRandomBytes(32);
-  const passwordHash = await argon2.hash(password, { type: argon2i, salt });
+  const passwordHash =  await argon2i.hash(password, salt);
   return passwordHash;
 };
 
-const verifyPassword = (passwordHash, password) => {
-  return argon2.verify(passwordHash, password);
+const verifyPassword = async(passwordHash, password) => {
+  const isCorrect = await argon2i.verify(passwordHash, password);
+  return isCorrect;
 };
 
 const hashString = (s) => crypto.createHash('md5').update(s).digest('hex');

lib/utils/specs.json

@@ -0,0 +1,759 @@
+{
+  "sip:decline": {
+    "properties": {
+      "id": "string",
+      "status": "number",
+      "reason": "string",
+      "headers": "object"
+    },
+    "required": [
+      "status"
+    ]
+  },
+  "sip:request": {
+    "properties": {
+      "id": "string",
+      "method": "string",
+      "body": "string",
+      "headers": "object",
+      "actionHook": "object|string"
+    },
+    "required": [
+      "method"
+    ]
+  },
+  "sip:refer": {
+    "properties": {
+      "id": "string",
+      "referTo": "string",
+      "referredBy": "string",
+      "headers": "object",
+      "actionHook": "object|string",
+      "eventHook": "object|string"
+    },
+    "required": [
+      "referTo"
+    ]
+  },
+  "config": {
+    "properties": {
+      "id": "string",
+      "synthesizer": "#synthesizer",
+      "recognizer": "#recognizer",
+      "bargeIn": "#bargeIn",
+      "record": "#recordOptions",
+      "amd": "#amd",
+      "notifyEvents": "boolean"
+    },
+    "required": []
+  },
+  "bargeIn": {
+    "properties": {
+      "enable": "boolean",
+      "sticky": "boolean",
+      "actionHook": "object|string",
+      "input": "array",
+      "finishOnKey": "string",
+      "numDigits": "number",
+      "minDigits": "number",
+      "maxDigits": "number",
+      "interDigitTimeout": "number",
+      "dtmfBargein": "boolean",
+      "minBargeinWordCount": "number"
+    },
+    "required": [
+      "enable"
+    ]
+  },
+  "dequeue": {
+    "properties": {
+      "id": "string",
+      "name": "string",
+      "actionHook": "object|string",
+      "timeout": "number",
+      "beep": "boolean"
+    },
+    "required": [
+      "name"
+    ]
+  },
+  "enqueue": {
+    "properties": {
+      "id": "string",
+      "name": "string",
+      "actionHook": "object|string",
+      "waitHook": "object|string",
+      "_": "object"
+    },
+    "required": [
+      "name"
+    ]
+  },
+  "leave": {
+    "properties": {
+      "id": "string"
+    }
+  },
+  "hangup": {
+    "properties": {
+      "id": "string",
+      "headers": "object"
+    },
+    "required": [
+    ]
+  },
+  "play": {
+    "properties": {
+      "id": "string",
+      "url": "string|array",
+      "loop": "number|string",
+      "earlyMedia": "boolean",
+      "seekOffset": "number|string",
+      "timeoutSecs": "number|string",
+      "actionHook": "object|string"
+    },
+    "required": [
+      "url"
+    ]
+  },
+  "say": {
+    "properties": {
+      "id": "string",
+      "text": "string|array",
+      "loop": "number|string",
+      "synthesizer": "#synthesizer",
+      "earlyMedia": "boolean",
+      "disableTtsCache": "boolean"
+    },
+    "required": [
+      "text"
+    ]
+  },
+  "gather": {
+    "properties": {
+      "id": "string",
+      "actionHook": "object|string",
+      "finishOnKey": "string",
+      "input": "array",
+      "numDigits": "number",
+      "minDigits": "number",
+      "maxDigits": "number",
+      "interDigitTimeout": "number",
+      "partialResultHook": "object|string",
+      "speechTimeout": "number",
+      "listenDuringPrompt": "boolean",
+      "dtmfBargein": "boolean",
+      "bargein": "boolean",
+      "minBargeinWordCount": "number",
+      "timeout": "number",
+      "recognizer": "#recognizer",
+      "play": "#play",
+      "say": "#say"
+    },
+    "required": [
+    ]
+  },
+  "conference": {
+    "properties": {
+      "id": "string",
+      "name": "string",
+      "beep": "boolean",
+      "startConferenceOnEnter": "boolean",
+      "endConferenceOnExit": "boolean",
+      "maxParticipants": "number",
+      "joinMuted": "boolean",
+      "actionHook": "object|string",
+      "waitHook": "object|string",
+      "statusEvents": "array",
+      "statusHook": "object|string",
+      "enterHook": "object|string",
+      "record": "#record"
+    },
+    "required": [
+      "name"
+    ]
+  },
+  "dial": {
+    "properties": {
+      "id": "string",
+      "actionHook": "object|string",
+      "answerOnBridge": "boolean",
+      "callerId": "string",
+      "confirmHook": "object|string",
+      "referHook": "object|string",
+      "dialMusic": "string",
+      "dtmfCapture": "object",
+      "dtmfHook": "object|string",
+      "headers": "object",
+      "listen": "#listen",
+      "target": ["#target"],
+      "timeLimit": "number",
+      "timeout": "number",
+      "proxy": "string",
+      "transcribe": "#transcribe",
+      "amd": "#amd"
+    },
+    "required": [
+      "target"
+    ]
+  },
+  "dialogflow": {
+    "properties": {
+      "id": "string",
+      "credentials": "object|string",
+      "project": "string",
+      "environment": "string",
+      "region": {
+        "type": "string",
+        "enum": ["europe-west1", "europe-west2", "australia-southeast1", "asia-northeast1"]
+      },
+      "lang": "string",
+      "actionHook": "object|string",
+      "eventHook": "object|string",
+      "events": "[string]",
+      "welcomeEvent": "string",
+      "welcomeEventParams": "object",
+      "noInputTimeout": "number",
+      "noInputEvent": "string",
+      "passDtmfAsTextInput": "boolean",
+      "thinkingMusic": "string",
+      "tts": "#synthesizer",
+      "bargein": "boolean"
+    },
+    "required": [
+      "project",
+      "credentials",
+      "lang"
+    ]
+  },
+  "dtmf": {
+    "properties": {
+      "id": "string",
+      "dtmf": "string",
+      "duration": "number"
+    },
+    "required": [
+      "dtmf"
+    ]
+  },
+  "lex": {
+    "properties": {
+      "id": "string",
+      "botId": "string",
+      "botAlias": "string",
+      "credentials": "object",
+      "region": "string",
+      "locale": "string",
+      "intent": "#lexIntent",
+      "welcomeMessage": "string",
+      "metadata": "object",
+      "bargein": "boolean",
+      "passDtmf": "boolean",
+      "actionHook": "object|string",
+      "eventHook": "object|string",
+      "noInputTimeout": "number",
+      "tts": "#synthesizer"
+    },
+    "required": [
+      "botId",
+      "botAlias",
+      "region",
+      "credentials"
+    ]
+  },
+  "listen": {
+    "properties": {
+      "id": "string",
+      "actionHook": "object|string",
+      "auth": "#auth",
+      "finishOnKey": "string",
+      "maxLength": "number",
+      "metadata": "object",
+      "mixType": {
+        "type": "string",
+        "enum": ["mono", "stereo", "mixed"]
+      },
+      "passDtmf": "boolean",
+      "playBeep": "boolean",
+      "sampleRate": "number",
+      "timeout": "number",
+      "transcribe": "#transcribe",
+      "url": "string",
+      "wsAuth": "#auth",
+      "earlyMedia": "boolean"
+    },
+    "required": [
+      "url"
+    ]
+  },
+  "message": {
+    "properties": {
+      "id": "string",
+      "carrier": "string",
+      "account_sid": "string",
+      "message_sid": "string",
+      "to": "string",
+      "from": "string",
+      "text": "string",
+      "media": "string|array",
+      "actionHook": "object|string"
+    },
+    "required": [
+      "to",
+      "from"
+    ]
+  },
+  "pause": {
+    "properties": {
+      "id": "string",
+      "length": "number"
+    },
+    "required": [
+      "length"
+    ]
+  },
+  "rasa": {
+    "properties": {
+      "id": "string",
+      "url": "string",
+      "recognizer": "#recognizer",
+      "tts": "#synthesizer",
+      "prompt": "string",
+      "actionHook": "object|string",
+      "eventHook": "object|string"
+    },
+    "required": [
+      "url"
+    ]
+  },
+  "record": {
+    "properties": {
+      "path": "string"
+    },
+    "required": [
+      "path"
+    ]
+  },
+  "recordOptions": {
+    "properties": {
+      "action": {
+        "type": "string",
+        "enum": ["startCallRecording", "stopCallRecording", "pauseCallRecording", "resumeCallRecording"]
+      },
+      "recordingID": "string",
+      "siprecServerURL": "string"
+    },
+    "required": [
+      "action"
+    ]
+  },
+  "redirect": {
+    "properties": {
+      "id": "string",
+      "actionHook": "object|string"
+    },
+    "required": [
+      "actionHook"
+    ]
+  },
+  "rest:dial": {
+    "properties": {
+      "id": "string",
+      "account_sid": "string",
+      "application_sid": "string",
+      "call_hook": "object|string",
+      "call_status_hook": "object|string",
+      "from": "string",
+      "fromHost": "string",
+      "speech_synthesis_vendor": "string",
+      "speech_synthesis_voice": "string",
