Fix jwt-token

server/routes/debug.js

@@ -87,29 +87,21 @@ router.get('/heartbeat-payloads', authenticateToken, MultiTenantAuth, async (req
     const { limit = 50, offset = 0, device_id } = req.query;
     
     const whereClause = {
-      raw_payload: { [Op.ne]: null }
+      raw_payload: { [Op.ne]: null },
+      tenant_id: req.user.tenant_id  // 🔒 SECURITY: Filter by user's tenant
     };
     
     if (device_id) {
       whereClause.device_id = device_id;
     }
     
-    // 🔒 SECURITY: Filter heartbeats by user's tenant using device relationship
     const heartbeats = await Heartbeat.findAll({
       where: whereClause,
-      include: [{
-        model: Device,
-        as: 'device',
-        where: {
-          tenant_id: req.user.tenant_id
-        },
-        attributes: ['id', 'name', 'tenant_id']
-      }],
       order: [['received_at', 'DESC']],
       limit: parseInt(limit),
       offset: parseInt(offset),
       attributes: [
-        'id', 'device_id', 'device_key', 'received_at', 'raw_payload'
+        'id', 'device_id', 'device_key', 'received_at', 'raw_payload', 'tenant_id'
       ]
     });