From 03c91eabc013bf767df6a1334afd3ec8afabdeaa Mon Sep 17 00:00:00 2001
From: Alexander Borg <borg@servernet.se>
Date: Sat, 13 Sep 2025 14:25:18 +0200
Subject: [PATCH] Fix jwt-token

---
 .../20250913-add-ip-restrictions.js           | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 server/migrations/20250913-add-ip-restrictions.js

diff --git a/server/migrations/20250913-add-ip-restrictions.js b/server/migrations/20250913-add-ip-restrictions.js
new file mode 100644
index 0000000..4c803a9
--- /dev/null
+++ b/server/migrations/20250913-add-ip-restrictions.js
@@ -0,0 +1,39 @@
+/**
+ * Migration: Add IP restriction fields to tenants
+ * Adds ip_whitelist, ip_restriction_enabled, and ip_restriction_message fields
+ */
+
+'use strict';
+
+module.exports = {
+  up: async (queryInterface, Sequelize) => {
+    // Add IP restriction fields
+    await queryInterface.addColumn('tenants', 'ip_whitelist', {
+      type: Sequelize.JSONB,
+      allowNull: true,
+      defaultValue: null,
+      comment: 'Array of allowed IP addresses/CIDR blocks for this tenant'
+    });
+
+    await queryInterface.addColumn('tenants', 'ip_restriction_enabled', {
+      type: Sequelize.BOOLEAN,
+      defaultValue: false,
+      allowNull: false,
+      comment: 'Whether IP restrictions are enabled for this tenant'
+    });
+
+    await queryInterface.addColumn('tenants', 'ip_restriction_message', {
+      type: Sequelize.TEXT,
+      allowNull: true,
+      defaultValue: 'Access denied. Your IP address is not authorized to access this tenant.',
+      comment: 'Custom message shown when IP access is denied'
+    });
+  },
+
+  down: async (queryInterface, Sequelize) => {
+    // Remove the added columns
+    await queryInterface.removeColumn('tenants', 'ip_whitelist');
+    await queryInterface.removeColumn('tenants', 'ip_restriction_enabled');
+    await queryInterface.removeColumn('tenants', 'ip_restriction_message');
+  }
+};