mirror of
https://github.com/jambonz/jambonz-api-server.git
synced 2026-02-09 02:29:59 +00:00
44 lines
1.3 KiB
JavaScript
44 lines
1.3 KiB
JavaScript
const router = require('express').Router();
|
|
const Webhook = require('../../models/webhook');
|
|
const decorate = require('./decorate');
|
|
const sysError = require('../error');
|
|
const {DbErrorForbidden} = require('../../utils/errors');
|
|
const { parseWebhookSid } = require('./utils');
|
|
const {promisePool} = require('../../db');
|
|
|
|
decorate(router, Webhook, ['add']);
|
|
|
|
/* retrieve */
|
|
router.get('/:sid', async(req, res) => {
|
|
const logger = req.app.locals.logger;
|
|
|
|
try {
|
|
const sid = parseWebhookSid(req);
|
|
const results = await Webhook.retrieve(sid);
|
|
|
|
if (results.length === 0) return res.status(404).end();
|
|
|
|
if (req.user.hasAccountAuth) {
|
|
/* can only update carriers for the user's account */
|
|
if (results[0].account_sid !== req.user.account_sid) {
|
|
throw new DbErrorForbidden('insufficient privileges');
|
|
}
|
|
}
|
|
if (req.user.hasServiceProviderAuth) {
|
|
const [r] = await promisePool.execute(
|
|
'SELECT service_provider_sid from accounts WHERE account_sid = ?', [results[0].account_sid]
|
|
);
|
|
if (r.length === 1 && r[0].service_provider_sid === req.user.service_provider_sid) {
|
|
return;
|
|
}
|
|
throw new DbErrorForbidden('insufficient permissions');
|
|
}
|
|
return res.status(200).json(results[0]);
|
|
}
|
|
catch (err) {
|
|
sysError(logger, res, err);
|
|
}
|
|
});
|
|
|
|
module.exports = router;
|