apunkt/dograh
1
0
Fork 0
mirror of https://github.com/dograh-hq/dograh.git synced 2026-06-07 07:55:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
dograh/api/routes
History
Exact
shiminshen 51ab9303ec
fix(webrtc): enforce embed allowed-domain policy on public signaling websocket (#388) 
The public WebRTC signaling WebSocket (`/public/signaling/{session_token}`)
validated only the session token and its expiry, not the embed token's
allowed-domain policy that the HTTP embed endpoints already enforce. A leaked
or replayed session token could therefore attach to the signaling path from
an arbitrary origin.

Validate the request origin against `embed_token.allowed_domains` (reusing the
existing `validate_origin` helper) before the signaling handoff, rejecting
disallowed origins with a 1008 close — mirroring the HTTP embed endpoints.

Closes #330

Co-authored-by: shiminshen <16914659+shiminshen@users.noreply.github.com>
2026-06-02 13:10:30 +05:30
..
__init__.py Initial Commit 🚀 🚀 2025-09-09 14:37:32 +05:30
agent_stream.py feat: add headless mode, redesign floating widget, refactor lifecycle callbacks (#268) 2026-05-07 12:23:41 +05:30
auth.py feat: add posthog signup and signin events, enable backend posthog events for oss version (#249) 2026-04-24 12:02:52 +05:30
campaign.py feat: add Tuner Integration to Dograh (#311) 2026-05-20 14:37:33 +05:30
credentials.py feat: refactor node spec and add mcp tools (#244) 2026-04-21 07:56:16 +05:30
folder.py feat: add google stt and tts. add folders to organize agents 2026-05-22 14:36:50 +05:30
knowledge_base.py feat: add Azure AI multi-provider support (TTS, STT, Embeddings, Realtime) (#381) 2026-06-02 12:50:00 +05:30
main.py feat: add google stt and tts. add folders to organize agents 2026-05-22 14:36:50 +05:30
node_types.py feat: refactor node spec and add mcp tools (#244) 2026-04-21 07:56:16 +05:30
organization.py feat: add telnyx webhook api key in telephony config (#270) 2026-05-09 18:03:42 +05:30
organization_usage.py feat: add transcript and recording public URLs in API 2026-05-26 15:11:56 +05:30
public_agent.py feat: add google stt and tts. add folders to organize agents 2026-05-22 14:36:50 +05:30
public_download.py feat: add Tuner Integration to Dograh (#311) 2026-05-20 14:37:33 +05:30
public_embed.py feat: allow turn credentials fetching from embed agent 2026-02-04 13:52:44 +05:30
reports.py Initial Commit 🚀 🚀 2025-09-09 14:37:32 +05:30
s3_signed_url.py chore: remove looptalk (#299) 2026-05-16 17:45:12 +05:30
service_keys.py Initial Commit 🚀 🚀 2025-09-09 14:37:32 +05:30
superuser.py feat: add qa node in workflow builder (#172) 2026-02-25 13:53:30 +05:30
telephony.py feat: add ultravox realtime and fix signature issue in telephony (#345) 2026-05-23 12:51:55 +05:30
tool.py feat: create tools using MCP 2026-05-31 16:50:44 +05:30
turn_credentials.py feat: add coturn configurations (#143) 2026-02-03 13:52:50 +05:30
user.py feat: add Rime TTS 2026-04-07 14:05:47 +05:30
webrtc_signaling.py fix(webrtc): enforce embed allowed-domain policy on public signaling websocket (#388) 2026-06-02 13:10:30 +05:30
workflow.py Add Sarvam LLM, update Sarvam STT models, expose usage_info on run detail (#351) 2026-06-01 10:29:31 +05:30
workflow_embed.py feat: add posthog events (#231) 2026-04-10 17:52:21 +05:30
workflow_recording.py feat: refactor node spec and add mcp tools (#244) 2026-04-21 07:56:16 +05:30
workflow_text_chat.py feat: add chat based testing for voice agent (#308) 2026-05-21 15:20:02 +05:30