borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-13 15:12:34 +02:00
parent e818d58499
commit d188da7812
3 changed files with 126 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
server/migrations/20250828000001-add-device-approval.js
View File

@@ -7,26 +7,33 @@
module.exports = { module.exports = {
async up(queryInterface, Sequelize) { async up(queryInterface, Sequelize) {
// Add is_approved column to devices table // Check if is_approved column already exists
await queryInterface.addColumn('devices', 'is_approved', { const tableDescription = await queryInterface.describeTable('devices');
type: Sequelize.BOOLEAN,
defaultValue: false, if (!tableDescription.is_approved) {
allowNull: false, // Add is_approved column to devices table
comment: 'Whether the device is approved to send data' await queryInterface.addColumn('devices', 'is_approved', {
}); type: Sequelize.BOOLEAN,
defaultValue: false,
allowNull: false,
comment: 'Whether the device is approved to send data'
});
// Add index for is_approved for better query performance // Add index for is_approved for better query performance
await queryInterface.addIndex('devices', ['is_approved'], { await queryInterface.addIndex('devices', ['is_approved'], {
name: 'devices_is_approved_idx' name: 'devices_is_approved_idx'
}); });
// Approve all existing devices by default (backward compatibility) // Approve all existing devices by default (backward compatibility)
await queryInterface.sequelize.query( await queryInterface.sequelize.query(
'UPDATE devices SET is_approved = true WHERE created_at < NOW()' 'UPDATE devices SET is_approved = true WHERE created_at < NOW()'
); );
console.log('✅ Added is_approved field to devices table'); console.log('✅ Added is_approved field to devices table');
console.log('✅ Approved all existing devices for backward compatibility'); console.log('✅ Approved all existing devices for backward compatibility');
} else {
console.log('⚠️ Column is_approved already exists, skipping...');
}
}, },
async down(queryInterface, Sequelize) { async down(queryInterface, Sequelize) {

93
server/migrations/20250913-add-auth-session-config.js
View File

@@ -7,38 +7,77 @@
module.exports = { module.exports = {
up: async (queryInterface, Sequelize) => { up: async (queryInterface, Sequelize) => {
// Check if the columns already exist
const tableDescription = await queryInterface.describeTable('tenants');
// Add session configuration fields // Add session configuration fields
await queryInterface.addColumn('tenants', 'session_timeout', { if (!tableDescription.session_timeout) {
type: Sequelize.INTEGER, await queryInterface.addColumn('tenants', 'session_timeout', {
defaultValue: 480, // 8 hours in minutes type: Sequelize.INTEGER,
allowNull: false, defaultValue: 480, // 8 hours in minutes
comment: 'Session timeout in minutes' allowNull: false,
}); comment: 'Session timeout in minutes'
});
console.log('✅ Added session_timeout column to tenants table');
} else {
console.log('⚠️ Column session_timeout already exists, skipping...');
}
await queryInterface.addColumn('tenants', 'require_mfa', { if (!tableDescription.require_mfa) {
type: Sequelize.BOOLEAN, await queryInterface.addColumn('tenants', 'require_mfa', {
defaultValue: false, type: Sequelize.BOOLEAN,
allowNull: false, defaultValue: false,
comment: 'Whether multi-factor authentication is required' allowNull: false,
}); comment: 'Whether multi-factor authentication is required'
});
console.log('✅ Added require_mfa column to tenants table');
} else {
console.log('⚠️ Column require_mfa already exists, skipping...');
}
await queryInterface.addColumn('tenants', 'allow_concurrent_sessions', { if (!tableDescription.allow_concurrent_sessions) {
type: Sequelize.BOOLEAN, await queryInterface.addColumn('tenants', 'allow_concurrent_sessions', {
defaultValue: true, type: Sequelize.BOOLEAN,
allowNull: false, defaultValue: true,
comment: 'Whether users can have multiple concurrent sessions' allowNull: false,
}); comment: 'Whether users can have multiple concurrent sessions'
});
console.log('✅ Added allow_concurrent_sessions column to tenants table');
} else {
console.log('⚠️ Column allow_concurrent_sessions already exists, skipping...');
}
await queryInterface.addColumn('tenants', 'role_mappings', { if (!tableDescription.role_mappings) {
type: Sequelize.JSONB, await queryInterface.addColumn('tenants', 'role_mappings', {
allowNull: true, type: Sequelize.JSONB,
comment: 'Mapping of external groups/attributes to system roles' allowNull: true,
}); comment: 'Mapping of external groups/attributes to system roles'
});
console.log('✅ Added role_mappings column to tenants table');
} else {
console.log('⚠️ Column role_mappings already exists, skipping...');
}
// Update auth_provider enum to include 'ad' // Update auth_provider enum to include 'ad' - only if it doesn't exist
await queryInterface.sequelize.query(` try {
ALTER TYPE "enum_tenants_auth_provider" ADD VALUE 'ad'; await queryInterface.sequelize.query(`
`); DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM pg_enum
WHERE enumlabel = 'ad'
AND enumtypid = (
SELECT oid FROM pg_type WHERE typname = 'enum_tenants_auth_provider'
)
) THEN
ALTER TYPE "enum_tenants_auth_provider" ADD VALUE 'ad';
END IF;
END$$;
`);
console.log('✅ Added ad to auth_provider enum');
} catch (error) {
console.log('⚠️ Auth provider enum already includes ad or error occurred:', error.message);
}
}, },
down: async (queryInterface, Sequelize) => { down: async (queryInterface, Sequelize) => {

