From 31559cbb3bf3ac043d71b23decdc86d2b190b2ed Mon Sep 17 00:00:00 2001
From: Hoan Luu Huu <110280845+xquanluu@users.noreply.github.com>
Date: Thu, 9 Nov 2023 00:39:56 +0700
Subject: [PATCH] user restriction (#520)

---
 lib/middleware.js               | 18 +++++++++++++-----
 lib/utils/install-srf-locals.js |  4 +++-
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/lib/middleware.js b/lib/middleware.js
index e7d0876b..9c123260 100644
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -23,7 +23,8 @@ module.exports = function(srf, logger) {
     lookupAppBySid,
     lookupAppByRealm,
     lookupAppByTeamsTenant,
-    registrar
+    registrar,
+    lookupClientByAccountAndUsername
   }  = srf.locals.dbHelpers;
   const {
     writeAlerts,
@@ -48,10 +49,17 @@ module.exports = function(srf, logger) {
     const account_sid = req.get('X-Account-Sid');
     req.locals = {callSid, account_sid, callId};
 
-    if (req.has('X-Authenticated-User')) req.locals.originatingUser = req.get('X-Authenticated-User');
+    let clientDb = null;
+    if (req.has('X-Authenticated-User')) {
+      req.locals.originatingUser = req.get('X-Authenticated-User');
+      const arr = /^(.*)@(.*)/.exec(req.locals.originatingUser);
+      if (arr) {
+        [clientDb] = await lookupClientByAccountAndUsername(account_sid, arr[1]);
+      }
+    }
 
     // check for call to application
-    if (uri.user?.startsWith('app-') && req.locals.originatingUser) {
+    if (uri.user?.startsWith('app-') && req.locals.originatingUser && clientDb.allow_direct_app_calling) {
       const application_sid = uri.user.match(/app-(.*)/)[1];
       logger.debug(`got application from Request URI header: ${application_sid}`);
       req.locals.application_sid = application_sid;
@@ -61,13 +69,13 @@ module.exports = function(srf, logger) {
       req.locals.application_sid = application_sid;
     }
     // check for call to queue
-    if (uri.user?.startsWith('queue-') && req.locals.originatingUser) {
+    if (uri.user?.startsWith('queue-') && req.locals.originatingUser && clientDb.allow_direct_queue_calling) {
       const queue_name = uri.user.match(/queue-(.*)/)[1];
       logger.debug(`got Queue from Request URI header: ${queue_name}`);
       req.locals.queue_name = queue_name;
     }
     // check for call to registered user
-    if (!JAMBONES_DISABLE_DIRECT_P2P_CALL && req.locals.originatingUser) {
+    if (!JAMBONES_DISABLE_DIRECT_P2P_CALL && req.locals.originatingUser && clientDb.allow_direct_user_calling) {
       const arr = /^(.*)@(.*)/.exec(req.locals.originatingUser);
       if (arr) {
         const sipRealm = arr[2];
diff --git a/lib/utils/install-srf-locals.js b/lib/utils/install-srf-locals.js
index bfd1812c..9ff35b62 100644
--- a/lib/utils/install-srf-locals.js
+++ b/lib/utils/install-srf-locals.js
@@ -140,7 +140,8 @@ function installSrfLocals(srf, logger) {
     lookupTeamsByAccount,
     lookupAccountBySid,
     lookupAccountCapacitiesBySid,
-    lookupSmppGateways
+    lookupSmppGateways,
+    lookupClientByAccountAndUsername
   } = require('@jambonz/db-helpers')({
     host: JAMBONES_MYSQL_HOST,
     user: JAMBONES_MYSQL_USER,
@@ -217,6 +218,7 @@ function installSrfLocals(srf, logger) {
       lookupAccountBySid,
       lookupAccountCapacitiesBySid,
       lookupSmppGateways,
+      lookupClientByAccountAndUsername,
       updateCallStatus,
       retrieveCall,
       listCalls,