diff --git a/server/middleware/ip-restriction.js b/server/middleware/ip-restriction.js index c206a88..727d018 100644 --- a/server/middleware/ip-restriction.js +++ b/server/middleware/ip-restriction.js @@ -197,7 +197,7 @@ class IPRestrictionMiddleware { const TenantModel = this.models ? this.models.Tenant : Tenant; const tenant = await TenantModel.findOne({ where: { slug: tenantId }, - attributes: ['id', 'slug', 'ip_restrictions_enabled', 'allowed_ips', 'ip_restriction_message', 'updated_at'] + attributes: ['id', 'slug', 'ip_restriction_enabled', 'ip_whitelist', 'ip_restriction_message', 'updated_at'] }); if (!tenant) { console.log('🔍 IP Restriction - Tenant not found in database:', tenantId); @@ -207,13 +207,13 @@ class IPRestrictionMiddleware { console.log('🔍 IP Restriction - Tenant config (fresh from DB):', { id: tenant.id, slug: tenant.slug, - ip_restrictions_enabled: tenant.ip_restrictions_enabled, - allowed_ips: tenant.allowed_ips, + ip_restriction_enabled: tenant.ip_restriction_enabled, + ip_whitelist: tenant.ip_whitelist, updated_at: tenant.updated_at }); // Check if IP restrictions are enabled - if (!tenant.ip_restrictions_enabled) { + if (!tenant.ip_restriction_enabled) { console.log('🔍 IP Restriction - Restrictions disabled for tenant'); return next(); } @@ -229,11 +229,11 @@ class IPRestrictionMiddleware { // Parse allowed IPs (convert string to array) let allowedIPs = []; - if (tenant.allowed_ips) { - if (Array.isArray(tenant.allowed_ips)) { - allowedIPs = tenant.allowed_ips; - } else if (typeof tenant.allowed_ips === 'string') { - allowedIPs = tenant.allowed_ips.split(',').map(ip => ip.trim()).filter(ip => ip); + if (tenant.ip_whitelist) { + if (Array.isArray(tenant.ip_whitelist)) { + allowedIPs = tenant.ip_whitelist; + } else if (typeof tenant.ip_whitelist === 'string') { + allowedIPs = tenant.ip_whitelist.split(',').map(ip => ip.trim()).filter(ip => ip); } } diff --git a/server/tests/middleware/ip-restriction.test.js b/server/tests/middleware/ip-restriction.test.js index 90c8854..6937f3a 100644 --- a/server/tests/middleware/ip-restriction.test.js +++ b/server/tests/middleware/ip-restriction.test.js @@ -25,7 +25,7 @@ describe('IP Restriction Middleware', () => { it('should allow access when IP restrictions disabled', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: false, + ip_restriction_enabled: false, allowed_ips: '192.168.1.1,10.0.0.1' }); @@ -44,7 +44,7 @@ describe('IP Restriction Middleware', () => { it('should allow access from allowed IP', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '192.168.1.1,10.0.0.1,127.0.0.1' }); @@ -63,7 +63,7 @@ describe('IP Restriction Middleware', () => { it('should block access from non-allowed IP', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '192.168.1.1,10.0.0.1' }); @@ -100,7 +100,7 @@ describe('IP Restriction Middleware', () => { it('should extract IP from x-forwarded-for header', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '203.0.113.1' }); @@ -120,7 +120,7 @@ describe('IP Restriction Middleware', () => { it('should extract IP from x-real-ip header', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '203.0.113.2' }); @@ -140,7 +140,7 @@ describe('IP Restriction Middleware', () => { it('should handle CIDR notation in allowed IPs', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '192.168.1.0/24,10.0.0.0/8' }); @@ -159,7 +159,7 @@ describe('IP Restriction Middleware', () => { it('should block IP outside CIDR range', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '192.168.1.0/24' }); @@ -178,7 +178,7 @@ describe('IP Restriction Middleware', () => { it('should allow access from Docker container networks', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '192.168.1.1' }); @@ -200,7 +200,7 @@ describe('IP Restriction Middleware', () => { it('should allow management routes regardless of IP restrictions', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '192.168.1.1' }); @@ -227,7 +227,7 @@ describe('IP Restriction Middleware', () => { it('should handle empty allowed_ips list', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '' }); @@ -246,7 +246,7 @@ describe('IP Restriction Middleware', () => { it('should handle null allowed_ips', async () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: null }); @@ -267,7 +267,7 @@ describe('IP Restriction Middleware', () => { const tenant = await createTestTenant({ slug: 'test-tenant', - ip_restrictions_enabled: true, + ip_restriction_enabled: true, allowed_ips: '192.168.1.1' });