From b36aa9e975f6b6256c45b6cf814227831e846526 Mon Sep 17 00:00:00 2001
From: Denys Smirnov <dennwc@pm.me>
Date: Thu, 31 Oct 2024 11:20:10 +0200
Subject: [PATCH] Better validation for trunk security.

---
 livekit/sip.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/livekit/sip.go b/livekit/sip.go
index 64220ea3..98864db5 100644
--- a/livekit/sip.go
+++ b/livekit/sip.go
@@ -171,6 +171,12 @@ func (p *UpdateSIPInboundTrunkRequest) Validate() error {
 }
 
 func (p *SIPInboundTrunkInfo) Validate() error {
+	hasAuth := p.AuthUsername != "" || p.AuthPassword != ""
+	hasCIDR := len(p.AllowedAddresses) != 0
+	hasNumbers := len(p.Numbers) != 0 // TODO: remove this condition, it doesn't really help with security
+	if !hasAuth && !hasCIDR && !hasNumbers {
+		return errors.New("for security, one of the fields must be set: AuthUsername+AuthPassword, AllowedAddresses or Numbers")
+	}
 	if err := validateHeaders(p.Headers); err != nil {
 		return err
 	}