ngcp-panel

Commit Graph

Author	SHA1	Message	Date
Kirill Solomko	d0eddeee57	MT#64280 add ngcp_admin_ui_jwt realm and X-NGCP-Admin-UI header * ngcp_admin_ui_jwt is a copy of api_admin_jwt realm but with use_session: 1 * ngcp_admin_ui_jwt is used when X-NGCP-Admin-UI header is provided Change-Id: Ia82f97df922a69866f7c7d63ad1566ff0fc4bc2a (cherry picked from commit `41fb2d22cc`)	3 months ago
Kirill Solomko	be69c8fa0f	MT#64067 fix subscriberpreferences PUT update_item * PUT update_item is fixed to properly expect 3 values Change-Id: Id63445f76ffbc312aadafc7b502fffd070eb0089 (cherry picked from commit `56b15e8197`)	5 months ago
Kirill Solomko	2d31d86c3d	MT#64067 address deadlock detection for preferences * improve Role/API/Preferences err_code callback to check deadlocks (via $self->check_deadlock) and set $process_extras->{retry_tx} = 1 so that the outer caller can act upon it and restart the transaction. * increase deadlock attempts from 2 to 5 as some deadlocks seem to take longer time to resolve. * wait 1 second between deadlock retry attempts as otherwise if a deadlock takes more than 1 second and all the retries are done within less than a second it will cause an error. * EntitiesItem: add support for retry_tx and call goto TX_START if $process_extras->{retry_tx} (when check_deadlock is processed externally, like in Utils::Preferences::update_item in the err_code callback). Change-Id: Ib56383710041c21d72782047a852353296c22215 (cherry picked from commit `eae620f204`)	5 months ago
Rene Krenn	ba8d64e746	MT#63706 skip_locked for DELETE /api/subscriber/id while acquiring locks is skipped nowadays for collections eg. a GET /api/subscribers/, timeouts were still reported for individual DELETE /api/subscriber/id requests. this change adds logic to skip acquiring locks for DELETE /api/subscribers. there is also a fix to make GET /api/subscribers/id and GET /api/subsriberpreferences/id work. Change-Id: Ie71abecd1f8387b9f56e8e0a47a5f1b16a6f308d (cherry picked from commit `2a5bd4c409`)	5 months ago
Marco Capetta	3f2b406c85	MT#63893 Fix typo in commit `3b17ab6c54` Change-Id: Ieaa0f18cfab821a2c85de1a3602946c1855c8dba (cherry picked from commit `4f64c07ac5`)	6 months ago
Marco Capetta	9a0b02014a	MT#63893 Call 'sip_dispatcher_reload' while changing peerings via API For scenarios when: * a peering server is enabled or disabled * a peering probe is enabled or disabled * a peering group with active peering servers or peering probes is removed a "sip_dispatcher_reload" XMLRPC request is sent to kamalilio-proxy, otherwise the dispatcher cache is not reflected and therefore, not available with the actual state until next kamailio-proxy restart. Change-Id: If3a98115224eb132126d5a53df7320cb6a33deba (cherry picked from commit `3b17ab6c54`)	6 months ago
Rene Krenn	86c7d19ec4	MT#63724 reduce contract_cnt limit to 10 select count(1) from (select 1 from Y .. limit X) can have a longer runtime, depending on order of rows in table Y. to better limit the runtime, X is reduced from 1000 to 10. the UI will show now "used by 10+ contracts" instead of "used by 1000+ contracts". Change-Id: I028b0569cd5f3325d4bd6bed314517b061e4659b (cherry picked from commit `82b253973e`)	7 months ago
Rene Krenn	340f92caac	MT#63706 skip_locked for GET /api/subscriber/id while acquiring locks is skipped meanwhile for collections eg. a GET /api/subscribers/, timeouts were still reported for individual GET /api/subscriber/id requests. this change adds logic to skip acquiring locks for GET /apu/subscribers/id and GET /api/subsriberpreferences/id. Change-Id: I0b739dd42947e30938e84b1339ba9b7535da8cb8 (cherry picked from commit `73664f29ba`)	7 months ago
Kirill Solomko	cdc9e6f464	MT#63597 fix /api/callists GET by id * GET by id no longer throws 500 error with DBIx::Class::Row::get_column(): No such column 'source_cli_suppression_id' Change-Id: I852451e001b5fbbbd8e6363bc36da0d5b06c1539 (cherry picked from commit `b6df422bba`)	7 months ago
