Fix jwt-token

server/migrations/20250913-add-auth-session-config.js

@@ -0,0 +1,54 @@
+/**
+ * Migration: Add session and role mapping configuration to tenants
+ * Adds session_timeout, require_mfa, allow_concurrent_sessions, and role_mappings fields
+ */
+
+'use strict';
+
+module.exports = {
+  up: async (queryInterface, Sequelize) => {
+    // Add session configuration fields
+    await queryInterface.addColumn('tenants', 'session_timeout', {
+      type: Sequelize.INTEGER,
+      defaultValue: 480, // 8 hours in minutes
+      allowNull: false,
+      comment: 'Session timeout in minutes'
+    });
+
+    await queryInterface.addColumn('tenants', 'require_mfa', {
+      type: Sequelize.BOOLEAN,
+      defaultValue: false,
+      allowNull: false,
+      comment: 'Whether multi-factor authentication is required'
+    });
+
+    await queryInterface.addColumn('tenants', 'allow_concurrent_sessions', {
+      type: Sequelize.BOOLEAN,
+      defaultValue: true,
+      allowNull: false,
+      comment: 'Whether users can have multiple concurrent sessions'
+    });
+
+    await queryInterface.addColumn('tenants', 'role_mappings', {
+      type: Sequelize.JSONB,
+      allowNull: true,
+      comment: 'Mapping of external groups/attributes to system roles'
+    });
+
+    // Update auth_provider enum to include 'ad'
+    await queryInterface.sequelize.query(`
+      ALTER TYPE "enum_tenants_auth_provider" ADD VALUE 'ad';
+    `);
+  },
+
+  down: async (queryInterface, Sequelize) => {
+    // Remove the added columns
+    await queryInterface.removeColumn('tenants', 'session_timeout');
+    await queryInterface.removeColumn('tenants', 'require_mfa');
+    await queryInterface.removeColumn('tenants', 'allow_concurrent_sessions');
+    await queryInterface.removeColumn('tenants', 'role_mappings');
+
+    // Note: Removing enum values is complex in PostgreSQL and typically not done in production
+    // The 'ad' value will remain in the enum even after this rollback
+  }
+};