From 261a5032a1331e1e1cde2cbfe343730448bc2353 Mon Sep 17 00:00:00 2001
From: Alexander Borg <borg@servernet.se>
Date: Sat, 20 Sep 2025 06:19:43 +0200
Subject: [PATCH] Fix jwt-token

---
 .gitignore                |  4 ++++
 docker-compose.yml        |  2 ++
 docker/nginx/default.conf | 14 ++++++++++++++
 nginx/conf.d/default.conf | 24 ++++++++++++++++++++++++
 server/routes/tenant.js   |  5 +++--
 5 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index e299b0e..82efbe3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,10 @@ docker-compose.override.yml
 logs/
 *.log
 
+# Uploads
+uploads/
+!uploads/logos/.gitkeep
+
 # Debug files
 debug_logs/
 api_debug.log
diff --git a/docker-compose.yml b/docker-compose.yml
index db753e9..e06f575 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -72,11 +72,13 @@ services:
       RATE_LIMIT_WINDOW_MS: ${RATE_LIMIT_WINDOW_MS:-900000}
       RATE_LIMIT_MAX_REQUESTS: ${RATE_LIMIT_MAX_REQUESTS:-1000}
       SECURITY_LOG_DIR: /app/logs
+      VITE_BASE_PATH: ${VITE_BASE_PATH:-/}
     ports:
       - "3002:3001"
     volumes:
       - ./server/logs:/app/logs
       - ./debug_logs:/app/debug_logs
+      - ./uploads:/app/uploads
     networks:
       - drone-network
     depends_on:
diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf
index 9a4f64a..7250107 100644
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@@ -56,6 +56,20 @@ server {
         proxy_read_timeout 86400;
     }
 
+    # Proxy uploads requests to backend (for logos and other files)
+    location /uggla/uploads/ {
+        proxy_pass http://backend:3001/uploads/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Cache uploaded files for 1 month
+        add_header Cache-Control "public, max-age=2592000";
+        proxy_read_timeout 86400;
+    }
+
     # WebSocket proxy for Socket.IO
     location /uggla/socket.io/ {
         proxy_pass http://backend:3001/socket.io/;
diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf
index 0621e0e..f3297a6 100644
--- a/nginx/conf.d/default.conf
+++ b/nginx/conf.d/default.conf
@@ -80,6 +80,30 @@ server {
         proxy_read_timeout 60s;
     }
     
+    # Upload routes for logos and other files
+    location /uploads/ {
+        # Add tenant header for backend
+        proxy_set_header X-Tenant-Subdomain $tenant;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        
+        proxy_pass http://backend;
+        proxy_redirect off;
+        
+        # Cache uploaded files for 1 month
+        proxy_cache_valid 200 30d;
+        add_header Cache-Control "public, max-age=2592000";
+        
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+    
     # Authentication routes with stricter rate limiting
     location /auth/ {
         limit_req zone=auth burst=10 nodelay;
diff --git a/server/routes/tenant.js b/server/routes/tenant.js
index ee39fed..6074a21 100644
--- a/server/routes/tenant.js
+++ b/server/routes/tenant.js
@@ -148,8 +148,9 @@ router.post('/logo-upload', authenticateToken, requirePermissions(['branding.edi
       }
     }
 
-    // Create logo URL
-    const logoUrl = `/uploads/logos/${req.file.filename}`;
+    // Create logo URL with base path support
+    const basePath = process.env.VITE_BASE_PATH || '';
+    const logoUrl = `${basePath}uploads/logos/${req.file.filename}`;
 
     // Update tenant branding with new logo
     const updatedBranding = {