Fix jwt-token

2025-09-20 20:41:30 +02:00
parent 11b460dc07
commit 8ed1c141eb
7 changed files with 1148 additions and 1 deletions
--- a/server/middleware/logger.js
+++ b/server/middleware/logger.js
@@ -9,6 +9,14 @@ class SecurityLogger {
    
    // Ensure log directory exists
    this.ensureLogDirectory();
+    
+    // Initialize models reference (will be set when needed)
+    this.models = null;
+  }
+
+  // Set models reference for database logging
+  setModels(models) {
+    this.models = models;
  }

  ensureLogDirectory() {
@@ -23,7 +31,7 @@ class SecurityLogger {
    }
  }

-  logSecurityEvent(level, message, metadata = {}) {
+  async logSecurityEvent(level, message, metadata = {}) {
    const timestamp = new Date().toISOString();
    const logEntry = {
      timestamp,
@@ -44,6 +52,49 @@ class SecurityLogger {
        console.error('Failed to write to security log file:', error.message);
      }
    }
+
+    // Store in database if models are available
+    if (this.models && this.models.AuditLog) {
+      try {
+        await this.models.AuditLog.create({
+          timestamp: new Date(),
+          level: level.toUpperCase(),
+          action: metadata.action || 'unknown',
+          message,
+          user_id: metadata.userId || null,
+          username: metadata.username || null,
+          tenant_id: metadata.tenantId || null,
+          tenant_slug: metadata.tenantSlug || null,
+          ip_address: metadata.ip || null,
+          user_agent: metadata.userAgent || null,
+          path: metadata.path || null,
+          metadata: metadata,
+          success: this.determineSuccess(level, metadata)
+        });
+      } catch (error) {
+        console.error('Failed to store audit log in database:', error.message);
+      }
+    }
+  }
+
+  determineSuccess(level, metadata) {
+    // Determine if the action was successful based on level and metadata
+    if (metadata.hasOwnProperty('success')) {
+      return metadata.success;
+    }
+    
+    // Assume success for info level, failure for error/critical
+    switch (level.toUpperCase()) {
+      case 'INFO':
+        return true;
+      case 'WARNING':
+        return null; // Neutral
+      case 'ERROR':
+      case 'CRITICAL':
+        return false;
+      default:
+        return null;
+    }
  }

  logIPRestriction(ip, tenant, userAgent, denied = true) {