+      "speech_synthesis_language": "string",
+      "speech_recognizer_vendor": "string",
+      "speech_recognizer_language": "string",
+      "tag": "object",
+      "to": "#target",
+      "headers": "object",
+      "timeout": "number"
+    },
+    "required": [
+      "call_hook",
+      "from",
+      "to"
+    ]
+  },
+  "tag": {
+    "properties": {
+      "id": "string",
+      "data": "object"
+    },
+    "required": [
+      "data"
+    ]
+  },
+  "transcribe": {
+    "properties": {
+      "id": "string",
+      "transcriptionHook": "string",
+      "recognizer": "#recognizer",
+      "earlyMedia": "boolean"
+    },
+    "required": [
+      "recognizer"
+    ]
+  },
+  "target": {
+    "properties": {
+      "type": {
+        "type": "string",
+        "enum": ["phone", "sip", "user", "teams"]
+      },
+      "confirmHook": "object|string",
+      "method": {
+        "type": "string",
+        "enum": ["GET", "POST"]
+      },
+      "headers": "object",
+      "from": "#dialFrom",
+      "name": "string",
+      "number": "string",
+      "sipUri": "string",
+      "auth": "#auth",
+      "vmail": "boolean",
+      "tenant": "string",
+      "trunk": "string",
+      "overrideTo": "string"
+    },
+    "required": [
+      "type"
+    ]
+  },
+  "dialFrom": {
+    "properties": {
+      "user": "string",
+      "host": "string"
+    },
+    "required": [
+    ]
+  },
+  "auth": {
+    "properties": {
+      "username": "string",
+      "password": "string"
+    },
+    "required": [
+      "username",
+      "password"
+    ]
+  },
+  "synthesizer": {
+    "properties": {
+      "vendor": {
+        "type": "string",
+        "enum": ["google", "aws", "polly", "microsoft", "nuance", "ibm", "default"]
+      },
+      "language": "string",
+      "voice": "string",
+      "engine": {
+        "type": "string",
+        "enum": ["standard", "neural"]
+      },
+      "gender": {
+        "type": "string",
+        "enum": ["MALE", "FEMALE", "NEUTRAL"]
+      }
+    },
+    "required": [
+      "vendor"
+    ]
+  },
+  "recognizer": {
+    "properties": {
+      "vendor": {
+        "type": "string",
+        "enum": ["google", "aws", "microsoft", "nuance", "deepgram", "ibm", "default"]
+      },
+      "language": "string",
+      "vad": "#vad",
+      "hints": "array",
+      "hintsBoost": "number",
+      "altLanguages": "array",
+      "profanityFilter": "boolean",
+      "interim": "boolean",
+      "singleUtterance": "boolean",
+      "dualChannel": "boolean",
+      "separateRecognitionPerChannel": "boolean",
+      "punctuation": "boolean",
+      "enhancedModel": "boolean",
+      "words": "boolean",
+      "diarization": "boolean",
+      "diarizationMinSpeakers": "number",
+      "diarizationMaxSpeakers": "number",
+      "interactionType": {
+        "type": "string",
+        "enum": [
+          "unspecified",
+          "discussion",
+          "presentation",
+          "phone_call",
+          "voicemail",
+          "voice_search",
+          "voice_command",
+          "dictation"
+        ]
+      },
+      "naicsCode": "number",
+      "identifyChannels": "boolean",
+      "vocabularyName": "string",
+      "vocabularyFilterName": "string",
+      "filterMethod": {
+        "type": "string",
+        "enum": [
+          "remove",
+          "mask",
+          "tag"
+        ]
+      },
+      "model": "string",
+      "outputFormat": {
+        "type": "string",
+        "enum": [
+          "simple",
+          "detailed"
+        ]
+      },
+      "profanityOption": {
+        "type": "string",
+        "enum": [
+          "masked",
+          "removed",
+          "raw"
+        ]
+      },
+      "requestSnr": "boolean",
+      "initialSpeechTimeoutMs": "number",
+      "azureServiceEndpoint": "string",
+      "azureSttEndpointId": "string",
+      "asrDtmfTerminationDigit": "string",
+      "asrTimeout": "number",
+      "nuanceOptions": "#nuanceOptions",
+      "deepgramOptions": "#deepgramOptions",
+      "ibmOptions": "#ibmOptions"
+    },
+    "required": [
+      "vendor"
+    ]
+  },
+  "ibmOptions": {
+    "properties": {
+      "sttApiKey": "string",
+      "sttRegion": "string",
+      "ttsApiKey": "string",
+      "ttsRegion": "string",
+      "instanceId": "string",
+      "model": "string",
+      "languageCustomizationId": "string",
+      "acousticCustomizationId": "string",
+      "baseModelVersion": "string",
+      "watsonMetadata": "string",
+      "watsonLearningOptOut": "boolean"
+    },
+    "required": [
+    ]
+  },
+  "deepgramOptions": {
+    "properties": {
+      "apiKey": "string",
+      "tier": {
+        "type": "string",
+        "enum": [
+          "enhanced",
+          "base"
+        ]
+      },
+      "model": {
+        "type": "string",
+        "enum": [
+          "general",
+          "meeting",
+          "phonecall",
+          "voicemail",
+          "finance",
+          "conversationalai",
+          "video",
+          "custom"
+        ]
+      },
+      "customModel": "string",
+      "version": "string",
+      "punctuate": "boolean",
+      "profanityFilter": "boolean",
+      "redact": {
+        "type": "string",
+        "enum": [
+          "pci",
+          "numbers",
+          "true",
+          "ssn"
+        ]
+      },
+      "diarize": "boolean",
+      "diarizeVersion": "string",
+      "ner": "boolean",
+      "multichannel": "boolean",
+      "alternatives": "number",
+      "numerals": "boolean",
+      "search": "array",
+      "replace": "array",
+      "keywords": "array",
+      "endpointing": "boolean",
+      "vadTurnoff": "number",
+      "tag": "string"
+    }
+  },
+  "nuanceOptions": {
+    "properties": {
+      "clientId": "string",
+      "secret": "string",
+      "kryptonEndpoint": "string",
+      "topic": "string",
+      "utteranceDetectionMode": {
+        "type": "string",
+        "enum": [
+          "single",
+          "multiple",
+          "disabled"
+        ]
+      },
+      "punctuation": "boolean",
+      "profanityFilter": "boolean",
+      "includeTokenization": "boolean",
+      "discardSpeakerAdaptation": "boolean",
+      "suppressCallRecording": "boolean",
+      "maskLoadFailures": "boolean",
+      "suppressInitialCapitalization": "boolean",
+      "allowZeroBaseLmWeight": "boolean",
+      "filterWakeupWord": "boolean",
+      "resultType": {
+        "type": "string",
+        "enum": [
+          "final",
+          "partial",
+          "immutable_partial"
+        ]
+      },
+      "noInputTimeoutMs": "number",
+      "recognitionTimeoutMs": "number",
+      "utteranceEndSilenceMs": "number",
+      "maxHypotheses": "number",
+      "speechDomain": "string",
+      "formatting": "#formatting",
+      "clientData": "object",
+      "userId": "string",
+      "speechDetectionSensitivity": "number",
+      "resources": ["#resource"]
+    },
+    "required": [
+    ]
+  },
+  "resource": {
+    "properties": {
+      "externalReference": "#resourceReference",
+      "inlineWordset": "string",
+      "builtin": "string",
+      "inlineGrammar": "string",
+      "wakeupWord": "[string]",
+      "weightName": {
+        "type": "string",
+        "enum": [
+          "defaultWeight",
+          "lowest",
+          "low",
+          "medium",
+          "high",
+          "highest"
+        ]
+      },
+      "weightValue": "number",
+      "reuse": {
+        "type": "string",
+        "enum": [
+          "undefined_reuse",
+          "low_reuse",
+          "high_reuse"
+        ]
+      }
+    },
+    "required": [
+    ]
+  },
+  "resourceReference": {
+    "properties": {
+      "type": {
+        "type": "string",
+        "enum": [
+          "undefined_resource_type",
+          "wordset",
+          "compiled_wordset",
+          "domain_lm",
+          "speaker_profile",
+          "grammar",
+          "settings"
+        ]
+      },
+      "uri": "string",
+      "maxLoadFailures": "boolean",
+      "requestTimeoutMs": "number",
+      "headers": "object"
+    },
+    "required": [
+    ]
+  },
+  "formatting": {
+    "properties": {
+      "scheme": "string",
+      "options": "object"
+    },
+    "required": [
+      "scheme",
+      "options"
+    ]
+  },
+  "lexIntent": {
+    "properties": {
+      "name": "string",
+      "slots": "object"
+    },
+    "required": [
+      "name"
+    ]
+  },
+  "vad": {
+    "properties": {
+      "enable": "boolean",
+      "voiceMs": "number",
+      "mode": "number"
+    },
+    "required": [
+      "enable"
+    ]
+  },
+  "amd": {
+    "properties": {
+      "actionHook": "object|string",
+      "thresholdWordCount": "number",
+      "timers": "#amdTimers",
+      "recognizer": "#recognizer"
+    },
+    "required": [
+      "actionHook"
+    ]
+  },
+  "amdTimers": {
+    "properties": {
+      "noSpeechTimeoutMs": "number",
+      "decisionTimeoutMs": "number",
+      "toneTimeoutMs": "number",
+      "greetingCompletionTimeoutMs": "number"
+    }
+  }
+}

