Better validation for trunk security.

livekit · Oct 31, 2024 · b36aa9e · b36aa9e
1 parent 211fc07
commit b36aa9e
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/livekit/sip.go b/livekit/sip.go
@@ -171,6 +171,12 @@ func (p *UpdateSIPInboundTrunkRequest) Validate() error {
 }
 
 func (p *SIPInboundTrunkInfo) Validate() error {
+	hasAuth := p.AuthUsername != "" || p.AuthPassword != ""
+	hasCIDR := len(p.AllowedAddresses) != 0
+	hasNumbers := len(p.Numbers) != 0 // TODO: remove this condition, it doesn't really help with security
+	if !hasAuth && !hasCIDR && !hasNumbers {
+		return errors.New("for security, one of the fields must be set: AuthUsername+AuthPassword, AllowedAddresses or Numbers")
+	}
 	if err := validateHeaders(p.Headers); err != nil {
 		return err
 	}