borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-12 12:11:14 +02:00
parent 8b0234986d
commit d8bba047bb
14 changed files with 3236 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
server/models/Tenant.js Normal file
View File

@@ -0,0 +1,213 @@
/**
* Tenant Model for Multi-Tenant Support
* Stores tenant-specific configuration including authentication providers
*/
const { DataTypes } = require('sequelize');
module.exports = (sequelize) => {
const Tenant = sequelize.define('Tenant', {
id: {
type: DataTypes.UUID,
defaultValue: DataTypes.UUIDV4,
primaryKey: true
},
name: {
type: DataTypes.STRING,
allowNull: false,
comment: 'Human-readable tenant name'
},
slug: {
type: DataTypes.STRING,
allowNull: false,
unique: true,
validate: {
is: /^[a-z0-9-]+$/i // Alphanumeric and hyphens only
},
comment: 'URL-safe tenant identifier (subdomain/path)'
},
domain: {
type: DataTypes.STRING,
allowNull: true,
comment: 'Custom domain for this tenant'
},
subscription_type: {
type: DataTypes.ENUM('free', 'basic', 'premium', 'enterprise'),
defaultValue: 'basic',
comment: 'Subscription tier'
},
is_active: {
type: DataTypes.BOOLEAN,
defaultValue: true,
comment: 'Whether tenant is active'
},
// Authentication Configuration
auth_provider: {
type: DataTypes.ENUM('local', 'saml', 'oauth', 'ldap', 'custom_sso'),
defaultValue: 'local',
comment: 'Primary authentication provider'
},
auth_config: {
type: DataTypes.JSONB,
allowNull: true,
comment: 'Authentication provider configuration (encrypted)'
},
user_mapping: {
type: DataTypes.JSONB,
allowNull: true,
comment: 'User attribute mapping from external provider'
},
role_mapping: {
type: DataTypes.JSONB,
allowNull: true,
comment: 'Role mapping from external provider to internal roles'
},
// Tenant Customization
branding: {
type: DataTypes.JSONB,
allowNull: true,
comment: 'Tenant-specific branding (logo, colors, etc.)'
},
features: {
type: DataTypes.JSONB,
defaultValue: {
max_devices: 10,
max_users: 5,
api_rate_limit: 1000,
data_retention_days: 90,
features: ['basic_detection', 'alerts', 'dashboard']
},
comment: 'Tenant feature limits and enabled features'
},
// Contact Information
admin_email: {
type: DataTypes.STRING,
allowNull: true,
validate: {
isEmail: true
},
comment: 'Primary admin email for this tenant'
},
admin_phone: {
type: DataTypes.STRING,
allowNull: true,
comment: 'Primary admin phone for this tenant'
},
// Billing Information
billing_email: {
type: DataTypes.STRING,
allowNull: true,
validate: {
isEmail: true
}
},
payment_method_id: {
type: DataTypes.STRING,
allowNull: true,
comment: 'Stripe/payment provider customer ID'
},
// Metadata
metadata: {
type: DataTypes.JSONB,
allowNull: true,
comment: 'Additional tenant metadata'
},
created_at: {
type: DataTypes.DATE,
defaultValue: DataTypes.NOW
},
updated_at: {
type: DataTypes.DATE,
defaultValue: DataTypes.NOW
}
}, {
tableName: 'tenants',
timestamps: true,
createdAt: 'created_at',
updatedAt: 'updated_at',
indexes: [
{
fields: ['slug'],
unique: true
},
{
fields: ['domain'],
unique: true,
where: { domain: { [DataTypes.Op.ne]: null } }
},
{
fields: ['is_active']
},
{
fields: ['auth_provider']
}
],
hooks: {
beforeSave: (tenant) => {
// Encrypt sensitive auth configuration
if (tenant.auth_config && typeof tenant.auth_config === 'object') {
// In production, encrypt sensitive fields like client_secret, private_key, etc.
const sensitiveFields = ['client_secret', 'private_key', 'bind_password', 'admin_password'];
sensitiveFields.forEach(field => {
if (tenant.auth_config[field]) {
// Simple base64 encoding for demo - use proper encryption in production
tenant.auth_config[field] = Buffer.from(tenant.auth_config[field]).toString('base64');
}
});
}
},
afterFind: (tenants) => {
// Decrypt auth configuration after retrieval
const processOne = (tenant) => {
if (tenant.auth_config && typeof tenant.auth_config === 'object') {
const sensitiveFields = ['client_secret', 'private_key', 'bind_password', 'admin_password'];
sensitiveFields.forEach(field => {
if (tenant.auth_config[field]) {
try {
tenant.auth_config[field] = Buffer.from(tenant.auth_config[field], 'base64').toString();
} catch (e) {
// Field might not be encrypted, leave as-is
}
}
});
}
};
if (Array.isArray(tenants)) {
tenants.forEach(processOne);
} else if (tenants) {
processOne(tenants);
}
}
}
});
// Associations
Tenant.associate = (models) => {
// A tenant has many users
Tenant.hasMany(models.User, {
foreignKey: 'tenant_id',
as: 'users'
});
// A tenant has many devices
Tenant.hasMany(models.Device, {
foreignKey: 'tenant_id',
as: 'devices'
});
// A tenant has many alert rules
Tenant.hasMany(models.AlertRule, {
foreignKey: 'tenant_id',
as: 'alertRules'
});
};
return Tenant;
};

40
server/models/User.js
View File

@@ -68,6 +68,25 @@ module.exports = (sequelize) => {
defaultValue: 'UTC',
comment: 'User timezone for alert scheduling'
},
tenant_id: {
type: DataTypes.UUID,
allowNull: true,
references: {
model: 'tenants',
key: 'id'
},
comment: 'Tenant this user belongs to (null for default tenant)'
},
external_provider: {
type: DataTypes.ENUM('local', 'saml', 'oauth', 'ldap', 'custom_sso'),
defaultValue: 'local',
comment: 'Authentication provider used for this user'
},
external_id: {
type: DataTypes.STRING,
allowNull: true,
comment: 'User ID from external authentication provider'
},
created_at: {
type: DataTypes.DATE,
defaultValue: DataTypes.NOW
@@ -90,9 +109,30 @@ module.exports = (sequelize) => {
},
{
fields: ['phone_number']
},
{
fields: ['tenant_id']
},
{
fields: ['external_provider']
},
{
fields: ['external_id', 'tenant_id'],
unique: true,
name: 'users_external_id_tenant_unique',
where: { external_id: { [DataTypes.Op.ne]: null } }
}
]
});
// Associations
User.associate = (models) => {
// User belongs to a tenant
User.belongsTo(models.Tenant, {
foreignKey: 'tenant_id',
as: 'tenant'
});
};
return User;
};