Fix jwt-token
This commit is contained in:
@@ -1,8 +1,9 @@
|
||||
const express = require('express');
|
||||
const { ApiDebugLogger } = require('../utils/apiDebugLogger');
|
||||
const { DroneDetection, Heartbeat } = require('../models');
|
||||
const { DroneDetection, Heartbeat, Device } = require('../models');
|
||||
const { Op } = require('sequelize');
|
||||
const { authenticateToken } = require('../middleware/auth');
|
||||
const MultiTenantAuth = require('../middleware/multi-tenant-auth');
|
||||
|
||||
const router = express.Router();
|
||||
const logger = new ApiDebugLogger();
|
||||
@@ -25,7 +26,7 @@ router.get('/debug-test', (req, res) => {
|
||||
});
|
||||
|
||||
// Get recent detection payloads with raw data
|
||||
router.get('/detection-payloads', authenticateToken, async (req, res) => {
|
||||
router.get('/detection-payloads', authenticateToken, MultiTenantAuth, async (req, res) => {
|
||||
try {
|
||||
const { limit = 50, offset = 0, device_id, detection_id } = req.query;
|
||||
|
||||
@@ -41,8 +42,17 @@ router.get('/detection-payloads', authenticateToken, async (req, res) => {
|
||||
whereClause.id = detection_id;
|
||||
}
|
||||
|
||||
// 🔒 SECURITY: Filter detections by user's tenant using device relationship
|
||||
const detections = await DroneDetection.findAll({
|
||||
where: whereClause,
|
||||
include: [{
|
||||
model: Device,
|
||||
as: 'device',
|
||||
where: {
|
||||
tenant_id: req.user.tenant_id
|
||||
},
|
||||
attributes: ['id', 'name', 'tenant_id']
|
||||
}],
|
||||
order: [['server_timestamp', 'DESC']],
|
||||
limit: parseInt(limit),
|
||||
offset: parseInt(offset),
|
||||
@@ -52,13 +62,14 @@ router.get('/detection-payloads', authenticateToken, async (req, res) => {
|
||||
]
|
||||
});
|
||||
|
||||
console.log(`🔍 Retrieved ${detections.length} detection payloads for debugging`);
|
||||
console.log(`<EFBFBD> Retrieved ${detections.length} detection payloads for tenant ${req.user.tenant_id}`);
|
||||
|
||||
res.json({
|
||||
success: true,
|
||||
data: detections,
|
||||
total: detections.length,
|
||||
filters: { device_id, limit, offset }
|
||||
filters: { device_id, limit, offset },
|
||||
tenant_id: req.user.tenant_id
|
||||
});
|
||||
|
||||
} catch (error) {
|
||||
@@ -71,7 +82,7 @@ router.get('/detection-payloads', authenticateToken, async (req, res) => {
|
||||
});
|
||||
|
||||
// Get recent heartbeat payloads with raw data
|
||||
router.get('/heartbeat-payloads', authenticateToken, async (req, res) => {
|
||||
router.get('/heartbeat-payloads', authenticateToken, MultiTenantAuth, async (req, res) => {
|
||||
try {
|
||||
const { limit = 50, offset = 0, device_id } = req.query;
|
||||
|
||||
@@ -83,8 +94,17 @@ router.get('/heartbeat-payloads', authenticateToken, async (req, res) => {
|
||||
whereClause.device_id = device_id;
|
||||
}
|
||||
|
||||
// 🔒 SECURITY: Filter heartbeats by user's tenant using device relationship
|
||||
const heartbeats = await Heartbeat.findAll({
|
||||
where: whereClause,
|
||||
include: [{
|
||||
model: Device,
|
||||
as: 'device',
|
||||
where: {
|
||||
tenant_id: req.user.tenant_id
|
||||
},
|
||||
attributes: ['id', 'name', 'tenant_id']
|
||||
}],
|
||||
order: [['received_at', 'DESC']],
|
||||
limit: parseInt(limit),
|
||||
offset: parseInt(offset),
|
||||
@@ -93,13 +113,14 @@ router.get('/heartbeat-payloads', authenticateToken, async (req, res) => {
|
||||
]
|
||||
});
|
||||
|
||||
console.log(`🔍 Retrieved ${heartbeats.length} heartbeat payloads for debugging`);
|
||||
console.log(`<EFBFBD> Retrieved ${heartbeats.length} heartbeat payloads for tenant ${req.user.tenant_id}`);
|
||||
|
||||
res.json({
|
||||
success: true,
|
||||
data: heartbeats,
|
||||
total: heartbeats.length,
|
||||
filters: { device_id, limit, offset }
|
||||
filters: { device_id, limit, offset },
|
||||
tenant_id: req.user.tenant_id
|
||||
});
|
||||
|
||||
} catch (error) {
|
||||
|
||||
Reference in New Issue
Block a user