borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-19 08:14:41 +02:00
parent f98fd04191
commit 3f1b50871a
5 changed files with 343 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
server/routes/management.js
View File

@@ -9,16 +9,15 @@ const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs'); // Fixed: use bcryptjs instead of bcrypt
const { Op } = require('sequelize'); // Add Sequelize operators
const { Tenant, User, ManagementUser } = require('../models');
const { createErrorResponse, getSystemMessage, getLanguageFromRequest } = require('../utils/i18n');
// Management-specific authentication middleware - NO shared auth with tenants
const requireManagementAuth = (req, res, next) => {
const token = req.headers.authorization?.replace('Bearer ', '');
if (!token) {
return res.status(401).json({
success: false,
message: 'Management authentication required'
});
const errorResponse = createErrorResponse(req, 401, 'AUTHENTICATION_REQUIRED');
return res.status(errorResponse.status).json(errorResponse.json);
}
try {
@@ -28,10 +27,8 @@ const requireManagementAuth = (req, res, next) => {
// Verify this is a management token with proper role
if (!decoded.isManagement || !['super_admin', 'platform_admin'].includes(decoded.role)) {
return res.status(403).json({
success: false,
message: 'Insufficient management privileges'
});
const errorResponse = createErrorResponse(req, 403, 'INSUFFICIENT_PRIVILEGES');
return res.status(errorResponse.status).json(errorResponse.json);
}
req.managementUser = {
@@ -43,11 +40,8 @@ const requireManagementAuth = (req, res, next) => {
next();
} catch (error) {
return res.status(403).json({
success: false,
message: 'Invalid management token',
error: error.message
});
const errorResponse = createErrorResponse(req, 403, 'INVALID_TOKEN');
return res.status(errorResponse.status).json(errorResponse.json);
}
};
@@ -60,10 +54,8 @@ router.post('/auth/login', async (req, res) => {
const managementUser = await ManagementUser.findByCredentials(username, password);
if (!managementUser) {
return res.status(401).json({
success: false,
message: 'Invalid management credentials'
});
const errorResponse = createErrorResponse(req, 401, 'INVALID_MANAGEMENT_CREDENTIALS');
return res.status(errorResponse.status).json(errorResponse.json);
}
const MANAGEMENT_SECRET = process.env.MANAGEMENT_JWT_SECRET || 'mgmt-super-secret-change-in-production';
@@ -87,11 +79,9 @@ router.post('/auth/login', async (req, res) => {
}
});
} catch (error) {
res.status(500).json({
success: false,
message: 'Management authentication error',
error: error.message
});
const errorResponse = createErrorResponse(req, 500, 'MANAGEMENT_AUTH_ERROR');
errorResponse.json.error = error.message;
return res.status(errorResponse.status).json(errorResponse.json);
}
});
@@ -718,10 +708,8 @@ router.post('/tenants', async (req, res) => {
// Enhanced validation for management portal
if (!tenantData.name || !tenantData.slug) {
return res.status(400).json({
success: false,
message: 'Name and slug are required'
});
const errorResponse = createErrorResponse(req, 400, 'NAME_SLUG_REQUIRED');
return res.status(errorResponse.status).json(errorResponse.json);
}
// Convert empty domain string to null to avoid unique constraint issues
@@ -732,20 +720,16 @@ router.post('/tenants', async (req, res) => {
// Check for unique slug
const existingTenant = await Tenant.findOne({ where: { slug: tenantData.slug } });
if (existingTenant) {
return res.status(409).json({
success: false,
message: 'Tenant slug already exists'
});
const errorResponse = createErrorResponse(req, 409, 'TENANT_SLUG_EXISTS');
return res.status(errorResponse.status).json(errorResponse.json);
}
// Check for unique domain if provided
if (tenantData.domain) {
const existingDomain = await Tenant.findOne({ where: { domain: tenantData.domain } });
if (existingDomain) {
return res.status(409).json({
success: false,
message: 'Domain already exists for another tenant'
});
const errorResponse = createErrorResponse(req, 409, 'DOMAIN_EXISTS');
return res.status(errorResponse.status).json(errorResponse.json);
}
}
@@ -757,15 +741,13 @@ router.post('/tenants', async (req, res) => {
res.status(201).json({
success: true,
data: tenant,
message: 'Tenant created successfully'
message: getSystemMessage(getLanguageFromRequest(req), 'TENANT_CREATED')
});
} catch (error) {
console.error('Management: Error creating tenant:', error);
res.status(500).json({
success: false,
message: 'Failed to create tenant'
});
const errorResponse = createErrorResponse(req, 500, 'TENANT_CREATION_FAILED');
return res.status(errorResponse.status).json(errorResponse.json);
}
});
@@ -783,10 +765,8 @@ router.get('/tenants/:id', async (req, res) => {
});
if (!tenant) {
return res.status(404).json({
success: false,
message: 'Tenant not found'
});
const errorResponse = createErrorResponse(req, 404, 'TENANT_NOT_FOUND');
return res.status(errorResponse.status).json(errorResponse.json);
}
res.json({
@@ -796,10 +776,8 @@ router.get('/tenants/:id', async (req, res) => {
} catch (error) {
console.error('Management: Error fetching tenant:', error);
res.status(500).json({
success: false,
message: 'Failed to fetch tenant'
});
const errorResponse = createErrorResponse(req, 500, 'FETCH_TENANT_FAILED');
return res.status(errorResponse.status).json(errorResponse.json);
}
});