borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-23 15:56:52 +02:00
parent 4747900c7b
commit 25d910ed3f
3 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
management/src/contexts/AuthContext.jsx
View File

@@ -17,21 +17,36 @@ export const AuthProvider = ({ children }) => {
const [loading, setLoading] = useState(true) const [loading, setLoading] = useState(true)
useEffect(() => { useEffect(() => {
// Check for existing token on app start // Check for existing token on app start and validate it
checkAuthStatus()
}, [])
const checkAuthStatus = async () => {
const token = localStorage.getItem('management_token') const token = localStorage.getItem('management_token')
const savedUser = localStorage.getItem('management_user') const savedUser = localStorage.getItem('management_user')
if (token && savedUser) { if (!token || !savedUser) {
setLoading(false)
return
}
try { try {
setUser(JSON.parse(savedUser)) // Validate token by making a simple API call
const response = await api.get('/management/tenants?limit=1')
// If successful, use saved user data
const parsedUser = JSON.parse(savedUser)
setUser(parsedUser)
console.log('✅ Management token validated for user:', parsedUser.username)
} catch (error) { } catch (error) {
console.error('Error parsing saved user:', error) console.warn('🔓 Management token validation failed:', error.response?.status, error.response?.data?.message)
// Clear invalid auth data (but don't redirect here, let the api interceptor handle it)
localStorage.removeItem('management_token') localStorage.removeItem('management_token')
localStorage.removeItem('management_user') localStorage.removeItem('management_user')
} setUser(null)
} } finally {
setLoading(false) setLoading(false)
}, []) }
}
const login = async (username, password) => { const login = async (username, password) => {
try { try {
@@ -73,6 +88,7 @@ export const AuthProvider = ({ children }) => {
loading, loading,
login, login,
logout, logout,
checkAuthStatus,
isAuthenticated: !!user, isAuthenticated: !!user,
isAdmin: user?.role === 'admin' || user?.role === 'super_admin' || user?.role === 'platform_admin', isAdmin: user?.role === 'admin' || user?.role === 'super_admin' || user?.role === 'platform_admin',
isSuperAdmin: user?.role === 'super_admin', isSuperAdmin: user?.role === 'super_admin',

11
server/routes/dataRetention.js
View File

@@ -32,10 +32,11 @@ const requireManagementAuth = async (req, res, next) => {
}); });
} }
// Verify JWT token // Verify JWT token using management secret
let decoded; let decoded;
try { try {
decoded = jwt.verify(token, process.env.JWT_SECRET || 'your-super-secret-jwt-key-change-in-production'); const MANAGEMENT_SECRET = process.env.MANAGEMENT_JWT_SECRET || 'mgmt-super-secret-change-in-production';
decoded = jwt.verify(token, MANAGEMENT_SECRET);
} catch (jwtError) { } catch (jwtError) {
await auditLogger.logAuthFailure(req, req.path, `Invalid JWT token: ${jwtError.message}`); await auditLogger.logAuthFailure(req, req.path, `Invalid JWT token: ${jwtError.message}`);
return res.status(401).json({ return res.status(401).json({
@@ -45,8 +46,8 @@ const requireManagementAuth = async (req, res, next) => {
}); });
} }
// Verify this is a management user // Verify this is a management user with proper role
if (decoded.type !== 'management') { if (!decoded.isManagement || !['super_admin', 'platform_admin'].includes(decoded.role)) {
await auditLogger.logPermissionDenied(null, req, req.path, 'Not a management user token'); await auditLogger.logPermissionDenied(null, req, req.path, 'Not a management user token');
return res.status(403).json({ return res.status(403).json({
success: false, success: false,
@@ -56,7 +57,7 @@ const requireManagementAuth = async (req, res, next) => {
} }
// Verify user still exists and is active // Verify user still exists and is active
const managementUser = await ManagementUser.findByPk(decoded.id); const managementUser = await ManagementUser.findByPk(decoded.userId);
if (!managementUser || !managementUser.is_active) { if (!managementUser || !managementUser.is_active) {
await auditLogger.logPermissionDenied(decoded, req, req.path, 'Management user not found or inactive'); await auditLogger.logPermissionDenied(decoded, req, req.path, 'Management user not found or inactive');
return res.status(403).json({ return res.status(403).json({

15
server/utils/dataRetentionAuditLogger.js
View File

@@ -10,6 +10,7 @@ class DataRetentionAuditLogger {
constructor() { constructor() {
this.logDir = process.env.SECURITY_LOG_DIR || './logs'; this.logDir = process.env.SECURITY_LOG_DIR || './logs';
this.logFile = path.join(this.logDir, 'data_retention_access.log'); this.logFile = path.join(this.logDir, 'data_retention_access.log');
this.loggedWriteError = false; // Flag to avoid spamming write error messages
} }
async ensureLogDir() { async ensureLogDir() {
@@ -49,11 +50,23 @@ class DataRetentionAuditLogger {
} catch (writeError) { } catch (writeError) {
// Fallback to console logging if file writing fails (e.g., permission issues) // Fallback to console logging if file writing fails (e.g., permission issues)
console.log('[DATA_RETENTION_AUDIT]', JSON.stringify(logEntry)); console.log('[DATA_RETENTION_AUDIT]', JSON.stringify(logEntry));
// Only log the file write error once to avoid spam
if (!this.loggedWriteError) {
console.warn('Failed to write security log to file, using console logging:', writeError.message);
this.loggedWriteError = true;
}
} }
} catch (error) { } catch (error) {
// Fallback to console logging for any errors // Fallback to console logging for any errors
console.log('[DATA_RETENTION_AUDIT_ERROR]', error.message, JSON.stringify(event, null, 2)); console.log('[DATA_RETENTION_AUDIT_ERROR]', error.message);
console.log('[DATA_RETENTION_AUDIT_FALLBACK]', JSON.stringify({
timestamp: new Date().toISOString(),
event: event.type || 'UNKNOWN',
result: event.result || 'error',
error: event.error || error.message
}));
} }
} }