Fix jwt-token

2025-09-16 08:06:50 +02:00
parent b3ada7ccfe
commit f8fcfbb5be
3 changed files with 42 additions and 23 deletions
--- a/server/middleware/multi-tenant-auth.js
+++ b/server/middleware/multi-tenant-auth.js
@@ -30,6 +30,15 @@ class MultiTenantAuth {
    this.models = models;
  }

+  /**
+   * Check if a string is an IP address
+   */
+  isIPAddress(str) {
+    const ipv4Regex = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
+    const ipv6Regex = /^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$/;
+    return ipv4Regex.test(str) || ipv6Regex.test(str);
+  }
+
  /**
   * Initialize all authentication providers
   */
@@ -89,13 +98,17 @@ class MultiTenantAuth {

    // Method 5: Subdomain (tenant.yourapp.com)
    const hostname = req.hostname || req.headers.host || '';
-    if (hostname && !hostname.startsWith('localhost')) {
-      const hostParts = hostname.split('.');
+    // Remove port number if present
+    const hostWithoutPort = hostname.split(':')[0];
+    
+    // Skip if localhost or IP address
+    if (hostname && !hostname.startsWith('localhost') && !this.isIPAddress(hostWithoutPort)) {
+      const hostParts = hostWithoutPort.split('.');
      // Only treat as subdomain if there are at least 2 parts (subdomain.domain.com)
      // and the first part is not a common root domain
      if (hostParts.length >= 3) {
        const subdomain = hostParts[0];
-        if (subdomain && subdomain !== 'www' && subdomain !== 'api' && !subdomain.includes(':')) {
+        if (subdomain && subdomain !== 'www' && subdomain !== 'api') {
          console.log('🏢 Tenant from subdomain:', subdomain);
          return subdomain;
        }
--- a/server/middleware/validation.js
+++ b/server/middleware/validation.js
@@ -1,7 +1,7 @@
-function validateRequest(schema, target = 'body') {
+function validateRequest(schema, source = 'body') {
  return (req, res, next) => {
-    const data = req[target];
-    const { error, value } = schema.validate(data, {
+    const dataToValidate = req[source];
+    const { error, value } = schema.validate(dataToValidate, {
      abortEarly: false,
      stripUnknown: true
    });
@@ -13,20 +13,15 @@ function validateRequest(schema, target = 'body') {
        value: detail.context.value
      }));

-      // Create a message that includes the field names for test compatibility
-      const fieldNames = errorDetails.map(err => err.field).join(', ');
-      const message = `Validation error: ${fieldNames}`;
-
      return res.status(400).json({
        success: false,
-        message: message,
-        errors: errorDetails,
-        details: errorDetails // For backward compatibility
+        message: 'Validation error',
+        errors: errorDetails
      });
    }

-    // Replace the target data with validated and sanitized data
-    req[target] = value;
+    // Replace the validated data source with validated and sanitized data
+    req[source] = value;
    next();
  };
 }