lib/utils/speech-utils.js

@@ -1,28 +1,12 @@
+const ttsGoogle = require('@google-cloud/text-to-speech');
 const sttGoogle = require('@google-cloud/speech').v1p1beta1;
-const { TranscribeClient, ListVocabulariesCommand } = require('@aws-sdk/client-transcribe');
+const Polly = require('aws-sdk/clients/polly');
+const AWS = require('aws-sdk');
 const { Deepgram } = require('@deepgram/sdk');
 const sdk = require('microsoft-cognitiveservices-speech-sdk');
-const { SpeechClient } = require('@soniox/soniox-node');
 const bent = require('bent');
 const fs = require('fs');
 
-
-const testSonioxStt = async(logger, credentials) => {
-  const api_key = credentials;
-  const soniox = new SpeechClient(api_key);
-
-  return new Promise(async(resolve, reject) => {
-    try {
-      const result = await soniox.transcribeFileShort('data/test_audio.wav');
-      if (result.words.length > 0) resolve(result);
-      else reject(new Error('no transcript returned'));
-    } catch (error) {
-      logger.info({error}, 'failed to get soniox transcript');
-      reject(error);
-    }
-  });
-};
-
 const testNuanceTts = async(logger, getTtsVoices, credentials) => {
   const voices = await getTtsVoices({vendor: 'nuance', credentials});
   return voices;
@@ -32,10 +16,9 @@ const testNuanceStt = async(logger, credentials) => {
   return true;
 };
 
-const testGoogleTts = async(logger, getTtsVoices, credentials) => {
-  const voices = await getTtsVoices({vendor: 'google', credentials});
-  return voices;
-
+const testGoogleTts = async(logger, credentials) => {
+  const client = new ttsGoogle.TextToSpeechClient({credentials});
+  await client.listVoices();
 };
 
 const testGoogleStt = async(logger, credentials) => {
@@ -119,33 +102,25 @@ const testMicrosoftStt = async(logger, credentials) => {
   });
 };
 
-const testAwsTts = async(logger, getTtsVoices, credentials) => {
-  try {
-    const voices = await getTtsVoices({vendor: 'aws', credentials});
-    return voices;
-  } catch (err) {
-    logger.info({err}, 'testMicrosoftTts - failed to list voices for region ${region}');
-    throw err;
-  }
+const testAwsTts = (logger, credentials) => {
+  const polly = new Polly(credentials);
+  return new Promise((resolve, reject) => {
+    polly.describeVoices({LanguageCode: 'en-US'}, (err, data) => {
+      if (err) return reject(err);
+      resolve();
+    });
+  });
 };
 
-const testAwsStt = async(logger, credentials) => {
-  try {
-    const {region, accessKeyId, secretAccessKey} = credentials;
-    const client = new TranscribeClient({
-      region,
-      credentials: {
-        accessKeyId,
-        secretAccessKey
-      }
+const testAwsStt = (logger, credentials) => {
+  const transcribeservice = new AWS.TranscribeService(credentials);
+  return new Promise((resolve, reject) => {
+    transcribeservice.listVocabularies((err, data) => {
+      if (err) return reject(err);
+      logger.info({data}, 'retrieved language models');
+      resolve();
     });
-    const command = new ListVocabulariesCommand({});
-    const response =  await client.send(command);
-    return response;
-  } catch (err) {
-    logger.info({err}, 'testMicrosoftTts - failed to list voices for region ${region}');
-    throw err;
-  }
+  });
 };
 
 const testMicrosoftTts = async(logger, credentials) => {
@@ -205,7 +180,7 @@ const testWellSaidTts = async(logger, credentials) => {
 
 const testIbmTts = async(logger, getTtsVoices, credentials) => {
   const {tts_api_key, tts_region} = credentials;
-  const voices = await getTtsVoices({vendor: 'ibm', credentials: {tts_api_key, tts_region}});
+  const voices = await getTtsVoices({vendor: 'ibm', credentials: {api_key: tts_api_key, region: tts_region}});
   return voices;
 };
 
@@ -250,6 +225,5 @@ module.exports = {
   testNuanceStt,
   testDeepgramStt,
   testIbmTts,
-  testIbmStt,
-  testSonioxStt
+  testIbmStt
 };

package.json

@@ -1,6 +1,6 @@
 {
   "name": "jambonz-api-server",
-  "version": "0.8.3",
+  "version": "v0.8.0",
   "description": "",
   "main": "app.js",
   "scripts": {
@@ -10,7 +10,6 @@
     "upgrade-db": "node ./db/upgrade-jambonz-db.js",
     "coverage": "./node_modules/.bin/nyc --reporter html --report-dir ./coverage npm run test",
     "jslint": "eslint app.js lib",
-    "jslint:fix": "eslint app.js lib --fix",
     "prepare": "husky install"
   },
   "author": "Dave Horton",
@@ -19,29 +18,27 @@
     "url": "https://github.com/jambonz/jambonz-api-server.git"
   },
   "dependencies": {
-    "@aws-sdk/client-transcribe": "^3.290.0",
     "@deepgram/sdk": "^1.10.2",
     "@google-cloud/speech": "^5.1.0",
-    "@jambonz/db-helpers": "^0.7.9",
-    "@jambonz/realtimedb-helpers": "^0.7.2",
-    "@jambonz/speech-utils": "^0.0.12",
+    "@google-cloud/text-to-speech": "^4.0.3",
+    "@jambonz/db-helpers": "^0.7.3",
+    "@jambonz/realtimedb-helpers": "^0.6.0",
     "@jambonz/time-series": "^0.2.5",
-    "@jambonz/verb-specifications": "^0.0.21",
-    "@soniox/soniox-node": "^1.1.0",
-    "argon2": "^0.30.3",
+    "argon2-ffi": "^2.0.0",
+    "aws-sdk": "^2.1152.0",
     "bent": "^7.3.12",
     "cors": "^2.8.5",
     "debug": "^4.3.4",
     "express": "^4.18.1",
     "express-rate-limit": "^6.4.0",
     "form-data": "^2.5.1",
+    "form-urlencoded": "^6.1.0",
     "helmet": "^5.1.0",
     "ibm-watson": "^7.1.2",
     "jsonwebtoken": "^9.0.0",
     "mailgun.js": "^3.7.3",
     "microsoft-cognitiveservices-speech-sdk": "^1.24.1",
     "mysql2": "^2.3.3",
-    "nocache": "3.0.4",
     "passport": "^0.6.0",
     "passport-http-bearer": "^1.0.1",
     "pino": "^5.17.0",
@@ -52,8 +49,8 @@
     "yamljs": "^0.3.0"
   },
   "devDependencies": {
-    "eslint": "^8.39.0",
-    "eslint-plugin-promise": "^6.1.1",
+    "eslint": "^7.32.0",
+    "eslint-plugin-promise": "^4.2.1",
     "husky": "7.0.4",
     "nyc": "^15.1.0",
     "request": "^2.88.2",

test/accounts.js

@@ -1,10 +1,6 @@
 const test = require('tape') ;
 const ADMIN_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734de';
 const authAdmin = {bearer: ADMIN_TOKEN};
-const SP_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734ds';
-const authSP = {bearer: ADMIN_TOKEN};
-const ACC_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734da';
-const authAcc = {bearer: ADMIN_TOKEN};
 const request = require('request-promise-native').defaults({
   baseUrl: 'http://127.0.0.1:3000/v1'
 });
@@ -13,12 +9,6 @@ const {
   createServiceProvider, 
   createPhoneNumber, 
   deleteObjectBySid} = require('./utils');
-const logger = require('../lib/logger');
-const { pushBack } = require('@jambonz/realtimedb-helpers')({
-  host: process.env.JAMBONES_REDIS_HOST,
-  port: process.env.JAMBONES_REDIS_PORT || 6379
-}, logger);
-
 
 process.on('unhandledRejection', (reason, p) => {
   console.log('Unhandled Rejection at: Promise', p, 'reason:', reason);
@@ -229,21 +219,6 @@ test('account tests', async(t) => {
     });
     t.ok(result.statusCode === 201, 'successfully updated a call session limit to an account');
 