Kirill Solomko	cb669386da	MT#63320 /api/vouchers rename to search by base64_code * the query parameter is now named base64_code to closely represent the expected value. * check and add trailing '=' if it's missing in the provided base64_code. Change-Id: I37c03cd663116d85b5115b5feee1eb6b282596be (cherry picked from commit `b74fbabccc`)	9 months ago
Kirill Solomko	a7c45f170c	MT#63320 fix /api/vouchers search by code * base64 code provided in the query params is now correctly re-encoded as encrypted base64 string to use in search. Change-Id: Id9e45079b260bdc51465a781124f6fbb636cf2db (cherry picked from commit `927be2a757`)	9 months ago
Kirill Solomko	2388101583	MT#63182 add deadlock detection for DELETE /api/subscribers Change-Id: Idce6eccdbd490e69349808b6965f8212fe3e6e37 (cherry picked from commit `aff1517a59`)	9 months ago
Fabricio Santolin da Silva	db111dfb8e	MT#63070 Add request for sems to clear its audio cache This patch add the request for sems to clear its audio cache when the SoundSet is updated. Change-Id: Id6970b429b211f93d088703dcdfac15dd8d43088 (cherry picked from commit `0850b11f8a`)	10 months ago
Kirill Solomko	528ebfc4c8	MT#63199 /api/subscriberpreferences add lockwait and deadlock detection * lockwait and deadlock detection is now in place for ALL /api/subscriberpreferences endpoint methods. Change-Id: Icb613677dfca1187b3a1e707588ad6e9547d3c9a (cherry picked from commit `9ee717744a`)	10 months ago
Kirill Solomko	fbc76543bb	MT#63182 /api/subscribers add lockwait and deadlock detection * API::check_deadlock() add lockwait detection. * lockwait and deadlock detection is now in place for ALL /api/subscribers endpoint methods. because of logic complexity it uses own deadlock detection instead of relying on Entities. It however uses $self->check_deadlock() and similar logic. Change-Id: Idc1876910711563fe14c878541e350ad373d6d31 (cherry picked from commit `3bb3d9e4e4`)	10 months ago
Kirill Solomko	46e6b95568	MT#62705 improve peer_auth registrations support * DELETE /api/peeringgroups and PUT/PATCH/DELETE /api/peeringservers now call sip_create_peer_registration or delete_peer_registration correspondingly to correctly reflect the registartion on related changes * rework Panel::Utils::Peering create_peer_registration() and delete_peer_registration() - use provisioning peer db object in the argument instead of a separate hash to simplify its logic - adjust related UI parts that call these functions as well as cleanup now unnesessary code from there * Panel::Utils::Peering: remove '_' prefix from _sip* functions as they are not private but rather public class methods * Panel::Utils::Preferences - add suport for 'peer_auth' updates for type='peerings' (was only supported for 'subscribers') - remove '_' prefix from _is_peer_auth_active() * Panel::Utils::Sems - simplify peer registration by using the the db object (same as for subscribers) - only create/delete peer registration when the peering is enabled, otherwise there will be errors related to unavailable $prov_peer->lcr_gw->id Change-Id: I0fc79a6580fd17aa34df870fb7a93e33edfff15b (cherry picked from commit `4d26ca5c9a`)	12 months ago
Rene Krenn	d2012c1ee8	MT#62283 exclude "for update no lock" in tests Change-Id: I12ff4d1f8ba0b150a1918de40dafa1efd6a92c10 (cherry picked from commit `764ab7d2d1`)	12 months ago
Rene Krenn	b83fedd610	MT#62283 "for update no lock" logic for GET /subscribers and /contracts to unblock the web UI on heavy loaded systems with call rating enabled, "select .. for update no lock" will no longer wait for acquiring locks when retrieving subscriber or contract contract pages. the contract_balance record creation is will be skipped for such contracts that are locked elsewhere. for rails such as /customerbalances, an explicit contract id row lock timeout is introduced, so it does not depend on the mariadb wait_timeout. Change-Id: I6e96342f3f761279a5876c871d2477977823a39e (cherry picked from commit `82af5cf518`)	12 months ago
