borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-23 15:56:52 +02:00
parent 4747900c7b
commit 25d910ed3f
3 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/routes/dataRetention.js
View File

@@ -32,10 +32,11 @@ const requireManagementAuth = async (req, res, next) => {
});
}
// Verify JWT token
// Verify JWT token using management secret
let decoded;
try {
decoded = jwt.verify(token, process.env.JWT_SECRET || 'your-super-secret-jwt-key-change-in-production');
const MANAGEMENT_SECRET = process.env.MANAGEMENT_JWT_SECRET || 'mgmt-super-secret-change-in-production';
decoded = jwt.verify(token, MANAGEMENT_SECRET);
} catch (jwtError) {
await auditLogger.logAuthFailure(req, req.path, `Invalid JWT token: ${jwtError.message}`);
return res.status(401).json({
@@ -45,8 +46,8 @@ const requireManagementAuth = async (req, res, next) => {
});
}
// Verify this is a management user
if (decoded.type !== 'management') {
// Verify this is a management user with proper role
if (!decoded.isManagement || !['super_admin', 'platform_admin'].includes(decoded.role)) {
await auditLogger.logPermissionDenied(null, req, req.path, 'Not a management user token');
return res.status(403).json({
success: false,
@@ -56,7 +57,7 @@ const requireManagementAuth = async (req, res, next) => {
}
// Verify user still exists and is active
const managementUser = await ManagementUser.findByPk(decoded.id);
const managementUser = await ManagementUser.findByPk(decoded.userId);
if (!managementUser || !managementUser.is_active) {
await auditLogger.logPermissionDenied(decoded, req, req.path, 'Management user not found or inactive');
return res.status(403).json({

15
server/utils/dataRetentionAuditLogger.js
View File

@@ -10,6 +10,7 @@ class DataRetentionAuditLogger {
constructor() {
this.logDir = process.env.SECURITY_LOG_DIR || './logs';
this.logFile = path.join(this.logDir, 'data_retention_access.log');
this.loggedWriteError = false; // Flag to avoid spamming write error messages
}
async ensureLogDir() {
@@ -49,11 +50,23 @@ class DataRetentionAuditLogger {
} catch (writeError) {
// Fallback to console logging if file writing fails (e.g., permission issues)
console.log('[DATA_RETENTION_AUDIT]', JSON.stringify(logEntry));
// Only log the file write error once to avoid spam
if (!this.loggedWriteError) {
console.warn('Failed to write security log to file, using console logging:', writeError.message);
this.loggedWriteError = true;
}
}
} catch (error) {
// Fallback to console logging for any errors
console.log('[DATA_RETENTION_AUDIT_ERROR]', error.message, JSON.stringify(event, null, 2));
console.log('[DATA_RETENTION_AUDIT_ERROR]', error.message);
console.log('[DATA_RETENTION_AUDIT_FALLBACK]', JSON.stringify({
timestamp: new Date().toISOString(),
event: event.type || 'UNKNOWN',
result: event.result || 'error',
error: event.error || error.message
}));
}
}