-    /* try to update an existing limit for an account giving a invalid sid */
-    try {
-      result = await request.post(`/Accounts/invalid-sid/Limits`, {
-        auth: authAdmin,
-        json: true,
-        resolveWithFullResponse: true,
-        body: {
-          category: 'voice_call_session',
-          quantity: 205
-        }
-      });
-    } catch (err) {
-      t.ok(err.statusCode === 400, 'returns 400 bad request if account sid param is not a valid uuid');
-    }
-
     /* query all limits for an account */
     result = await request.get(`/Accounts/${sid}/Limits`, {
       auth: authAdmin,
@@ -267,31 +242,6 @@ test('account tests', async(t) => {
     });
     t.ok(result.statusCode === 204, 'successfully deleted a call session limit for an account');
 
-    /* query account queues */
-    await pushBack(`queue:${sid}:test`, 'url1');
-    await pushBack(`queue:${sid}:dummy`, 'url2');
-
-    result = await request.get(`/Accounts/${sid}/Queues`, {
-      auth: authAdmin,
-      resolveWithFullResponse: true,
-      json: true,
-    });
-    t.ok(result.statusCode === 200 && result.body.length === 2, 'successfully queried account queues info for an account');
-
-    result = await request.get(`/Accounts/${sid}/Queues?search=test`, {
-      auth: authAdmin,
-      resolveWithFullResponse: true,
-      json: true,
-    });
-    t.ok(result.statusCode === 200 && result.body.length === 1, 'successfully queried account queue info with search for an account');
-
-    result = await request.get(`/Accounts/29d41725-9d3a-4f89-9f0b-f32b3e4d3159/Queues`, {
-      auth: authAdmin,
-      resolveWithFullResponse: true,
-      json: true,
-    });
-    t.ok(result.statusCode === 200 && result.body.length === 0, 'successfully queried account queue info with for an invalid account');
-
     /* delete account */
     result = await request.delete(`/Accounts/${sid}`, {
       auth: authAdmin,

test/auth.js

@@ -127,7 +127,7 @@ test('authentication tests', async(t) => {
         sip_realm: 'sip.foo.bar'
       }
     });
-    t.ok(result.statusCode === 403 && result.body.msg === 'insufficient permissions',
+    t.ok(result.statusCode === 422 && result.body.msg === 'cannot update account from different service provider',
       'service provider token B cannot be used to update account from service provider A');
 
     /* cannot delete account from different service provider */
@@ -137,7 +137,7 @@ test('authentication tests', async(t) => {
       simple: false,
       json: true,
     });
-    t.ok(result.statusCode === 403 && result.body.msg === 'insufficient permissions',
+    t.ok(result.statusCode === 422 && result.body.msg === 'cannot delete account from different service provider',
       'service provider token B cannot be used to delete account from service provider A');
 
     /* service provider token A can update account A1 */
@@ -179,7 +179,7 @@ test('authentication tests', async(t) => {
       }
     });
     //console.log(`result: ${JSON.stringify(result)}`);
-    t.ok(result.statusCode === 403 && result.body.msg === 'insufficient permissions',
+    t.ok(result.statusCode === 422 && result.body.msg === 'insufficient permissions to create accounts',
       'cannot create an account using an account-level token');
 
     /* using account token we see one account */
@@ -200,7 +200,8 @@ test('authentication tests', async(t) => {
         sip_realm: 'sip.foo.bar'
       }
     });
-    t.ok(result.statusCode === 403 && result.body.msg === 'insufficient permissions',
+    //console.log(`result: ${JSON.stringify(result)}`);
+    t.ok(result.statusCode === 422 && result.body.msg === 'insufficient privileges to update this account',
       'cannot update account A2 using auth token for account A1');
 
     /* can update an account using an appropriate account-level token */
@@ -250,8 +251,7 @@ test('authentication tests', async(t) => {
         }
       }
     });
-    //console.log(`result: ${JSON.stringify(result)}`);
-    t.ok(result.statusCode === 403 && result.body.msg === 'insufficient privileges',
+    t.ok(result.statusCode === 400 && result.body.msg === 'insufficient privileges to create an application under the specified account',
       'cannot create application for account A2 using service provider token B');
 
     result = await request.post('/Applications', {

test/docker-compose-testbed.yaml

@@ -133,14 +133,4 @@ services:
       - "3100:3000/tcp"
     networks:
       jambonz-api:
-        ipv4_address: 172.58.0.9
-
-  webhook-tts-scaffold:
-    image: jambonz/webhook-tts-test-scaffold:latest
-    ports:
-      - "3101:3000/tcp"
-    volumes:
-      - ./test-apps:/tmp
-    networks:
-      jambonz-api:
-        ipv4_address: 172.58.0.10
+        ipv4_address: 172.58.0.9

test/email_utils.js

@@ -1,29 +0,0 @@
-const test = require('tape');
-const {emailSimpleText} = require('../lib/utils/email-utils');
-const bent = require('bent');
-const getJSON = bent('json')
-const logger = {
-  debug: () =>{},
-  info: () => {}
-}
-
-test('email-test', async(t) => {
-  // Prepare env:
-  process.env.CUSTOM_EMAIL_VENDOR_URL = 'http://127.0.0.1:3101/custom_email_vendor';
-  process.env.CUSTOM_EMAIL_VENDOR_USERNAME = 'USERNAME';
-  process.env.CUSTOM_EMAIL_VENDOR_PASSWORD = 'PASSWORD';
-
-  await emailSimpleText(logger, 'test@gmail.com', 'subject', 'body text');
-
-  const obj = await getJSON(`http://127.0.0.1:3101/lastRequest/custom_email_vendor`);
-  t.ok(obj.headers['Content-Type'] == 'application/json');
-  t.ok(obj.headers.Authorization == 'Basic VVNFUk5BTUU6UEFTU1dPUkQ=');
-  t.ok(obj.body.from == 'jambonz Support <support@jambonz.org>');
-  t.ok(obj.body.to == 'test@gmail.com');
-  t.ok(obj.body.subject == 'subject');
-  t.ok(obj.body.text == 'body text');
-
-  process.env.CUSTOM_EMAIL_VENDOR_URL = null;
-  process.env.CUSTOM_EMAIL_VENDOR_USERNAME = null;
-  process.env.CUSTOM_EMAIL_VENDOR_PASSWORD = null;
-});

