npm - @bitcall/webrtc-sip-gateway - Versions diffs - 0.2.7 → 0.2.8 - Mend

@bitcall/webrtc-sip-gateway 0.2.7 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -5,7 +5,7 @@ Linux-only CLI to install and operate the Bitcall WebRTC-to-SIP gateway.
 ## Install
 ```bash
-sudo npm i -g @bitcall/webrtc-sip-gateway@0.2.7
+sudo npm i -g @bitcall/webrtc-sip-gateway@0.2.8
 ```
 ## Main workflow
@@ -22,8 +22,14 @@ ports only. Host IPv6 remains enabled for signaling and non-media traffic.
 Backend selection prefers nftables on non-UFW hosts and uses ip6tables when UFW
 is active.
+Default `init` and `init --dev` run in dev profile:
+- `BITCALL_ENV=dev`
+- `ROUTING_MODE=universal`
+- provider allowlist/origin/source IPs are permissive by default (with warnings)
 Use `sudo bitcall-gateway init --production` for strict input validation and
-hardening checks.
+hardening checks. Production universal routing requires explicit
+`ALLOWED_SIP_DOMAINS`.
 Use `--verbose` to stream apt/docker output during install. Default mode keeps
 console output concise and writes command details to
 `/var/log/bitcall-gateway-install.log`.

package/lib/constants.js CHANGED Viewed

@@ -14,7 +14,7 @@ module.exports = {
   SSL_DIR: path.join(GATEWAY_DIR, "ssl"),
   ENV_PATH: path.join(GATEWAY_DIR, ".env"),
   COMPOSE_PATH: path.join(GATEWAY_DIR, "docker-compose.yml"),
-  DEFAULT_GATEWAY_IMAGE: "ghcr.io/bitcallio/webrtc-sip-gateway:0.2.7",
+  DEFAULT_GATEWAY_IMAGE: "ghcr.io/bitcallio/webrtc-sip-gateway:0.2.8",
   DEFAULT_PROVIDER_HOST: "sip.example.com",
   DEFAULT_WEBPHONE_ORIGIN: "*",
   RENEW_HOOK_PATH: "/etc/letsencrypt/renewal-hooks/deploy/bitcall-gateway.sh",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bitcall/webrtc-sip-gateway",
-  "version": "0.2.7",
+  "version": "0.2.8",
   "description": "Linux CLI for bootstrapping and managing the Bitcall WebRTC-to-SIP Gateway",
   "repository": {
     "type": "git",

