Fix jwt-token
This commit is contained in:
@@ -168,27 +168,21 @@ class IPRestrictionMiddleware {
|
||||
|
||||
// Skip IP restrictions for management routes - they have their own access controls
|
||||
if (path.startsWith('/api/management/')) {
|
||||
console.log('🔍 IP Restriction - Skipping for management route:', path);
|
||||
return next();
|
||||
}
|
||||
|
||||
// Skip IP restrictions for auth config - users need to see login form and get proper error
|
||||
if (path === '/api/auth/config') {
|
||||
console.log('🔍 IP Restriction - Skipping for auth config route');
|
||||
return next();
|
||||
}
|
||||
|
||||
console.log('🔍 IP Restriction Check - Path:', req.path, 'Method:', req.method);
|
||||
|
||||
// Determine tenant (check req.tenant first for test contexts)
|
||||
let tenantId = req.tenant;
|
||||
if (!tenantId) {
|
||||
tenantId = await this.multiAuth.determineTenant(req);
|
||||
}
|
||||
console.log('🔍 IP Restriction - Determined tenant:', tenantId);
|
||||
|
||||
if (!tenantId) {
|
||||
console.log('🔍 IP Restriction - No tenant found, skipping IP check');
|
||||
// No tenant found, continue without IP checking
|
||||
return next();
|
||||
}
|
||||
@@ -200,32 +194,16 @@ class IPRestrictionMiddleware {
|
||||
attributes: ['id', 'slug', 'ip_restriction_enabled', 'ip_whitelist', 'ip_restriction_message', 'updated_at']
|
||||
});
|
||||
if (!tenant) {
|
||||
console.log('🔍 IP Restriction - Tenant not found in database:', tenantId);
|
||||
return next();
|
||||
}
|
||||
|
||||
console.log('🔍 IP Restriction - Tenant config (fresh from DB):', {
|
||||
id: tenant.id,
|
||||
slug: tenant.slug,
|
||||
ip_restriction_enabled: tenant.ip_restriction_enabled,
|
||||
ip_whitelist: tenant.ip_whitelist,
|
||||
updated_at: tenant.updated_at
|
||||
});
|
||||
|
||||
// Check if IP restrictions are enabled
|
||||
if (!tenant.ip_restriction_enabled) {
|
||||
console.log('🔍 IP Restriction - Restrictions disabled for tenant');
|
||||
return next();
|
||||
}
|
||||
|
||||
// Get client IP
|
||||
const clientIP = this.getClientIP(req);
|
||||
console.log('🔍 IP Restriction - Client IP:', clientIP);
|
||||
console.log('🔍 IP Restriction - Request headers:', {
|
||||
'x-forwarded-for': req.headers['x-forwarded-for'],
|
||||
'x-real-ip': req.headers['x-real-ip'],
|
||||
'remote-address': req.connection?.remoteAddress
|
||||
});
|
||||
|
||||
// Parse allowed IPs (convert string to array)
|
||||
let allowedIPs = [];
|
||||
@@ -239,11 +217,8 @@ class IPRestrictionMiddleware {
|
||||
|
||||
// Check if IP is allowed
|
||||
const isAllowed = this.isIPAllowed(clientIP, allowedIPs);
|
||||
console.log('🔍 IP Restriction - Is IP allowed:', isAllowed, 'Allowed IPs:', allowedIPs);
|
||||
|
||||
if (!isAllowed) {
|
||||
console.log(`🚫 IP Access Denied: ${clientIP} attempted to access tenant "${tenantId}"`);
|
||||
|
||||
// Log the access attempt for security auditing
|
||||
console.log(`[SECURITY AUDIT] ${new Date().toISOString()} - IP ${clientIP} denied access to tenant ${tenantId} - User-Agent: ${req.headers['user-agent']}`);
|
||||
|
||||
@@ -256,7 +231,6 @@ class IPRestrictionMiddleware {
|
||||
}
|
||||
|
||||
// IP is allowed, continue
|
||||
console.log(`✅ IP Access Allowed: ${clientIP} accessing tenant "${tenantId}"`);
|
||||
next();
|
||||
|
||||
} catch (error) {
|
||||
|
||||
Reference in New Issue
Block a user