Fix jwt-token

2025-09-16 21:03:00 +02:00
parent 20a191633b
commit 69cd3e1005
3 changed files with 263 additions and 18 deletions
--- a/server/routes/detections.js
+++ b/server/routes/detections.js
@@ -15,12 +15,12 @@ const multiAuth = new MultiTenantAuth();
 */
 router.get('/', authenticateToken, async (req, res) => {
  try {
-    // Determine tenant from request
-    const tenantId = await multiAuth.determineTenant(req);
+    // Get tenant from authenticated user context
+    const tenantId = req.tenantId;
    if (!tenantId) {
      return res.status(400).json({
        success: false,
-        message: 'Unable to determine tenant'
+        message: 'No tenant context available'
      });
    }

@@ -32,6 +32,13 @@ router.get('/', authenticateToken, async (req, res) => {
      });
    }

+    if (!tenant.is_active) {
+      return res.status(403).json({
+        success: false,
+        message: 'Tenant is inactive'
+      });
+    }
+
    const {
      device_id,
      drone_id,
@@ -236,12 +243,12 @@ router.get('/debug', authenticateToken, async (req, res) => {
 */
 router.get('/:id', authenticateToken, async (req, res) => {
  try {
-    // Determine tenant from request
-    const tenantId = await multiAuth.determineTenant(req);
+    // Get tenant from authenticated user context
+    const tenantId = req.tenantId;
    if (!tenantId) {
      return res.status(400).json({
        success: false,
-        message: 'Unable to determine tenant'
+        message: 'No tenant context available'
      });
    }

@@ -253,6 +260,13 @@ router.get('/:id', authenticateToken, async (req, res) => {
      });
    }

+    if (!tenant.is_active) {
+      return res.status(403).json({
+        success: false,
+        message: 'Tenant is inactive'
+      });
+    }
+
    const { id } = req.params;

    const detection = await DroneDetection.findByPk(id, {
@@ -294,24 +308,62 @@ router.delete('/:id', authenticateToken, async (req, res) => {
  try {
    // Check if user is admin
    if (req.user.role !== 'admin') {
-      return res.status(403).json({ error: 'Admin access required' });
+      return res.status(403).json({ 
+        success: false, 
+        message: 'Admin access required' 
+      });
+    }
+
+    // Get tenant from authenticated user context
+    const tenantId = req.tenantId;
+    if (!tenantId) {
+      return res.status(400).json({
+        success: false,
+        message: 'No tenant context available'
+      });
+    }
+
+    const tenant = await Tenant.findOne({ where: { slug: tenantId } });
+    if (!tenant) {
+      return res.status(404).json({
+        success: false,
+        message: 'Tenant not found'
+      });
    }

    const { id } = req.params;

-    const detection = await DroneDetection.findByPk(id);
+    // Find detection with tenant filtering
+    const detection = await DroneDetection.findOne({
+      where: { id },
+      include: [{
+        model: Device,
+        as: 'device',
+        where: { tenant_id: tenant.id }, // Ensure detection belongs to user's tenant
+        attributes: ['id', 'tenant_id']
+      }]
+    });
+
    if (!detection) {
-      return res.status(404).json({ error: 'Detection not found' });
+      return res.status(404).json({ 
+        success: false, 
+        message: 'Detection not found or not accessible' 
+      });
    }

    await detection.destroy();
-    res.json({ message: 'Detection deleted successfully' });
+    
+    res.json({ 
+      success: true, 
+      message: 'Detection deleted successfully' 
+    });

  } catch (error) {
    console.error('Error deleting detection:', error);
    res.status(500).json({ 
-      error: 'Failed to delete detection',
-      details: error.message 
+      success: false,
+      message: 'Failed to delete detection',
+      error: process.env.NODE_ENV === 'development' ? error.message : 'Internal server error'
    });
  }
 });