Fix jwt-token

2025-09-17 20:07:13 +02:00
parent 5d61bb50ed
commit 726f931b74
2 changed files with 17 additions and 6 deletions
--- a/client/src/App.jsx
+++ b/client/src/App.jsx
@@ -2,6 +2,7 @@ import React from 'react';
 import { BrowserRouter as Router, Routes, Route } from 'react-router-dom';
 import { Toaster } from 'react-hot-toast';
 import { AuthProvider } from './contexts/AuthContext';
+import { MultiTenantAuthProvider } from './contexts/MultiTenantAuthContext';
 import { SocketProvider } from './contexts/SocketContext';
 import APP_CONFIG from './config/app';
 import Layout from './components/Layout';
@@ -18,9 +19,10 @@ import ProtectedRoute from './components/ProtectedRoute';

 function App() {
  return (
-    <AuthProvider>
-      <SocketProvider>
-        <Router basename={APP_CONFIG.basePath}>
+    <MultiTenantAuthProvider>
+      <AuthProvider>
+        <SocketProvider>
+          <Router basename={APP_CONFIG.basePath}>
          <div className="App">
            <Toaster 
              position="top-center"
@@ -81,6 +83,7 @@ function App() {
        </Router>
      </SocketProvider>
    </AuthProvider>
+    </MultiTenantAuthProvider>
  );
 }

--- a/server/routes/debug.js
+++ b/server/routes/debug.js
@@ -87,21 +87,29 @@ router.get('/heartbeat-payloads', authenticateToken, MultiTenantAuth, async (req
    const { limit = 50, offset = 0, device_id } = req.query;
    
    const whereClause = {
-      raw_payload: { [Op.ne]: null },
-      tenant_id: req.user.tenant_id  // 🔒 SECURITY: Filter by user's tenant
+      raw_payload: { [Op.ne]: null }
    };
    
    if (device_id) {
      whereClause.device_id = device_id;
    }
    
+    // 🔒 SECURITY: Filter heartbeats by user's tenant using device relationship
    const heartbeats = await Heartbeat.findAll({
      where: whereClause,
+      include: [{
+        model: Device,
+        as: 'device',
+        where: {
+          tenant_id: req.user.tenant_id
+        },
+        attributes: ['id', 'name', 'tenant_id']
+      }],
      order: [['received_at', 'DESC']],
      limit: parseInt(limit),
      offset: parseInt(offset),
      attributes: [
-        'id', 'device_id', 'device_key', 'received_at', 'raw_payload', 'tenant_id'
+        'id', 'device_id', 'device_key', 'received_at', 'raw_payload'
      ]
    });