Kirill Solomko	26ffaf0d82	MT#62600 fix UI invoice create/edit * fix Invoice create/edit operation error Couldn't render template "invoice/create.tt: file error - invoice/create.tt: not found"<BB> that was related to an incomplete restricted function call. Change-Id: Ic457f180ca99fcdacd51b2ba3bb5606719ea9bdd (cherry picked from commit `7a7c5cd364`)	1 year ago
Marco Capetta	ab34a06fe8	MT#62546 Fix permanent registration nat flags Due to changes in how kamailio manage the NAT contacts and the corresponding natping, the flags that the API or web interface sets while a permanent registration is created have to be updated. Before: * Default cflag is set to 0 (natping disabled) * If nat option, then cflag is set to 64 New: * Default cflag is set to 256 (netping disabled) * If nat option, then cflag is set to 128 Change-Id: I39b1d7a697ef72267fd8a05edf0552d2c1403733 (cherry picked from commit `1be3f5a257`)	1 year ago
Kirill Solomko	ae5a3b73fe	MT#62178 fix external_id, profile auto removal for subscriber roles * fix 'subscriber' and 'subscriberadmin' roles using PATCH to cause external_id, and profile fields removed. * remove profile_id field from the 'subscriber' and 'subscriberadmin' form Change-Id: Id8bb068ca7fcac2c0c5954f2ed79e841d18ac398 (cherry picked from commit `97e457c92b`)	1 year ago
Kirill Solomko	4899e86fdb	MT#61572 allow subscriber to GET resellerbrandinglogos * 'subscriber' role can now GET resellerbrandinglogos * fix 'subscriberadmin' role access to POST resellerbrandinglogos Change-Id: I4002117e15e5557dfbfe887dea3773d8704aeb14 (cherry picked from commit `989e7b5640`)	1 year ago
Kirill Solomko	8c69ddf504	MT#62180 /api/subscribers prevent subscribers from POST/DELETE * regular subscribers should not be able to use POST as they are not allowed to create other subscribers, nor other PBX groups. resource. * they should not be able to use DELETE as they cannot delete themselves nor other subscribers, nor PBX groups. Change-Id: Idaacb344b65ff8c5da9f4c3649a9b4089938a82c (cherry picked from commit `4eace822b5`)	1 year ago
Kirill Solomko	25381e726b	MT#62093 return 403 Banned for banned users * add banned user redirect for API requests Change-Id: I0b09879c2e0802c8cc649c92c239449742314b56 (cherry picked from commit `d5fd8679fe`)	1 year ago
Rene Krenn	55b06ee835	MT#61558 fix reseller (branding) license restriction some rails got disabled when introducing the fine-grained license restrictions in api/panel, ie. reseller branding. Change-Id: I0b3690d8e0353c31f2c8680db63c4dd4df7600fe (cherry picked from commit `9f4c50c5dd`)	1 year ago
Rene Krenn	6db10cc3f7	MT#60197 support deleting call recordings per subscriber admin panel will no longer delete callrecordings for all parties of the call, but the single subscriber only. rest-api, behaves the same way, if the ?subscriber_id= parameter is provided. when a callrecording is deleted by all call parties, the remaining records and recording files will be dropped. Change-Id: I61f667bdb074a935a8a04473a3685b10e5e09222 (cherry picked from commit `1c09e2773a`)	1 year ago
Marco Capetta	2dddd7ec82	MT#60864 Fix Sync Email Templates button behavior The 'Sync Email Templates' button is shown in the Email Templates page in case some templates is missing for a reseller. The problem is that the button takes into consideration also resellers that are already terminated and for which the template is not needed anymore. Thus the query has been in fixed in order adding: r.status != 'terminated' Change-Id: I2dd551166ae777c8967eae3bda989b669b46b5c0 (cherry picked from commit `97adbaf8e7`)	2 years ago
Marco Capetta	c27388f218	MT#60756 Fix subscriberprofiles POST api call as reseller Administrators with reseller role were not able to create new subscriberprofiles because API was fialing with 500 error. In particular: LOG="«DBIx::Class::Row::store_column(): No such column 'reseller_id' on NGCP::Panel::Model::DB::voip_subscriber_profiles at /usr/share/perl5/NGCP/Panel/Controller/API/SubscriberProfiles.pm line 172» The error was caused by the addition of the reseller_id info in the $resourse even if not needed. Change-Id: I7970a2716d7af959639937a9a844160ab73a9176 (cherry picked from commit `d40126ef0a`)	2 years ago