test/forgot-password.js

@@ -1,325 +0,0 @@
-const test = require('tape');
-const request = require("request-promise-native").defaults({
-  baseUrl: "http://127.0.0.1:3000/v1",
-});
-
-let authAdmin;
-let admin_user_sid;
-let sp_sid;
-let sp_user_sid;
-let account_sid;
-let account_sid2;
-let account_user_sid;
-let account_user_sid2;
-
-const password = "12345foobar";
-const adminEmail = "joe@foo.bar";
-const emailInactiveAccount = 'inactive-account@example.com';
-const emailInactiveUser = 'inactive-user@example.com';
-
-test('forgot password - prepare', async (t) => {
-  /* login as admin to get a jwt */
-  let result = await request.post("/login", {
-    resolveWithFullResponse: true,
-    json: true,
-    body: {
-      username: "admin",
-      password: "admin",
-    },
-  });
-  t.ok(
-    result.statusCode === 200 && result.body.token,
-    "successfully logged in as admin"
-  );
-  authAdmin = { bearer: result.body.token };
-  admin_user_sid = result.body.user_sid;
-
-  /* add a service provider */
-  result = await request.post("/ServiceProviders", {
-    resolveWithFullResponse: true,
-    auth: authAdmin,
-    json: true,
-    body: {
-      name: "sp" + Date.now(),
-    },
-  });
-  t.ok(result.statusCode === 201, "successfully created service provider");
-  sp_sid = result.body.sid;
-
-  /* add service_provider user */
-  const randomNumber = Math.floor(Math.random() * 101);
-  result = await request.post(`/Users`, {
-    resolveWithFullResponse: true,
-    json: true,
-    auth: authAdmin,
-    body: {
-      name: "service_provider" + Date.now(),
-      email: `sp${randomNumber}@example.com`,
-      is_active: true,
-      force_change: true,
-      initial_password: password,
-      service_provider_sid: sp_sid,
-    },
-  });
-  t.ok(
-    result.statusCode === 201 && result.body.user_sid,
-    "service_provider scope user created"
-  );
-  sp_user_sid = result.body.user_sid;
-
-  /* add an account - inactive */
-  result = await request.post("/Accounts", {
-    resolveWithFullResponse: true,
-    auth: authAdmin,
-    json: true,
-    body: {
-      name: "sample_account inactive" + Date.now(),
-      service_provider_sid: sp_sid,
-      registration_hook: {
-        url: "http://example.com/reg",
-        method: "get",
-      },
-      is_active: false,
-      webhook_secret: "foobar",
-    },
-  });
-  t.ok(result.statusCode === 201, "successfully created account");
-  account_sid = result.body.sid;
-
-  /* add an account - inactive */
-  result = await request.post("/Accounts", {
-    resolveWithFullResponse: true,
-    auth: authAdmin,
-    json: true,
-    body: {
-      name: "sample_account active" + Date.now(),
-      service_provider_sid: sp_sid,
-      registration_hook: {
-        url: "http://example.com/reg",
-        method: "get",
-      },
-      is_active: true,
-      webhook_secret: "foobar",
-    },
-  });
-  t.ok(result.statusCode === 201, "successfully created account");
-  account_sid2 = result.body.sid;
-
-  /* add account user connected to an inactive account */
-  result = await request.post(`/Users`, {
-    resolveWithFullResponse: true,
-    json: true,
-    auth: authAdmin,
-    body: {
-      name: "account user active - inactive account" + randomNumber,
-      email: emailInactiveAccount,
-      is_active: true,
-      force_change: true,
-      initial_password: password,
-      service_provider_sid: sp_sid,
-      account_sid: account_sid,
-    },
-  });
-  t.ok(
-    result.statusCode === 201 && result.body.user_sid,
-    "account scope user created"
-  );
-  account_user_sid = result.body.user_sid;
-
-  /* add account user that is not active */
-  result = await request.post(`/Users`, {
-    resolveWithFullResponse: true,
-    json: true,
-    auth: authAdmin,
-    body: {
-      name: "account user inactive - active account" + randomNumber,
-      email: emailInactiveUser,
-      is_active: false,
-      force_change: true,
-      initial_password: password,
-      service_provider_sid: sp_sid,
-      account_sid: account_sid2,
-    },
-  });
-  t.ok(
-    result.statusCode === 201 && result.body.user_sid,
-    "account scope user created"
-  );
-  account_user_sid2 = result.body.user_sid;
-});
-
-test('forgot password with valid email', async (t) => {
-  const res = await request
-    .post('/forgot-password',
-      {
-        resolveWithFullResponse: true,
-        json: true,
-        auth: authAdmin,
-        body: { email: adminEmail }
-      });
-
-  t.equal(res.statusCode, 204, 'returns 204 status code');
-  t.end();
-});
-
-test('forgot password with invalid email', async (t) => {
-  const statusCode = 400;
-  const errorMessage = 'invalid or missing email';
-  const email = 'invalid-email';
-
-  try {
-    await request
-      .post('/forgot-password', {
-        resolveWithFullResponse: true,
-        json: true,
-        auth: authAdmin,
-        body: { email }
-      });
-  } catch (error) {
-    t.throws(
-      () => {
-        throw error;
-      },
-      {
-        name: "StatusCodeError",
-        statusCode,
-        message: `${statusCode} - {"error":"${errorMessage}"}`,
-      }
-    );
-  }
-  t.end();
-});
-
-test('forgot password with non-existent email', async (t) => {
-  const statusCode = 400;
-  const errorMessage = 'email does not exist';
-  const email = 'non-existent-email@example.com';
-
-  try {
-    await request
-      .post('/forgot-password', {
-        resolveWithFullResponse: true,
-        json: true,
-        auth: authAdmin,
-        body: { email }
-      });
-  } catch (error) {
-    t.throws(
-      () => {
-        throw error;
-      },
-      {
-        name: "StatusCodeError",
-        statusCode,
-        message: `${statusCode} - {"error":"${errorMessage}"}`,
-      }
-    );
-  }
-  t.end();
-});
-
-test('forgot password with inactive user', async (t) => {
-  const statusCode = 400;
-  const errorMessage = 'you may not reset the password of an inactive user';
-
-  try {
-    await request
-      .post('/forgot-password', {
-        resolveWithFullResponse: true,
-        json: true,
-        auth: authAdmin,
-        body: { email: emailInactiveUser }
-      });
-  } catch (error) {
-    t.throws(
-      () => {
-        throw error;
-      },
-      {
-        name: "StatusCodeError",
-        statusCode,
-        message: `${statusCode} - {"error":"${errorMessage}"}`,
-      }
-    );
-  }
-  t.end();
-});
-
-test('forgot password with inactive account', async (t) => {
-  const statusCode = 400;
-  const errorMessage = 'you may not reset the password of an inactive account';
-  try {
-    await request
-      .post('/forgot-password', {
-        resolveWithFullResponse: true,
-        json: true,
-        auth: authAdmin,
-        body: { email: emailInactiveAccount }
-      });
-  } catch (error) {
-    t.throws(
-      () => {
-        throw error;
-      },
-      {
-        name: "StatusCodeError",
-        statusCode,
-        message: `${statusCode} - {"error":"${errorMessage}"}`,
-      }
-    );
-  }
-  t.end();
-});
-
-
-test('cleanup', async (t) => {
-  /* login as admin to get a jwt */
-  let result = await request.post("/login", {
-    resolveWithFullResponse: true,
-    json: true,
-    body: {
-      username: "admin",
-      password: "admin",
-    },
-  });
-  t.ok(
-    result.statusCode === 200 && result.body.token,
-    "successfully logged in as admin"
-  );
-  authAdmin = { bearer: result.body.token };
-
-  /* list users */
-  result = await request.get(`/Users`, {
-    resolveWithFullResponse: true,
-    json: true,
-    auth: authAdmin,
-  });
-  const users = result.body;
-
-  /* delete all users except admin */
-  for (const user of users) {
-    if (user.user_sid === admin_user_sid) continue;
-    result = await request.delete(`/Users/${user.user_sid}`, {
-      resolveWithFullResponse: true,
-      json: true,
-      auth: authAdmin,
-    });
-    t.ok(result.statusCode === 204, "user deleted");
-  }
-
-  /* list accounts */
-  result = await request.get(`/Accounts`, {
-    resolveWithFullResponse: true,
-    json: true,
-    auth: authAdmin,
-  });
-  const accounts = result.body;  
-  for (const acc of accounts) {    
-    result = await request.delete(`/Accounts/${acc.account_sid}`, {
-      resolveWithFullResponse: true,
-      json: true,
-      auth: authAdmin,
-    });
-    t.ok(result.statusCode === 204, "acc deleted");
-  }
-});

test/index.js

@@ -13,14 +13,8 @@ require('./ms-teams');
 require('./speech-credentials');
 require('./recent-calls');
 require('./users');
-require('./login');
 require('./webapp_tests');
 // require('./homer');
 require('./call-test');
 require('./password-settings');
-require('./email_utils');
-require('./system-information');
-require('./lcr-carriers-set-entries');
-require('./lcr-routes');
-require('./lcrs');
 require('./docker_stop');