package/src/index.js CHANGED Viewed

@@ -40,7 +40,7 @@ const {
   isMediaIpv4OnlyRulesPresent,
 } = require("../lib/firewall");
-const PACKAGE_VERSION = "0.2.7";
+const PACKAGE_VERSION = "0.2.8";
 const INSTALL_LOG_PATH = "/var/log/bitcall-gateway-install.log";
 function printBanner() {
@@ -545,6 +545,7 @@ function toOriginPattern(origin) {
 }
 function normalizeInitProfile(initOptions = {}, existing = {}) {
+  void existing;
   if (initOptions.dev && initOptions.production) {
     throw new Error("Use only one mode: --dev or --production.");
   }
@@ -554,7 +555,7 @@ function normalizeInitProfile(initOptions = {}, existing = {}) {
   if (initOptions.dev) {
     return "dev";
   }
-  return existing.BITCALL_ENV || "dev";
+  return "dev";
 }
 async function runPreflight(ctx) {
@@ -603,12 +604,20 @@ async function runPreflight(ctx) {
 function printSummary(config, devWarnings) {
   const allowedCount = countAllowedDomains(config.allowedDomains);
   const showDevWarnings = config.bitcallEnv === "dev";
+  const providerAllowlistSummary =
+    allowedCount > 0
+      ? config.allowedDomains
+      : config.bitcallEnv === "production"
+        ? isSingleProviderConfigured(config)
+          ? "(single-provider mode)"
+          : "(missing)"
+        : "(any)";
   console.log("\nSummary:");
   console.log(`  Domain: ${config.domain}`);
   console.log(`  Environment: ${config.bitcallEnv}`);
   console.log(`  Routing: ${config.routingMode}`);
   console.log(
-    `  Provider allowlist: ${allowedCount > 0 ? config.allowedDomains : "(any)"}${showDevWarnings && allowedCount === 0 ? " [DEV WARNING]" : ""}`
+    `  Provider allowlist: ${providerAllowlistSummary}${showDevWarnings && allowedCount === 0 ? " [DEV WARNING]" : ""}`
   );
   console.log(
     `  Webphone origin: ${config.webphoneOrigin === "*" ? `(any)${showDevWarnings ? " [DEV WARNING]" : ""}` : config.webphoneOrigin}`
@@ -629,6 +638,10 @@ function printSummary(config, devWarnings) {
   }
 }
+function shouldRequireAllowlist(bitcallEnv, routingMode) {
+  return bitcallEnv === "production" && routingMode === "universal";
+}
 function parseProviderFromUri(uri = "") {
   const clean = uri.replace(/^sip:/, "");
   const [hostPort, transportPart] = clean.split(";");
@@ -698,16 +711,12 @@ async function runWizard(existing = {}, preflight = {}, initOptions = {}) {
     let turnExternalUsername = "";
     let turnExternalCredential = "";
     let webphoneOrigin = existing.WEBPHONE_ORIGIN || DEFAULT_WEBPHONE_ORIGIN;
-    let configureUfw = initOptions.dev ? true : await prompt.askYesNo("Configure UFW firewall rules now?", true);
+    let configureUfw = await prompt.askYesNo("Configure UFW firewall rules now?", true);
     let mediaIpv4Only = existing.MEDIA_IPV4_ONLY ? existing.MEDIA_IPV4_ONLY === "1" : true;
     if (!advanced) {
       acmeEmail = acmeEmail || (await prompt.askText("Let's Encrypt email", "", { required: true }));
-      if (!initOptions.dev) {
-        turnMode = await prompt.askYesNo("Enable built-in TURN (coturn)?", true) ? "coturn" : "none";
-      } else {
-        turnMode = "coturn";
-      }
+      turnMode = await prompt.askYesNo("Enable built-in TURN (coturn)?", true) ? "coturn" : "none";
       const quickDefaults = buildQuickFlowDefaults(initProfile, existing);
       bitcallEnv = quickDefaults.bitcallEnv;
       routingMode = quickDefaults.routingMode;
@@ -748,11 +757,6 @@ async function runWizard(existing = {}, preflight = {}, initOptions = {}) {
       if (!initOptions.dev && !initOptions.production) {
         bitcallEnv = await prompt.askChoice("Environment", ["production", "dev"], bitcallEnv === "dev" ? 1 : 0);
       }
-      allowedDomains = await prompt.askText(
-        "Allowed SIP domains (comma-separated)",
-        allowedDomains
-      );
       routingMode = await prompt.askChoice(
         "Routing mode",
         ["universal", "single-provider"],
@@ -791,6 +795,15 @@ async function runWizard(existing = {}, preflight = {}, initOptions = {}) {
         sipProviderUri = `sip:${sipProviderHost}:${sipPort};transport=${sipTransport}`;
       }
+      const requireAllowlist = shouldRequireAllowlist(bitcallEnv, routingMode);
+      allowedDomains = await prompt.askText(
+        requireAllowlist
+          ? "Allowed SIP domains (comma-separated; required in production universal mode)"
+          : "Allowed SIP domains (comma-separated)",
+        allowedDomains,
+        { required: requireAllowlist }
+      );
       sipTrustedIps = await prompt.askText(
         "Trusted SIP source IPs (optional, comma-separated)",
         sipTrustedIps
@@ -888,11 +901,9 @@ async function runWizard(existing = {}, preflight = {}, initOptions = {}) {
     const devWarnings = config.bitcallEnv === "dev" ? buildDevWarnings(config) : [];
     printSummary(config, devWarnings);
-    if (!(initOptions.dev && !advanced)) {
-      const proceed = await prompt.askYesNo("Proceed with provisioning", true);
-      if (!proceed) {
-        throw new Error("Initialization canceled.");
-      }
+    const proceed = await prompt.askYesNo("Proceed with provisioning", true);
+    if (!proceed) {
+      throw new Error("Initialization canceled.");
     }
     return config;
@@ -1479,6 +1490,7 @@ module.exports = {
   validateProductionConfig,
   buildDevWarnings,
   buildQuickFlowDefaults,
+  shouldRequireAllowlist,
   isOriginWildcard,
   isSingleProviderConfigured,
   printRequiredPorts,