Marco Capetta	4828b02c20	MT#59979 permit GET on resellers and billing profiles items even without license In some cases the UI requires to GET information from a specific reseller or billing profile because needed to show/created other endpoints (for example 'customers'). Due to that it has been added the possiiblity to do the GET not only of the list of the resellers and biling profiles, but also of each specific item. Change-Id: Iebbbbc494ce71e616d8e41ca20e97bebce7998b8 (cherry picked from commit `a2a01d4690`)	2 years ago
Kirill Solomko	8009635013	MT#59449 fix subscriber auth attempts without username * subscriber login attempts without Basic Auth are now correctly intercepted and returned as 403 Forbidden Change-Id: I3deb60d8ac4f107bccd6422d27426e39a39e50f1 (cherry picked from commit `0a9fb5d28b`)	2 years ago
Kirill Solomko	73468cabde	MT#60558 move max license checks for POST /api/subscribers * the relevant max license checkes are moved from Controller::API::Subscribers::POST to Utils::Subscribers::prepare_resource because there we fetch customer_id from the pilot subscriber in case of pbx subscriberadmin requests that is neccessary for PBX subscribers max license check. Change-Id: I2d1c212d73fe5b9295d1595b4fffebeb67b61e5a (cherry picked from commit `e2e1776090`)	2 years ago
Kirill Solomko	4edd8bdc7c	MT#59449 add progressive user bans support * users are now progressively banned. * ban_min_time is used to ban a user for the first time. * consecutive ban is ban_min_time + ban_increment * ban_increment_stage * ban_max_time is the absolute maximum ban time that is not increased any further. * a successful login resets the ban_increment_stage. Change-Id: I4d7e1a93d7a21d21a0dcf69d856a872d2ed75ea0 (cherry picked from commit `2972d3b62d`)	2 years ago
Kirill Solomko	c71fe13057	MT#59449 fix password validation enabled/disabled, admins * correctly detect and skip password validation when sip_validatation or web_validation is not enabled respectively * better detect web password for admin users * /api/admins PUT/PATCH now also correctly checks last used passwords Change-Id: I9a6fa9b8e30ae2b81d2852dec0e1f9d858be13ef (cherry picked from commit `e6b29d3e7b`)	2 years ago
Kirill Solomko	cfe0a44b8d	MT#60585 add user ban by IP address, ban JWT invalid attempts * ban users by IP addresses * ban invalid JWT attempts Change-Id: I0c7746aa751ca96cba0ce4d1388646ba4890a422	2 years ago
Kirill Solomko	60fa23cb68	MT#60585 add user ban support * users for admin/subscriber realms are now banned if failed to login X amount of times (UI/API). * rework Redis connection and it's now a Catalyst plugin NGCP::Redis accessed by $c->redis_get_connection({database => 19}), the connection per database, per worker process is established only once and then reused (with auto built-in reconnect support). * remove Utils::Redis.pm as it does not have any code/logic anymore. * ban values are taken from $config->{security}{login} as - ban_enable: 1 - ban_expire_time: 3600 ban expire time in seconds - max_attempts: 5 * if max_attempts set to 0, the ban functionality is disabled as it requires to be at least 1 to work. * upon successful login or ban, the failed attempts counter is removed * the failed attempts counter is also removed automatically with the expire time equals "ban_expire_time" or otherwise 3600 seconds. * user bans are logged into panel.log * banned user receives exactly the same return page/codes as per invalid logic. Change-Id: I05cc68c623ee289488fc64f1af50527004dcaae1	2 years ago
