Fix jwt-token
This commit is contained in:
@@ -1,9 +1,10 @@
|
||||
const express = require('express');
|
||||
const router = express.Router();
|
||||
const Joi = require('joi');
|
||||
const { AlertRule, AlertLog, User, sequelize } = require('../models');
|
||||
const { AlertRule, AlertLog, User, Device, Tenant, sequelize } = require('../models');
|
||||
const { validateRequest } = require('../middleware/validation');
|
||||
const { authenticateToken, requireRole } = require('../middleware/auth');
|
||||
const { MultiTenantAuth } = require('../middleware/multiTenantAuth');
|
||||
const { Op } = require('sequelize');
|
||||
|
||||
// Validation schemas
|
||||
@@ -32,11 +33,29 @@ router.get('/rules', authenticateToken, async (req, res) => {
|
||||
try {
|
||||
const { limit = 50, offset = 0, is_active } = req.query;
|
||||
|
||||
const whereClause = { user_id: req.user.id };
|
||||
// Initialize multi-tenant auth to determine tenant
|
||||
const multiTenantAuth = new MultiTenantAuth();
|
||||
const tenantId = await multiTenantAuth.determineTenant(req);
|
||||
|
||||
if (!tenantId) {
|
||||
return res.status(403).json({
|
||||
success: false,
|
||||
message: 'Access denied: No tenant context'
|
||||
});
|
||||
}
|
||||
|
||||
// Filter alert rules by users in the same tenant
|
||||
const whereClause = {};
|
||||
if (is_active !== undefined) whereClause.is_active = is_active === 'true';
|
||||
|
||||
const alertRules = await AlertRule.findAndCountAll({
|
||||
where: whereClause,
|
||||
include: [{
|
||||
model: User,
|
||||
as: 'user',
|
||||
where: { tenant_id: tenantId },
|
||||
attributes: ['id', 'username', 'email']
|
||||
}],
|
||||
limit: Math.min(parseInt(limit), 100),
|
||||
offset: parseInt(offset),
|
||||
order: [['created_at', 'DESC']]
|
||||
@@ -105,11 +124,27 @@ router.post('/rules', authenticateToken, validateRequest(alertRuleSchema), async
|
||||
// PUT /api/alerts/rules/:id - Update alert rule
|
||||
router.put('/rules/:id', authenticateToken, validateRequest(alertRuleSchema), async (req, res) => {
|
||||
try {
|
||||
// Initialize multi-tenant auth to determine tenant
|
||||
const multiTenantAuth = new MultiTenantAuth();
|
||||
const tenantId = await multiTenantAuth.determineTenant(req);
|
||||
|
||||
if (!tenantId) {
|
||||
return res.status(403).json({
|
||||
success: false,
|
||||
message: 'Access denied: No tenant context'
|
||||
});
|
||||
}
|
||||
|
||||
const alertRule = await AlertRule.findOne({
|
||||
where: {
|
||||
id: req.params.id,
|
||||
user_id: req.user.id
|
||||
}
|
||||
id: req.params.id
|
||||
},
|
||||
include: [{
|
||||
model: User,
|
||||
as: 'user',
|
||||
where: { tenant_id: tenantId },
|
||||
attributes: ['id']
|
||||
}]
|
||||
});
|
||||
|
||||
if (!alertRule) {
|
||||
@@ -140,11 +175,27 @@ router.put('/rules/:id', authenticateToken, validateRequest(alertRuleSchema), as
|
||||
// DELETE /api/alerts/rules/:id - Delete alert rule
|
||||
router.delete('/rules/:id', authenticateToken, async (req, res) => {
|
||||
try {
|
||||
// Initialize multi-tenant auth to determine tenant
|
||||
const multiTenantAuth = new MultiTenantAuth();
|
||||
const tenantId = await multiTenantAuth.determineTenant(req);
|
||||
|
||||
if (!tenantId) {
|
||||
return res.status(403).json({
|
||||
success: false,
|
||||
message: 'Access denied: No tenant context'
|
||||
});
|
||||
}
|
||||
|
||||
const alertRule = await AlertRule.findOne({
|
||||
where: {
|
||||
id: req.params.id,
|
||||
user_id: req.user.id
|
||||
}
|
||||
id: req.params.id
|
||||
},
|
||||
include: [{
|
||||
model: User,
|
||||
as: 'user',
|
||||
where: { tenant_id: tenantId },
|
||||
attributes: ['id']
|
||||
}]
|
||||
});
|
||||
|
||||
if (!alertRule) {
|
||||
@@ -183,6 +234,17 @@ router.get('/logs', authenticateToken, async (req, res) => {
|
||||
end_date
|
||||
} = req.query;
|
||||
|
||||
// Initialize multi-tenant auth to determine tenant
|
||||
const multiTenantAuth = new MultiTenantAuth();
|
||||
const tenantId = await multiTenantAuth.determineTenant(req);
|
||||
|
||||
if (!tenantId) {
|
||||
return res.status(403).json({
|
||||
success: false,
|
||||
message: 'Access denied: No tenant context'
|
||||
});
|
||||
}
|
||||
|
||||
const whereClause = {};
|
||||
if (status) whereClause.status = status;
|
||||
if (alert_type) whereClause.alert_type = alert_type;
|
||||
@@ -198,7 +260,12 @@ router.get('/logs', authenticateToken, async (req, res) => {
|
||||
include: [{
|
||||
model: AlertRule,
|
||||
as: 'rule',
|
||||
where: { user_id: req.user.id },
|
||||
include: [{
|
||||
model: User,
|
||||
as: 'user',
|
||||
where: { tenant_id: tenantId },
|
||||
attributes: ['id', 'username']
|
||||
}],
|
||||
attributes: ['id', 'name', 'priority']
|
||||
}],
|
||||
limit: Math.min(parseInt(limit), 200),
|
||||
@@ -233,9 +300,25 @@ router.get('/stats', authenticateToken, async (req, res) => {
|
||||
const { hours = 24 } = req.query;
|
||||
const timeWindow = new Date(Date.now() - hours * 60 * 60 * 1000);
|
||||
|
||||
// Get user's alert rules
|
||||
// Initialize multi-tenant auth to determine tenant
|
||||
const multiTenantAuth = new MultiTenantAuth();
|
||||
const tenantId = await multiTenantAuth.determineTenant(req);
|
||||
|
||||
if (!tenantId) {
|
||||
return res.status(403).json({
|
||||
success: false,
|
||||
message: 'Access denied: No tenant context'
|
||||
});
|
||||
}
|
||||
|
||||
// Get tenant's alert rules through user relationships
|
||||
const userRuleIds = await AlertRule.findAll({
|
||||
where: { user_id: req.user.id },
|
||||
include: [{
|
||||
model: User,
|
||||
as: 'user',
|
||||
where: { tenant_id: tenantId },
|
||||
attributes: []
|
||||
}],
|
||||
attributes: ['id']
|
||||
}).then(rules => rules.map(rule => rule.id));
|
||||
|
||||
|
||||
Reference in New Issue
Block a user