borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-23 13:12:17 +02:00
parent 44047f9c98
commit ee4d3503e5
5 changed files with 694 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
server/routes/tenant.js
View File

@@ -13,6 +13,7 @@ const { authenticateToken } = require('../middleware/auth');
const { requirePermissions, requireAnyPermission, hasPermission } = require('../middleware/rbac');
const MultiTenantAuth = require('../middleware/multi-tenant-auth');
const { securityLogger } = require('../middleware/logger');
const { enforceUserLimit, enforceDeviceLimit, enforceApiRateLimit, getTenantLimitsStatus } = require('../middleware/tenant-limits');
// Initialize multi-tenant auth
const multiAuth = new MultiTenantAuth();
@@ -55,6 +56,45 @@ const upload = multer({
}
});
/**
* GET /tenant/limits
* Get current tenant limits and usage
*/
router.get('/limits', authenticateToken, requirePermissions(['tenant.view']), async (req, res) => {
try {
// Determine tenant from request
const tenantId = await multiAuth.determineTenant(req);
if (!tenantId) {
return res.status(400).json({
success: false,
message: 'Unable to determine tenant'
});
}
const tenant = await Tenant.findOne({ where: { slug: tenantId } });
if (!tenant) {
return res.status(404).json({
success: false,
message: 'Tenant not found'
});
}
const limitsStatus = await getTenantLimitsStatus(tenant.id);
res.json({
success: true,
data: limitsStatus
});
} catch (error) {
console.error('Error fetching tenant limits:', error);
res.status(500).json({
success: false,
message: 'Failed to fetch tenant limits'
});
}
});
/**
* GET /tenant/info
* Get current tenant information
@@ -624,7 +664,7 @@ router.get('/users', authenticateToken, requirePermissions(['users.view']), asyn
* POST /tenant/users
* Create a new user in current tenant (user admin or higher, local auth only)
*/
router.post('/users', authenticateToken, requirePermissions(['users.create']), async (req, res) => {
router.post('/users', authenticateToken, requirePermissions(['users.create']), enforceUserLimit(), async (req, res) => {
try {
// Determine tenant from request
const tenantId = await multiAuth.determineTenant(req);