55
server/migrations/20250913-add-ip-restrictions.js
View File

@@ -7,27 +7,44 @@
module.exports = { module.exports = {
up: async (queryInterface, Sequelize) => { up: async (queryInterface, Sequelize) => {
// Add IP restriction fields // Check if the columns already exist
await queryInterface.addColumn('tenants', 'ip_whitelist', { const tableDescription = await queryInterface.describeTable('tenants');
type: Sequelize.JSONB,
allowNull: true, if (!tableDescription.ip_whitelist) {
defaultValue: null, await queryInterface.addColumn('tenants', 'ip_whitelist', {
comment: 'Array of allowed IP addresses/CIDR blocks for this tenant' type: Sequelize.JSONB,
}); allowNull: true,
defaultValue: null,
comment: 'Array of allowed IP addresses/CIDR blocks for this tenant'
});
console.log('✅ Added ip_whitelist column to tenants table');
} else {
console.log('⚠️ Column ip_whitelist already exists, skipping...');
}
await queryInterface.addColumn('tenants', 'ip_restriction_enabled', { if (!tableDescription.ip_restriction_enabled) {
type: Sequelize.BOOLEAN, await queryInterface.addColumn('tenants', 'ip_restriction_enabled', {
defaultValue: false, type: Sequelize.BOOLEAN,
allowNull: false, defaultValue: false,
comment: 'Whether IP restrictions are enabled for this tenant' allowNull: false,
}); comment: 'Whether IP restrictions are enabled for this tenant'
});
console.log('✅ Added ip_restriction_enabled column to tenants table');
} else {
console.log('⚠️ Column ip_restriction_enabled already exists, skipping...');
}
await queryInterface.addColumn('tenants', 'ip_restriction_message', { if (!tableDescription.ip_restriction_message) {
type: Sequelize.TEXT, await queryInterface.addColumn('tenants', 'ip_restriction_message', {
allowNull: true, type: Sequelize.TEXT,
defaultValue: 'Access denied. Your IP address is not authorized to access this tenant.', allowNull: true,
comment: 'Custom message shown when IP access is denied' defaultValue: 'Access denied. Your IP address is not authorized to access this tenant.',
}); comment: 'Custom message shown when IP access is denied'
});
console.log('✅ Added ip_restriction_message column to tenants table');
} else {
console.log('⚠️ Column ip_restriction_message already exists, skipping...');
}
}, },
down: async (queryInterface, Sequelize) => { down: async (queryInterface, Sequelize) => {