borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-23 15:56:52 +02:00
parent 4747900c7b
commit 25d910ed3f
3 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/routes/dataRetention.js
View File

@@ -32,10 +32,11 @@ const requireManagementAuth = async (req, res, next) => {
});
}
// Verify JWT token
// Verify JWT token using management secret
let decoded;
try {
decoded = jwt.verify(token, process.env.JWT_SECRET || 'your-super-secret-jwt-key-change-in-production');
const MANAGEMENT_SECRET = process.env.MANAGEMENT_JWT_SECRET || 'mgmt-super-secret-change-in-production';
decoded = jwt.verify(token, MANAGEMENT_SECRET);
} catch (jwtError) {
await auditLogger.logAuthFailure(req, req.path, `Invalid JWT token: ${jwtError.message}`);
return res.status(401).json({
@@ -45,8 +46,8 @@ const requireManagementAuth = async (req, res, next) => {
});
}
// Verify this is a management user
if (decoded.type !== 'management') {
// Verify this is a management user with proper role
if (!decoded.isManagement || !['super_admin', 'platform_admin'].includes(decoded.role)) {
await auditLogger.logPermissionDenied(null, req, req.path, 'Not a management user token');
return res.status(403).json({
success: false,
@@ -56,7 +57,7 @@ const requireManagementAuth = async (req, res, next) => {
}
// Verify user still exists and is active
const managementUser = await ManagementUser.findByPk(decoded.id);
const managementUser = await ManagementUser.findByPk(decoded.userId);
if (!managementUser || !managementUser.is_active) {
await auditLogger.logPermissionDenied(decoded, req, req.path, 'Management user not found or inactive');
return res.status(403).json({