Fix jwt-token

2025-09-17 20:05:46 +02:00
parent 571634642b
commit 5d61bb50ed
4 changed files with 41 additions and 38 deletions
--- a/server/routes/debug.js
+++ b/server/routes/debug.js
@@ -87,29 +87,21 @@ router.get('/heartbeat-payloads', authenticateToken, MultiTenantAuth, async (req
    const { limit = 50, offset = 0, device_id } = req.query;
    const whereClause = {
-      raw_payload: { [Op.ne]: null }
+      raw_payload: { [Op.ne]: null },
      tenant_id: req.user.tenant_id  // 🔒 SECURITY: Filter by user's tenant
    };
    if (device_id) {
      whereClause.device_id = device_id;
    }
    // 🔒 SECURITY: Filter heartbeats by user's tenant using device relationship
    const heartbeats = await Heartbeat.findAll({
      where: whereClause,
      include: [{
        model: Device,
        as: 'device',
        where: {
          tenant_id: req.user.tenant_id
        },
        attributes: ['id', 'name', 'tenant_id']
      }],
      order: [['received_at', 'DESC']],
      limit: parseInt(limit),
      offset: parseInt(offset),
      attributes: [
-        'id', 'device_id', 'device_key', 'received_at', 'raw_payload'
+        'id', 'device_id', 'device_key', 'received_at', 'raw_payload', 'tenant_id'
      ]
    });
--- a/server/routes/detections.js
+++ b/server/routes/detections.js
@@ -226,6 +226,9 @@ router.get('/debug', authenticateToken, async (req, res) => {
      include: [{
        model: Device,
        as: 'device',
        where: {
          tenant_id: req.user.tenant_id  // 🔒 SECURITY: Filter by user's tenant
        },
        attributes: ['id', 'name', 'location_description', 'geo_lat', 'geo_lon', 'tenant_id']
      }],
      limit: parseInt(limit),
@@ -243,6 +246,8 @@ router.get('/debug', authenticateToken, async (req, res) => {
      };
    });
    console.log(`🔒 Admin debug: Retrieved ${detections.count} detections for tenant ${req.user.tenant_id}`);
    res.json({
      success: true,
      data: enhancedDetections,
--- a/server/routes/detectors.js
+++ b/server/routes/detectors.js
@@ -155,13 +155,15 @@ async function handleHeartbeat(req, res) {
  if (!device.is_approved) {
    console.log(`🚫 Heartbeat rejected from unapproved device ${deviceId}`);
-    // Emit reminder notification
+    // Emit reminder notification to tenant room only
-    req.io.emit('device_approval_reminder', {
+    if (device.tenant_id) {
-      device_id: deviceId,
+      req.io.to(`tenant_${device.tenant_id}`).emit('device_approval_reminder', {
-      device_key: key,
+        device_id: deviceId,
-      timestamp: new Date().toISOString(),
+        device_key: key,
-      message: `Device ${deviceId} (${key}) still awaiting approval`
+        timestamp: new Date().toISOString(),
-    });
+        message: `Device ${deviceId} (${key}) still awaiting approval`
      });
    }
    return res.status(403).json({
      success: false,
@@ -195,14 +197,16 @@ async function handleHeartbeat(req, res) {
  const heartbeat = await Heartbeat.create(heartbeatRecord);
-  // Emit real-time update via Socket.IO (from original heartbeat route)
+  // Emit real-time update via Socket.IO to tenant room only
-  req.io.emit('device_heartbeat', {
+  if (device.tenant_id) {
-    device_id: deviceId,
+    req.io.to(`tenant_${device.tenant_id}`).emit('device_heartbeat', {
-    device_key: key,
+      device_id: deviceId,
-    timestamp: heartbeat.received_at,
+      device_key: key,
-    status: 'online',
+      timestamp: heartbeat.received_at,
-    ...heartbeatData
+      status: 'online',
-  });
+      ...heartbeatData
    });
  }
  console.log(`✅ Heartbeat recorded for device ${deviceId}`);
@@ -261,12 +265,14 @@ async function handleDetection(req, res) {
  if (!device.is_approved) {
    console.log(`🚫 Detection rejected from unapproved device ${detectionData.device_id}`);
-    // Emit reminder notification
+    // Emit reminder notification to tenant room only
-    req.io.emit('device_approval_reminder', {
+    if (device.tenant_id) {
-      device_id: detectionData.device_id,
+      req.io.to(`tenant_${device.tenant_id}`).emit('device_approval_reminder', {
-      timestamp: new Date().toISOString(),
+        device_id: detectionData.device_id,
-      message: `Device ${detectionData.device_id} still awaiting approval`
+        timestamp: new Date().toISOString(),
-    });
+        message: `Device ${detectionData.device_id} still awaiting approval`
      });
    }
    return res.status(403).json({
      success: false,
--- a/server/routes/device.js
+++ b/server/routes/device.js
@@ -433,9 +433,9 @@ router.put('/:id', authenticateToken, validateRequest(updateDeviceSchema), async
    await device.update(req.body);
-    // Emit real-time update (only if io is available)
+    // Emit real-time update to tenant room only
-    if (req.io) {
+    if (req.io && device.tenant_id) {
-      req.io.emit('device_updated', device);
+      req.io.to(`tenant_${device.tenant_id}`).emit('device_updated', device);
    }
    console.log(`✅ Device ${req.params.id} updated successfully`);
@@ -564,10 +564,10 @@ router.post('/:id/approve', async (req, res) => {
      is_active: approved  // Set device as active when approved, inactive when unapproved
    });
-    // Emit real-time notification
+    // Emit real-time notification to tenant room only
    const { io } = require('../index');
-    if (io) {
+    if (io && device.tenant_id) {
-      io.emit('device_approval_updated', {
+      io.to(`tenant_${device.tenant_id}`).emit('device_approval_updated', {
        device_id: deviceId,
        approved: approved,
        timestamp: new Date().toISOString(),