Kirill Solomko	d9f283cbc8	MT#59449 enhance password validation and handling * passwords are now validated based on - minlen - maxlen - min lower case chars - min uppper case chars - min digits - min special chars * Data::Password::zxcvbn is used to calculate password score and reject passwords with score < 3 as weak (this library is ported from the Dropbox password validation) * Add password journals and check last used passwords in the journals * Improve password generator javascript function to generate a password with at least 4 of each of the char group types. * Currently affected are subcriber and admin entry creation or modification via UI/API * NGCP::Utils::Auth add optional bcrypt_cost support as last argument for generate_salted_hash and get_usr_salted_pass Change-Id: I100c25107d91741d5101bc58d29a3fa558b0b017	2 years ago
Kirill Solomko	43d112bd5e	MT#60558 add max subscribers/groups license checks * max_subscribers, max_pbx_subscribers, max_pbx_groups license checks are added for subscriber/group creation in UI/API * new accessor $c->license_meta that returns meta license flags hashref * new accessor $c->license_max_subscribers * new accessor $c->license_max_pbx_subscribers * new accessor $c->license_max_pbx_groups * the new accessors (except license_meta) return -1 instead of 'unlimited' to ease off comprarsion * 403 Forbidden is returned by the API if a license is violated. Change-Id: I3f5a949efc84bf85b76b33404b37b362ec484d5f	2 years ago
Kirill Solomko	9d021be65a	MT#59979 add license control * UI and API parts are now under license control * new Util::License::get_license($c, $name) - fetches license status by name (1 if enabled, and also if /proc/ngcp/check if 'ok') * add Catalyst::Plugins::NGCP::License with license($name) to fetch valid license by name from anywhere using $c->license('pbx') or from the templates using c.license('pbx'). It internally uses Util::License::get_license($c, $name) * License::get_license_status($c) now requires $c as first argument as well logs license status check errors. * new ActionRoles::License that enables usage of :Does(License) RequiresLicense('pbx') LicenseDetachTo('/denied_page') in the Controller chains * Add license control for UI elements and return 403 Forbidden if a resource is covered by licenses and the license is not active * Hide UI elements if a license is not active * API/Entities/Entities new $c->set_config key: - per endpoint: $c->set_config({ required_licenses => [qw/pbx device_provisioning/] } - or per method: $c->set_config({ required_licenses => { POST => [qw/pbx device_provisioning/] } } } * In case if an API endpoint does not have a license: 403 Forbidden "Invalid license" reply is returned. * Add license based restrictions to API endpoints * /api documentation: - completely hide endpoints that do not have an active license - hide only methods that does not have an active license Change-Id: Iba45fc5068b02306a617fed7b5405f2210574b61	2 years ago
Rene Krenn	9c103302c8	MT#60575 dynamically load provisioning templates module Change-Id: Ibff509825f82a75c9b0221505a1673d78b401989	2 years ago
Kirill Solomko	10a88cf669	MT#58964 /api/platforminfo add license_meta * new Utils::License::get_license_meta($c) to fetch license meta ({} by default) that contains license related metadata such as current and max amount of subcsribers and license valid until date. currently the following data is fetched from /proc/ngcp check current_calls current_pbx_groups current_pbx_subscribers current_registered_subscribers current_subscribers license_valid_until max_calls max_pbx_groups max_pbx_subscribers max_registered_subscribers max_subscribers valid * Controller::API::Root platforminfo now also returns license_meta Change-Id: I323cdfd646335a408e0150ecd69ad950fa0461ab	2 years ago
Kirill Solomko	522fd97020	MT#58964 /api/platforminfo add licenses info * NGCP::Utils::License new function get_licenses() that reads /proc/ngcp/flags/ and returns all files with content 1. * api/platforminfo.tt template now calls a stashed callback (coderef) that decodes provided json file, includes licenses and returns encoded the json back. * ngcp-panel.service changes # Files + directories not directly associated are made invisible in the /proc/ file system # ProcSubset=pid # Disabled: MT#58964, to be able to read /proc/ngcp/flags/ # Processes owned by other users are hidden from /proc/ # ProtectProc=invisible # Disabled: MT#58964, to be able to read /proc/ngcp/flags/ Change-Id: I84b6707a918e3f4f271e32b9353f320753c5ae68	2 years ago
