Fix jwt-token

2025-09-16 21:49:10 +02:00
parent 6199f84ae5
commit 70c8a41508
1 changed files with 0 additions and 26 deletions
--- a/server/middleware/ip-restriction.js
+++ b/server/middleware/ip-restriction.js
@@ -168,27 +168,21 @@ class IPRestrictionMiddleware {
      // Skip IP restrictions for management routes - they have their own access controls
      if (path.startsWith('/api/management/')) {
        console.log('🔍 IP Restriction - Skipping for management route:', path);
        return next();
      }
      // Skip IP restrictions for auth config - users need to see login form and get proper error
      if (path === '/api/auth/config') {
        console.log('🔍 IP Restriction - Skipping for auth config route');
        return next();
      }
      console.log('🔍 IP Restriction Check - Path:', req.path, 'Method:', req.method);
      // Determine tenant (check req.tenant first for test contexts)
      let tenantId = req.tenant;
      if (!tenantId) {
        tenantId = await this.multiAuth.determineTenant(req);
      }
      console.log('🔍 IP Restriction - Determined tenant:', tenantId);
      if (!tenantId) {
        console.log('🔍 IP Restriction - No tenant found, skipping IP check');
        // No tenant found, continue without IP checking
        return next();
      }
@@ -200,32 +194,16 @@ class IPRestrictionMiddleware {
        attributes: ['id', 'slug', 'ip_restriction_enabled', 'ip_whitelist', 'ip_restriction_message', 'updated_at']
      });
      if (!tenant) {
        console.log('🔍 IP Restriction - Tenant not found in database:', tenantId);
        return next();
      }
      console.log('🔍 IP Restriction - Tenant config (fresh from DB):', {
        id: tenant.id,
        slug: tenant.slug,
        ip_restriction_enabled: tenant.ip_restriction_enabled,
        ip_whitelist: tenant.ip_whitelist,
        updated_at: tenant.updated_at
      });
      // Check if IP restrictions are enabled
      if (!tenant.ip_restriction_enabled) {
        console.log('🔍 IP Restriction - Restrictions disabled for tenant');
        return next();
      }
      // Get client IP
      const clientIP = this.getClientIP(req);
      console.log('🔍 IP Restriction - Client IP:', clientIP);
      console.log('🔍 IP Restriction - Request headers:', {
        'x-forwarded-for': req.headers['x-forwarded-for'],
        'x-real-ip': req.headers['x-real-ip'],
        'remote-address': req.connection?.remoteAddress
      });
      // Parse allowed IPs (convert string to array)
      let allowedIPs = [];
@@ -239,11 +217,8 @@ class IPRestrictionMiddleware {
      // Check if IP is allowed
      const isAllowed = this.isIPAllowed(clientIP, allowedIPs);
      console.log('🔍 IP Restriction - Is IP allowed:', isAllowed, 'Allowed IPs:', allowedIPs);
      if (!isAllowed) {
        console.log(`🚫 IP Access Denied: ${clientIP} attempted to access tenant "${tenantId}"`);
        // Log the access attempt for security auditing
        console.log(`[SECURITY AUDIT] ${new Date().toISOString()} - IP ${clientIP} denied access to tenant ${tenantId} - User-Agent: ${req.headers['user-agent']}`);
@@ -256,7 +231,6 @@ class IPRestrictionMiddleware {
      }
      // IP is allowed, continue
      console.log(`✅ IP Access Allowed: ${clientIP} accessing tenant "${tenantId}"`);
      next();
    } catch (error) {