borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-17 20:00:11 +02:00
parent 2881f171ff
commit 86932f5c8e
4 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/routes/detectors.js
View File

@@ -378,7 +378,7 @@ async function handleDetection(req, res) {
// Emit real-time update via Socket.IO with movement analysis (from original)
// Skip real-time updates for debug detections (drone_type 0)
if (!isDebugDetection) {
req.io.emit('drone_detection', {
const detectionPayload = {
id: detection.id,
device_id: detection.device_id,
drone_id: detection.drone_id,
@@ -397,7 +397,17 @@ async function handleDetection(req, res) {
geo_lat: device.geo_lat,
geo_lon: device.geo_lon
}
});
};
// 🔒 SECURITY: Emit only to the tenant's room to prevent cross-tenant data leakage
if (device.tenant_id) {
req.io.to(`tenant_${device.tenant_id}`).emit('drone_detection', detectionPayload);
console.log(`🔒 Detection emitted to tenant room: tenant_${device.tenant_id}`);
} else {
// Fallback for devices without tenant_id (legacy support)
console.warn(`⚠️ Device ${device.id} has no tenant_id - using global broadcast (security risk)`);
req.io.emit('drone_detection', detectionPayload);
}
// Process alerts asynchronously (from original)
alertService.processAlert(detection, req.io).catch(error => {

15
server/services/socketService.js
View File

@@ -14,6 +14,12 @@ function initializeSocketHandlers(io) {
console.log(`Client ${socket.id} (IP: ${clientIP}) joined device room: device_${deviceId}`);
});
// 🔒 SECURITY: Join tenant-specific room for multi-tenant isolation
socket.on('join_tenant_room', (tenantId) => {
socket.join(`tenant_${tenantId}`);
console.log(`Client ${socket.id} (IP: ${clientIP}) joined tenant room: tenant_${tenantId}`);
});
// Join dashboard room for general updates
socket.on('join_dashboard', () => {
socket.join('dashboard');
@@ -26,6 +32,11 @@ function initializeSocketHandlers(io) {
console.log(`Client ${socket.id} (IP: ${clientIP}) left device room: device_${deviceId}`);
});
socket.on('leave_tenant_room', (tenantId) => {
socket.leave(`tenant_${tenantId}`);
console.log(`Client ${socket.id} (IP: ${clientIP}) left tenant room: tenant_${tenantId}`);
});
socket.on('leave_dashboard', () => {
socket.leave('dashboard');
console.log(`Client ${socket.id} (IP: ${clientIP}) left dashboard room`);
@@ -49,6 +60,10 @@ function initializeSocketHandlers(io) {
io.to(`device_${deviceId}`).emit(event, data);
};
io.emitToTenant = function(tenantId, event, data) {
io.to(`tenant_${tenantId}`).emit(event, data);
};
io.emitToDashboard = function(event, data) {
io.to('dashboard').emit(event, data);
};