Fix jwt-token

server/routes/debug.js

@@ -87,21 +87,29 @@ router.get('/heartbeat-payloads', authenticateToken, MultiTenantAuth, async (req
     const { limit = 50, offset = 0, device_id } = req.query;
     
     const whereClause = {
-      raw_payload: { [Op.ne]: null },
-      tenant_id: req.user.tenant_id  // 🔒 SECURITY: Filter by user's tenant
+      raw_payload: { [Op.ne]: null }
     };
     
     if (device_id) {
       whereClause.device_id = device_id;
     }
     
+    // 🔒 SECURITY: Filter heartbeats by user's tenant using device relationship
     const heartbeats = await Heartbeat.findAll({
       where: whereClause,
+      include: [{
+        model: Device,
+        as: 'device',
+        where: {
+          tenant_id: req.user.tenant_id
+        },
+        attributes: ['id', 'name', 'tenant_id']
+      }],
       order: [['received_at', 'DESC']],
       limit: parseInt(limit),
       offset: parseInt(offset),
       attributes: [
-        'id', 'device_id', 'device_key', 'received_at', 'raw_payload', 'tenant_id'
+        'id', 'device_id', 'device_key', 'received_at', 'raw_payload'
       ]
     });