test/lcr-carriers-set-entries.js

@@ -1,103 +0,0 @@
-const test = require('tape') ;
-const ADMIN_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734de';
-const authAdmin = {bearer: ADMIN_TOKEN};
-const request = require('request-promise-native').defaults({
-  baseUrl: 'http://127.0.0.1:3000/v1'
-});
-
-const {createLcrRoute, createVoipCarrier} = require('./utils');
-
-process.on('unhandledRejection', (reason, p) => {
-  console.log('Unhandled Rejection at: Promise', p, 'reason:', reason);
-});
-
-test('lcr carrier set entries test', async(t) => {
-  const app = require('../app');
-  let sid;
-  try {
-    let result;
-    const lcr_route = await createLcrRoute(request);
-    const voip_carrier_sid = await createVoipCarrier(request);
-
-    /* add new entity */
-    result = await request.post('/LcrCarrierSetEntries', {
-      resolveWithFullResponse: true,
-      auth: authAdmin,
-      json: true,
-      body: {
-        workload: 1,
-        lcr_route_sid: lcr_route.lcr_route_sid,
-        voip_carrier_sid,
-        priority: 1
-      }
-    });
-    t.ok(result.statusCode === 201, 'successfully created lcr carrier set entry ');
-    const sid = result.body.sid;
-
-    /* query all entity */
-    result = await request.get('/LcrCarrierSetEntries', {
-      qs: {lcr_route_sid: lcr_route.lcr_route_sid},
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.length === 1 , 'successfully queried all lcr carrier set entry');
-
-    /* query one entity */
-    result = await request.get(`/LcrCarrierSetEntries/${sid}`, {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.workload === 1 , 'successfully retrieved lcr carrier set entry by sid');
-
-    /* update the entity */
-    result = await request.put(`/LcrCarrierSetEntries/${sid}`, {
-      auth: authAdmin,
-      json: true,
-      resolveWithFullResponse: true,
-      body: {
-        priority: 2
-      }
-    });
-    t.ok(result.statusCode === 204, 'successfully updated LcrCarrierSetEntries');
-    /* query one entity */
-    result = await request.get(`/LcrCarrierSetEntries/${sid}`, {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.priority === 2 , 'successfully updated lcr carrier set entry by sid');
-
-    /* delete lcr carrier set entry */
-    result = await request.delete(`/LcrCarrierSetEntries/${sid}`, {
-      resolveWithFullResponse: true,
-      simple: false,
-      json: true,
-      auth: authAdmin
-    });
-    t.ok(result.statusCode === 204, 'successfully deleted LcrCarrierSetEntries');
-
-    /* delete lcr route */
-    result = await request.delete(`/LcrRoutes/${lcr_route.lcr_route_sid}`, {
-      resolveWithFullResponse: true,
-      simple: false,
-      json: true,
-      auth: authAdmin
-    });
-    t.ok(result.statusCode === 204, 'successfully deleted LcrRoutes');
-
-    /* delete lcr */
-    result = await request.delete(`/Lcrs/${lcr_route.lcr_sid}`, {
-      resolveWithFullResponse: true,
-      simple: false,
-      json: true,
-      auth: authAdmin
-    });
-    t.ok(result.statusCode === 204, 'successfully deleted Lcr');
-
-    t.end();
-  }
-  catch (err) {
-    console.error(err);
-    t.end(err);
-  }
-
-});

test/lcr-routes.js

@@ -1,93 +0,0 @@
-const test = require('tape') ;
-const ADMIN_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734de';
-const authAdmin = {bearer: ADMIN_TOKEN};
-const request = require('request-promise-native').defaults({
-  baseUrl: 'http://127.0.0.1:3000/v1'
-});
-
-const {createLcr} = require('./utils');
-
-process.on('unhandledRejection', (reason, p) => {
-  console.log('Unhandled Rejection at: Promise', p, 'reason:', reason);
-});
-
-test('lcr routes test', async(t) => {
-  const app = require('../app');
-  let sid;
-  try {
-    let result;
-    const lcr_sid = await createLcr(request);
-
-    /* add new entity */
-    result = await request.post('/LcrRoutes', {
-      resolveWithFullResponse: true,
-      auth: authAdmin,
-      json: true,
-      body: {
-        lcr_sid,
-        regex: '1*',
-        description: 'description',
-        priority: 1
-      }
-    });
-    t.ok(result.statusCode === 201, 'successfully created lcr route ');
-    const sid = result.body.sid;
-
-    /* query all entity */
-    result = await request.get('/LcrRoutes', {
-      qs: {lcr_sid},
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.length === 1 , 'successfully queried all lcr route');
-
-    /* query one entity */
-    result = await request.get(`/LcrRoutes/${sid}`, {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.priority === 1 , 'successfully retrieved lcr route by sid');
-
-    /* update the entity */
-    result = await request.put(`/LcrRoutes/${sid}`, {
-      auth: authAdmin,
-      json: true,
-      resolveWithFullResponse: true,
-      body: {
-        priority: 2
-      }
-    });
-    t.ok(result.statusCode === 204, 'successfully updated Lcr Route');
-    /* query one entity */
-    result = await request.get(`/LcrRoutes/${sid}`, {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.priority === 2 , 'successfully updated lcr Route by sid');
-
-    /* delete lcr Route */
-    result = await request.delete(`/LcrRoutes/${sid}`, {
-      resolveWithFullResponse: true,
-      simple: false,
-      json: true,
-      auth: authAdmin
-    });
-    t.ok(result.statusCode === 204, 'successfully deleted LcrRoutes');
-
-    /* delete lcr */
-    result = await request.delete(`/Lcrs/${lcr_sid}`, {
-        resolveWithFullResponse: true,
-        simple: false,
-        json: true,
-        auth: authAdmin
-      });
-      t.ok(result.statusCode === 204, 'successfully deleted Lcr');
-
-    t.end();
-  }
-  catch (err) {
-    console.error(err);
-    t.end(err);
-  }
-
-});

test/lcrs.js

@@ -1,76 +0,0 @@
-const test = require('tape') ;
-const ADMIN_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734de';
-const authAdmin = {bearer: ADMIN_TOKEN};
-const request = require('request-promise-native').defaults({
-  baseUrl: 'http://127.0.0.1:3000/v1'
-});
-
-process.on('unhandledRejection', (reason, p) => {
-  console.log('Unhandled Rejection at: Promise', p, 'reason:', reason);
-});
-
-test('lcr test', async(t) => {
-  const app = require('../app');
-  let sid;
-  try {
-    let result;
-    /* add new entity */
-    result = await request.post('/Lcrs', {
-      resolveWithFullResponse: true,
-      auth: authAdmin,
-      json: true,
-      body: {
-        name: 'name'
-      }
-    });
-    t.ok(result.statusCode === 201, 'successfully created lcr');
-    const sid = result.body.sid;
-
-    /* query all entity */
-    result = await request.get('/Lcrs', {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.length === 1 , 'successfully queried all lcr');
-
-    /* query one entity */
-    result = await request.get(`/Lcrs/${sid}`, {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.name === 'name' , 'successfully retrieved lcr by sid');
-
-    /* update the entity */
-    result = await request.put(`/Lcrs/${sid}`, {
-      auth: authAdmin,
-      json: true,
-      resolveWithFullResponse: true,
-      body: {
-        name: 'name2'
-      }
-    });
-    t.ok(result.statusCode === 204, 'successfully updated Lcr');
-    /* query one entity */
-    result = await request.get(`/Lcrs/${sid}`, {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.name === 'name2' , 'successfully updated lcr by sid');
-
-    /* delete lcr Route */
-    result = await request.delete(`/Lcrs/${sid}`, {
-      resolveWithFullResponse: true,
-      simple: false,
-      json: true,
-      auth: authAdmin
-    });
-    t.ok(result.statusCode === 204, 'successfully deleted Lcrs');
-
-    t.end();
-  }
-  catch (err) {
-    console.error(err);
-    t.end(err);
-  }
-
-});

test/login.js

@@ -1,84 +0,0 @@
-const test = require('tape') ;
-const jwt = require('jsonwebtoken');
-const request = require('request-promise-native').defaults({
-  baseUrl: 'http://127.0.0.1:3000/v1'
-});
-const exec = require('child_process').exec ;
-const {generateHashedPassword} = require('../lib/utils/password-utils');
-
-
-process.on('unhandledRejection', (reason, p) => {
-  console.log('Unhandled Rejection at: Promise', p, 'reason:', reason);
-});
-
-test('add an admin user', (t) => {
-  exec(`${__dirname}/../db/reset_admin_password.js`, (err, stdout, stderr) => {
-    console.log(stderr);
-    console.log(stdout);
-    if (err) return t.end(err);
-    t.pass('successfully added admin user');
-    t.end();
-  });
-});
-
-test('login tests', async(t) => {
-  const app = require('../app');
-  const password = 'abcde12345-';
-  try {
-    let result;
-
-    /* login as admin to get a jwt */
-    result = await request.post('/login', {
-      resolveWithFullResponse: true,
-      json: true,
-      body: {
-        username: 'admin',
-        password: 'admin',  
-      }
-    });
-    t.ok(result.statusCode === 200 && result.body.token, 'successfully logged in as admin');
-
-    const maxAttempts = process.env.LOGIN_ATTEMPTS_MAX_RETRIES || 6;
-    const attempTime = process.env.LOGIN_ATTEMPTS_TIME || 1800;
-    
-    for (let index = 0; index <= maxAttempts; index++) {
-        if (index === (maxAttempts - 1)) {
-
-            attemptResult = await request.post('/login', {
-              resolveWithFullResponse: true,
-              json: true,
-              body: {
-                username: 'admin',
-                password: 'adm',  
-              }
-            }).catch(error => {
-              t.ok(error.response.statusCode === 403, `Maximum login attempts reached. Please try again in ${attempTime} seconds.`)
-          });
-        } else if (index < maxAttempts) {
-          attemptResult = await request.post('/login', {
-            resolveWithFullResponse: true,
-            json: true,
-            body: {
-              username: 'admin',
-              password: 'adm',  
-            }
-          }).catch(error => t.ok(error.response.statusCode === 403));
-        } else {
-            attemptResult = await request.post('/login', {
-                resolveWithFullResponse: true,
-                json: true,
-                body: {
-                  username: 'admin',
-                  password: 'adm',  
-                }
-              }).catch(error => t.ok(error.response.statusCode === 403, 'Maximum login attempts reached. Please try again later or reset your password.'));
-        }
-    }
-
-  } catch (err) {
-      console.error(err);
-      t.end(err);
-    }
-  });
-  
-  