Kirill Solomko	ca908bf629	MT#60400 /api/soundsets remove null search detection * customer_id search param now has the same search logic as the rest as it had before 'null' detection and conversion => 'undef' whereas it's not needed anymore because it's now supported globally. The change also fixes an empty response issue. Change-Id: If95de44d16ca2871da72d0ee019850802a3a94dd	2 years ago
Kirill Solomko	5d26436c05	MT#60392 /api/ncoslnpcarriers fix reseller role typo * fix reseller role typo in allowed_roles Change-Id: Ia2da00f7317eb64cfbe0e2c5069a75a9b24e24e5	2 years ago
Kirill Solomko	244b4f786b	MT#60392 /api/ncoslnpcarriers allow reseller * resellers should be able to create/update and delete NCOS LNP Carrier entries using exising LNP Carriers. Change-Id: I85d900c194d46af8d888e2f854729a3ca52711fe	2 years ago
Kirill Solomko	775ec90d5d	MT#60392 /api/lnpcarriers allow reseller GET * reseller role can use GET on the endpoint because it is needed for an NCOS Levels (which resellers can create). Change-Id: Ic793b0d74e767eb9e150a6ae3c67ff9f51c8cf6c	2 years ago
Kirill Solomko	6543743992	MT#60162 improve expand functionality for collections * in general expand collection now performs only 1 sql query to per expand field to fetch all items by the ids instead of fetching them for every single collection item, that should significantly increase performance in case of large databases and reduce work for the database * introduce $c->stash->{expand_cache} that contains cached data for the expand fields to avoid multiple same calculations * expand_field() and expand_field_data() have been reworked to support expand_cache * new method expand_prepare_collection() is called for all API GET collection methods before preparing resource hal fields, to change the expand logic to only cache the data instead of fetching it from the database * new method expand_collection_fields() that is called in all API GET collection methods after the @embedded data is prepared to finalise the expand collection fields * for expand collection there is only 1 SQL request per expand field that fetches all items -in [ids to expand] and then the expand_collection_fields() uses the cached items_by_ids with O(1) fetch from the cache by id Change-Id: Ie7c6115472878febf0d8c9b4d833f5c23b15c78b	2 years ago
Kirill Solomko	9a2d66a00a	MT#60238 /api/customerpreferences allow subscriberadmin * subscriberadmin roles can now handle customer preferences belonging to the same customer and only those with expose_to_customer = '1' Change-Id: Iae9ab5d4a96a065b1a627d180dd523e805d954f3	2 years ago
Kirill Solomko	0d8d68d9a5	MT#60236 /api/mailtofaxsettings allow subscriber roles * subscriberadmin and subscriber can now use /api/mailtofaxsettings * adapt item_rs query for subscriberadmin and subscriber so that subscriberadmin can have access to all 'own' subscribers Change-Id: If8e768c5c06bc4e5f0a6ef9d15e19f542d8b6a4d	2 years ago
Kirill Solomko	f2478178f0	MT#60119 allow pbxfielddeveicepreferences to subscriberadmin role * subscriberadmin role can now CRUD preferences for devices that are assigned to the customer. Change-Id: I09fe3c3b2ed670f0411970dc6402486a3cf6d4be	2 years ago
Marco Capetta	42f8747a6f	MT#59749 Add use_redirection flag to Call Forwards configuration This new flag controls wether the CF is processed as usual (flag with value 0, default) or generates a 302 redirect message back to the caller (flag with value 1). The implementation cover both the UI and the API. Change-Id: Idf945262e17de0d77bb612101d268fd6ea7a309e	2 years ago

1 2 3 4 5 ...

1994 Commits (d0eddeee57c29f68bd91922f552a92a58a8bb80f)