Fix jwt-token

2025-09-15 06:38:23 +02:00
parent 60f8867cd2
commit 2851a2e9c8
4 changed files with 71 additions and 2 deletions
--- a/server/middleware/multi-tenant-auth.js
+++ b/server/middleware/multi-tenant-auth.js
@@ -306,6 +306,36 @@ class MultiTenantAuth {
      return null;
    }
  }
  /**
   * Validate that a user has access to a specific tenant
   * @param {string} userId - The user ID
   * @param {string} tenantSlug - The tenant slug
   * @returns {boolean} - True if user has access to tenant
   */
  async validateTenantAccess(userId, tenantSlug) {
    try {
      const { User, Tenant } = require('../models');
      // Find the user
      const user = await User.findByPk(userId, {
        include: [{
          model: Tenant,
          as: 'tenant'
        }]
      });
      if (!user) {
        return false;
      }
      // Check if user's tenant matches the requested tenant
      return user.tenant && user.tenant.slug === tenantSlug;
    } catch (error) {
      console.error('Error validating tenant access:', error);
      return false;
    }
  }
 }
 module.exports = MultiTenantAuth;
--- a/server/middleware/rbac.js
+++ b/server/middleware/rbac.js
@@ -117,6 +117,44 @@ const hasPermission = (userRole, permission) => {
  return ROLES[userRole].includes(permission);
 };
 /**
 * Compatibility function for tests - converts resource.action format to permission
 * @param {string} userRole - The user's role
 * @param {string} resource - The resource (e.g., 'devices', 'users')
 * @param {string} action - The action (e.g., 'read', 'create', 'update', 'delete')
 * @returns {boolean} - True if user has permission
 */
 const checkPermission = (userRole, resource, action) => {
  // Map common actions to our permission system
  const actionMap = {
    'read': 'view',
    'create': 'create',
    'update': 'edit',
    'delete': 'delete',
    'manage': 'manage'
  };
  // Special cases for resource mapping
  const resourceMap = {
    'devices': 'devices',
    'users': 'users',
    'detections': 'detections',
    'alerts': 'alerts',
    'dashboard': 'dashboard',
    'branding': 'branding',
    'security': 'security',
    'ip_restrictions': 'security',
    'audit_logs': 'security',
    'ui_customization': 'branding'
  };
  const mappedResource = resourceMap[resource] || resource;
  const mappedAction = actionMap[action] || action;
  const permission = `${mappedResource}.${mappedAction}`;
  return hasPermission(userRole, permission);
 };
 /**
 * Check if a user has any of the specified permissions
 * @param {string} userRole - The user's role
@@ -222,6 +260,7 @@ module.exports = {
  PERMISSIONS,
  ROLES,
  hasPermission,
  checkPermission,
  hasAnyPermission,
  hasAllPermissions,
  getPermissions,
--- a/server/tests/middleware/multi-tenant-auth.test.js
+++ b/server/tests/middleware/multi-tenant-auth.test.js
@@ -153,7 +153,7 @@ describe('Multi-Tenant Authentication Middleware', () => {
      const res = mockResponse();
      const next = mockNext();
-      await multiAuth.middleware(req, res, next);
+      await multiAuth.authenticate(req, res, next);
      expect(res.statusCode).to.equal(403);
      expect(res.data).to.deep.equal({
--- a/server/tests/middleware/rbac.test.js
+++ b/server/tests/middleware/rbac.test.js
@@ -1,7 +1,7 @@
 const { describe, it, beforeEach, afterEach, before, after } = require('mocha');
 const { expect } = require('chai');
 const sinon = require('sinon');
-const { checkPermission, requirePermission } = require('../../middleware/rbac');
+const { hasPermission, checkPermission, requirePermissions } = require('../../middleware/rbac');
 const { setupTestEnvironment, teardownTestEnvironment, cleanDatabase, mockRequest, mockResponse, mockNext, createTestUser, createTestTenant } = require('../setup');
 describe('RBAC Middleware', () => {