test/phone-numbers.js

@@ -61,16 +61,6 @@ test('phone number tests', async(t) => {
     });
     t.ok(result.number === '16173333456' , 'successfully retrieved phone number by sid');
 
-    /* fail to query one phone number with invalid uuid */
-    try {
-      result = await request.get(`/PhoneNumbers/foobar`, {
-        auth: authAdmin,
-        json: true,
-      });
-    } catch (err) {
-      t.ok(err.statusCode === 400, 'returns 400 bad request if phone number sid param is not a valid uuid');
-    }
-
     /* delete phone number */
     result = await request.delete(`/PhoneNumbers/${sid}`, {
       auth: authAdmin,

test/service-providers.js

@@ -107,20 +107,6 @@ test('service provider tests', async(t) => {
     });
     t.ok(result.statusCode === 204, 'successfully updated service provider');
 
-    /* try to update service providers with invalid sid format*/
-    try {
-      result = await request.put(`/ServiceProviders/123`, {
-        auth: authAdmin,
-        json: true,
-        resolveWithFullResponse: true,
-        body: {
-          name: 'robb'
-        }
-      });
-    } catch (err) {
-      t.ok(err.statusCode === 400, 'returns 400 bad request if service provider sid param is not a valid uuid');
-    }
-
     /* add an api key for a service provider */
     result = await request.post(`/ApiKeys`, {
       auth: authAdmin,

test/sip-gateways.js

@@ -27,8 +27,7 @@ test('sip gateway tests', async(t) => {
         ipv4: '192.168.1.1',
         netmask: 32,
         inbound: true,
-        outbound: true,
-        protocol: 'tcp'
+        outbound: true
       }
     });
     t.ok(result.statusCode === 201, 'successfully created sip gateway ');
@@ -49,7 +48,6 @@ test('sip gateway tests', async(t) => {
     });
     //console.log(`result: ${JSON.stringify(result)}`);
     t.ok(result.ipv4 === '192.168.1.1' , 'successfully retrieved voip carrier by sid');
-    t.ok(result.protocol === 'tcp' , 'successfully retrieved voip carrier by sid');
 
 
     /* update sip gateway */
@@ -60,8 +58,7 @@ test('sip gateway tests', async(t) => {
       body: {
         port: 5061,
         netmask:24,
-        outbound: false,
-        protocol: 'udp'
+        outbound: false
       }
     });
     t.ok(result.statusCode === 204, 'successfully updated voip carrier');
@@ -78,7 +75,7 @@ test('sip gateway tests', async(t) => {
     
     await deleteObjectBySid(request, '/VoipCarriers', voip_carrier_sid);
 
-    t.end();
+    //t.end();
   }
   catch (err) {
     console.error(err);

test/speech-credentials.js

@@ -22,24 +22,6 @@ test('speech credentials tests', async(t) => {
     const service_provider_sid = await createServiceProvider(request);
     const account_sid = await createAccount(request, service_provider_sid);
 
-    /* return 400 if invalid sid param is used */
-    try {
-      result = await request.post(`/ServiceProviders/foobarbaz/SpeechCredentials`, {
-        resolveWithFullResponse: true,
-        simple: false,
-        auth: authAdmin,
-        json: true,
-        body: {
-          vendor: 'google',
-          service_key: jsonKey,
-          use_for_tts: true,
-          use_for_stt: true
-        }
-      });
-    } catch (err) {
-      t.ok(err.statusCode === 400, 'returns 400 bad request if service provider sid param is not a valid uuid');
-    }
-
     /* add a speech credential to a service provider */
     result = await request.post(`/ServiceProviders/${service_provider_sid}/SpeechCredentials`, {
       resolveWithFullResponse: true,
@@ -71,7 +53,6 @@ test('speech credentials tests', async(t) => {
 
     const token = jwt.sign({
       account_sid,
-      service_provider_sid,
       scope: 'account',
       permissions: ["PROVISION_USERS", "PROVISION_SERVICES", "VIEW_ONLY"]
     }, process.env.JWT_SECRET, { expiresIn: '1h' });
@@ -92,8 +73,8 @@ test('speech credentials tests', async(t) => {
     t.ok(result.statusCode === 201, 'successfully added speech credential');
     const sid1 = result.body.sid;
 
-    /* return 403 if invalid account is used - randomSid: bed7ae17-f8b4-4b74-9e5b-4f6318aae9c9 */
-    result = await request.post(`/Accounts/bed7ae17-f8b4-4b74-9e5b-4f6318aae9c9/SpeechCredentials`, {
+    /* return 403 if invalid account is used  */
+    result = await request.post(`/Accounts/foobarbaz/SpeechCredentials`, {
       resolveWithFullResponse: true,
       simple: false,
       auth: authUser,
@@ -120,20 +101,12 @@ test('speech credentials tests', async(t) => {
     t.ok(result[0].vendor === 'google' && result.length === 1, 'successfully retrieved all speech credentials');
     
     
-    /* return 400 when deleting credentials with invalid uuid */
+    /* return 404 when deleting unknown credentials */
     result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/foobarbaz`, {
       auth: authUser,
       resolveWithFullResponse: true,
       simple: false
     });
-    t.ok(result.statusCode === 400, 'return 400 when attempting to delete credential with invalid uuid');
-
-    /* return 404 when deleting unknown credentials - randomSid: bed7ae17-f8b4-4b74-9e5b-4f6318aae9c9 */
-    result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/`, {
-      auth: authUser,
-      resolveWithFullResponse: true,
-      simple: false
-    });
     t.ok(result.statusCode === 404, 'return 404 when attempting to delete unknown credential');
 
     /* delete the credential */
@@ -198,35 +171,6 @@ test('speech credentials tests', async(t) => {
       t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for microsoft stt');
     }
 
-    /* add / test a credential for AWS */
-    if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY && process.env.AWS_REGION) {
-      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
-        resolveWithFullResponse: true,
-        auth: authUser,
-        json: true,
-        body: {
-          vendor: 'aws',
-          use_for_tts: true,
-          use_for_stt: true,
-          access_key_id: process.env.AWS_ACCESS_KEY_ID,
-          secret_access_key: process.env.AWS_SECRET_ACCESS_KEY,
-          aws_region: process.env.AWS_REGION
-        }
-      });
-      t.ok(result.statusCode === 201, 'successfully added speech credential for AWS');
-      const ms_sid = result.body.sid;
-
-      /* test the speech credential */
-      result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
-        resolveWithFullResponse: true,
-        auth: authUser,
-        json: true,   
-      });
-      //console.log(JSON.stringify(result));
-      t.ok(result.statusCode === 200 && result.body.tts.status === 'ok', 'successfully tested speech credential for AWS tts');
-      t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for AWS stt');
-    }
-
     /* add a credential for wellsaid */
     if (process.env.WELLSAID_API_KEY) {
       result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
@@ -356,45 +300,12 @@ test('speech credentials tests', async(t) => {
       t.ok(result.statusCode === 204, 'successfully deleted speech credential');
     }
 
