WIP - some progress making phone calls from softphone, we need https to test

backend/src/tenant/tenant.controller.ts

@@ -62,16 +62,27 @@ export class TenantController {
     const centralPrisma = getCentralPrisma();
     const domainRecord = await centralPrisma.domain.findUnique({
       where: { domain },
-      include: { tenant: { select: { id: true } } },
+      include: { tenant: { select: { id: true, integrationsConfig: true } } },
     });
 
     if (!domainRecord?.tenant) {
       throw new Error(`Tenant with domain ${domain} not found`);
     }
 
+    // Merge with existing config to preserve masked values
+    let finalConfig = integrationsConfig;
+    if (domainRecord.tenant.integrationsConfig) {
+      const existingConfig = this.tenantDbService.decryptIntegrationsConfig(
+        domainRecord.tenant.integrationsConfig as any,
+      );
+
+      // Replace masked values with actual values from existing config
+      finalConfig = this.unmaskConfig(integrationsConfig, existingConfig);
+    }
+
     // Encrypt the config
     const encryptedConfig = this.tenantDbService.encryptIntegrationsConfig(
-      integrationsConfig,
+      finalConfig,
     );
 
     // Update in database
@@ -88,6 +99,32 @@ export class TenantController {
     };
   }
 
+  /**
+   * Unmask config by replacing masked values with actual values from existing config
+   */
+  private unmaskConfig(newConfig: any, existingConfig: any): any {
+    const result = { ...newConfig };
+
+    // Unmask Twilio credentials
+    if (result.twilio && existingConfig.twilio) {
+      if (result.twilio.authToken === '••••••••' && existingConfig.twilio.authToken) {
+        result.twilio.authToken = existingConfig.twilio.authToken;
+      }
+      if (result.twilio.apiSecret === '••••••••' && existingConfig.twilio.apiSecret) {
+        result.twilio.apiSecret = existingConfig.twilio.apiSecret;
+      }
+    }
+
+    // Unmask OpenAI credentials
+    if (result.openai && existingConfig.openai) {
+      if (result.openai.apiKey === '••••••••' && existingConfig.openai.apiKey) {
+        result.openai.apiKey = existingConfig.openai.apiKey;
+      }
+    }
+
+    return result;
+  }
+
   /**
    * Mask sensitive fields for API responses
    */
@@ -101,6 +138,7 @@ export class TenantController {
       masked.twilio = {
         ...masked.twilio,
         authToken: masked.twilio.authToken ? '••••••••' : '',
+        apiSecret: masked.twilio.apiSecret ? '••••••••' : '',
       };
     }
 

backend/src/voice/interfaces/integration-config.interface.ts

@@ -2,8 +2,9 @@ export interface TwilioConfig {
   accountSid: string;
   authToken: string;
   phoneNumber: string;
-  apiKeySid?: string;
-  apiKeySecret?: string;
+  apiKey?: string;  // API Key SID for generating access tokens
+  apiSecret?: string;  // API Key Secret
+  twimlAppSid?: string;  // TwiML App SID for Voice SDK
 }
 
 export interface OpenAIConfig {

backend/src/voice/voice.controller.ts

@@ -49,6 +49,25 @@ export class VoiceController {
     };
   }
 
+  /**
+   * Generate Twilio access token for browser client
+   */
+  @Get('token')
+  @UseGuards(JwtAuthGuard)
+  async getAccessToken(
+    @Req() req: any,
+    @TenantId() tenantId: string,
+  ) {
+    const userId = req.user?.userId || req.user?.sub;
+    
+    const token = await this.voiceService.generateAccessToken(tenantId, userId);
+
+    return {
+      success: true,
+      data: { token },
+    };
+  }
+
   /**
    * Get call history
    */
@@ -73,19 +92,23 @@ export class VoiceController {
   }
 
   /**
-   * TwiML for outbound calls
+   * TwiML for outbound calls from browser (Twilio Device)
    */
   @Post('twiml/outbound')
   async outboundTwiml(@Req() req: FastifyRequest, @Res() res: FastifyReply) {
+    const body = req.body as any;
+    const to = body.To;
+
+    this.logger.log(`Outbound call to: ${to}`);
+
+    // TwiML to dial the number and setup media stream for OpenAI
     const twiml = `<?xml version="1.0" encoding="UTF-8"?>
 <Response>
   <Start>
     <Stream url="wss://${req.headers.host}/api/voice/stream" />
   </Start>
   <Say>Connecting your call</Say>
-  <Dial>
-    <Number>${(req.body as any).To}</Number>
-  </Dial>
+  <Dial>${to}</Dial>
 </Response>`;
 
     res.type('text/xml').send(twiml);

backend/src/voice/voice.service.ts

@@ -6,6 +6,9 @@ import * as Twilio from 'twilio';
 import { WebSocket } from 'ws';
 import { v4 as uuidv4 } from 'uuid';
 
+const AccessToken = Twilio.jwt.AccessToken;
+const VoiceGrant = AccessToken.VoiceGrant;
+
 @Injectable()
 export class VoiceService {
   private readonly logger = new Logger(VoiceService.name);
@@ -94,6 +97,35 @@ export class VoiceService {
     return {};
   }
 
+  /**
+   * Generate Twilio access token for browser Voice SDK
+   */
+  async generateAccessToken(tenantDomain: string, userId: string): Promise<string> {
+    const { config, tenantId } = await this.getTwilioClient(tenantDomain);
+
+    if (!config.accountSid || !config.apiKey || !config.apiSecret) {
+      throw new Error('Twilio API credentials not configured. Please add API Key and Secret in Settings > Integrations');
+    }
+
+    // Create an access token
+    const token = new AccessToken(
+      config.accountSid,
+      config.apiKey,
+      config.apiSecret,
+      { identity: userId, ttl: 3600 } // 1 hour expiry
+    );
+
+    // Create a Voice grant
+    const voiceGrant = new VoiceGrant({
+      outgoingApplicationSid: config.twimlAppSid, // TwiML App SID for outbound calls
+      incomingAllow: true, // Allow incoming calls
+    });
+
+    token.addGrant(voiceGrant);
+
+    return token.toJwt();
+  }
+
   /**
    * Initiate outbound call
    */