-    /* add a credential for Siniox */
-    if (process.env.SONIOX_API_KEY) {
-      result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
-        resolveWithFullResponse: true,
-        auth: authUser,
-        json: true,
-        body: {
-          vendor: 'soniox',
-          use_for_stt: true,
-          api_key: process.env.SONIOX_API_KEY
-        }
-      });
-      t.ok(result.statusCode === 201, 'successfully added speech credential for soniox');
-      const ms_sid = result.body.sid;
-
-      /* test the speech credential */
-      result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}/test`, {
-        resolveWithFullResponse: true,
-        auth: authUser,
-        json: true,   
-      });
-      console.log(JSON.stringify(result));
-      t.ok(result.statusCode === 200 && result.body.stt.status === 'ok', 'successfully tested speech credential for soniox');
-
-      /* delete the credential */
-      result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${ms_sid}`, {
-        auth: authUser,
-        resolveWithFullResponse: true,
-      });
-      t.ok(result.statusCode === 204, 'successfully deleted speech credential');
-    }
-
     /* add a credential for nvidia */
     result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
       resolveWithFullResponse: true,
       auth: authUser,
       json: true,
       body: {
-        service_provider_sid: service_provider_sid,
         vendor: 'nvidia',
         use_for_stt: true,
         use_for_tts: true,
@@ -420,34 +331,9 @@ test('speech credentials tests', async(t) => {
     });
     t.ok(result.statusCode === 204, 'successfully deleted speech credential');
 
-    /* add a credential for nuance */
-    result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
-      resolveWithFullResponse: true,
-      auth: authUser,
-      json: true,
-      body: {
-        vendor: 'nuance',
-        use_for_stt: true,
-        use_for_tts: true,
-        client_id: 'client_id',
-        secret: 'secret',
-        nuance_tts_uri: "192.168.1.2:5060",
-        nuance_stt_uri: "192.168.1.2:5061"
-      }
-    });
-    t.ok(result.statusCode === 201, 'successfully added speech credential for nuance');
-    const nuance_sid = result.body.sid;
-
-    /* delete the credential */
-    result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${nuance_sid}`, {
-      auth: authUser,
-      resolveWithFullResponse: true,
-    });
-    t.ok(result.statusCode === 204, 'successfully deleted speech credential');
-
     await deleteObjectBySid(request, '/Accounts', account_sid);
     await deleteObjectBySid(request, '/ServiceProviders', service_provider_sid);
-    t.end();
+    //t.end();
   }
   catch (err) {
     console.error(err);

test/system-information.js

@@ -1,64 +0,0 @@
-const test = require('tape') ;
-const jwt = require('jsonwebtoken');
-const ADMIN_TOKEN = '38700987-c7a4-4685-a5bb-af378f9734de';
-const authAdmin = {bearer: ADMIN_TOKEN};
-const request = require('request-promise-native').defaults({
-  baseUrl: 'http://127.0.0.1:3000/v1'
-});
-
-test('system information test', async(t) => {
-  const app = require('../app');
-  try {
-    let result = await request.post('/SystemInformation', {
-      resolveWithFullResponse: true,
-      auth: authAdmin,
-      json: true,
-      body: {
-        domain_name: 'test.com',
-        sip_domain_name: 'sip.test.com',
-        monitoring_domain_name: 'monitor.test.com'
-      }
-    });
-    t.ok(result.statusCode === 201, 'successfully created system information ');
-    let body = result.body;
-    t.ok(body.domain_name === 'test.com', 'added domain_name ok');
-    t.ok(body.sip_domain_name === 'sip.test.com', 'added sip_domain_name ok');
-    t.ok(body.monitoring_domain_name === 'monitor.test.com', 'added monitoring_domain_name ok');
-
-    result = await request.get('/SystemInformation', {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.domain_name === 'test.com', 'get domain_name ok');
-    t.ok(result.sip_domain_name === 'sip.test.com', 'get sip_domain_name ok');
-    t.ok(result.monitoring_domain_name === 'monitor.test.com', 'get monitoring_domain_name ok');
-
-    result = await request.post('/SystemInformation', {
-      resolveWithFullResponse: true,
-      auth: authAdmin,
-      json: true,
-      body: {
-        domain_name: 'test1.com',
-        sip_domain_name: 'sip1.test.com',
-        monitoring_domain_name: 'monitor1.test.com'
-      }
-    });
-    t.ok(result.statusCode === 201, 'successfully updated system information ');
-    body = result.body;
-    t.ok(body.domain_name === 'test1.com', 'updated domain_name ok');
-    t.ok(body.sip_domain_name === 'sip1.test.com', 'updated sip_domain_name ok');
-    t.ok(body.monitoring_domain_name === 'monitor1.test.com', 'updated monitoring_domain_name ok');
-
-    result = await request.get('/SystemInformation', {
-      auth: authAdmin,
-      json: true,
-    });
-    t.ok(result.domain_name === 'test1.com', 'get domain_name ok');
-    t.ok(result.sip_domain_name === 'sip1.test.com', 'get sip_domain_name ok');
-    t.ok(result.monitoring_domain_name === 'monitor1.test.com', 'get monitoring_domain_name ok');
-
-  } catch(err) {
-    console.error(err);
-    t.end(err);
-  }
-});

test/users.js

@@ -23,7 +23,7 @@ test('add an admin user', (t) => {
 
 test('user tests', async(t) => {
   const app = require('../app');
-  const password = 'abcde12345-';
+  const password = await generateHashedPassword('abcd1234-');
   try {
     let result;
 
@@ -83,7 +83,7 @@ test('user tests', async(t) => {
       }
     });
     t.ok(result.statusCode === 201 && result.body.user_sid, 'service_provider scope user created');
-    const sp_user_sid = result.body.user_sid;
+    const sp_user_sid = result.body.sid;
 
     /* add an account */
     result = await request.post('/Accounts', {
@@ -119,7 +119,7 @@ test('user tests', async(t) => {
       }
     });
     t.ok(result.statusCode === 201 && result.body.user_sid, 'account scope user created');
-    const account_user_sid = result.body.user_sid;
+    const account_user_sid = result.body.sid;
 
     /* retrieve list of users */
     result = await request.get(`/Users`, {

test/utils.js

@@ -29,31 +29,6 @@ async function createVoipCarrier(request, name = 'daveh') {
   return result.sid;
 }
 
-async function createLcr(request, name = 'lcr') {
-  const result = await request.post('/Lcrs', {
-    auth: authAdmin,
-    json: true,
-    body: {
-      name
-    }
-  });
-  return result.sid;
-}
-
-async function createLcrRoute(request, lcr_name= 'lcr', lcr_route_regex = "1*", lcr_route_priority = 1) {
-  const lcr = await createLcr(request, lcr_name);
-  const result = await request.post('/LcrRoutes', {
-    auth: authAdmin,
-    json: true,
-    body: {
-      lcr_sid: lcr,
-      regex: lcr_route_regex,
-      priority: lcr_route_priority
-    }
-  });
-  return {lcr_sid: lcr, lcr_route_sid: result.sid};
-}
-
 async function createPhoneNumber(request, voip_carrier_sid, number = '15083333456') {
   const result = await request.post('/PhoneNumbers', {
     auth: authAdmin,
@@ -161,7 +136,5 @@ module.exports = {
   createApiKey,
   deleteObjectBySid,
   createGoogleSpeechCredentials,
-  getLastRequestFromFeatureServer,
-  createLcr,
-  createLcrRoute
+  getLastRequestFromFeatureServer
 };

test/voip-carriers.js

@@ -43,15 +43,6 @@ test('voip carrier tests', async(t) => {
     });
     t.ok(result.name === 'daveh' , 'successfully retrieved voip carrier by sid');
 
-    /* fail to query one voip carriers with invalid uuid */
-    try {
-      result = await request.get(`/VoipCarriers/123`, {
-        auth: authAdmin,
-        json: true,
-      });
-    } catch (err) {
-      t.ok(err.statusCode === 400, 'returns 400 bad request if voip carrier sid param is not a valid uuid');
-    }
 
     /* update voip carriers */
     result = await request.put(`/VoipCarriers/${sid}`, {

test/webapp_tests.js

@@ -243,20 +243,17 @@ test('webapp tests', async(t) => {
     t.ok(result.statusCode === 200 && 
       result.body.phonenumbers.length === 1 && result.body.applications.length === 1, 'retrieves test number and application');
 
-    /* try to update user name passing an invalid uuid */
-    try {
-      await request.put(`/Users/foobar`, {
-        resolveWithFullResponse: true,
-        json: true,
-        simple: false,
-        auth: authUser,
-        body: {
-          name: 'Jane Doe'
-        }
-      });
-    } catch (error) {
-      t.ok(error.statusCode === 400, 'returns 400 bad request if user sid param is not a valid uuid');
-    }
+    /* update user name */
+    result = await request.put(`/Users/foobar`, {
+      resolveWithFullResponse: true,
+      json: true,
+      simple: false,
+      auth: authUser,
+      body: {
+        name: 'Jane Doe'
+      }
+    });
+    t.ok(result.statusCode === 403, 'rejects attempt to update different user');
 
     /* update user name */
     result = await request.put(`/Users/${user_sid}`, {