alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 13 Packages Projects Releases Wiki Activity
PSA/hocuspocus/tenantValidation.js
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

117 lines
3.0 KiB
JavaScript
Raw Permalink Blame History

import jwt from 'jsonwebtoken'
import { getHocuspocusJwtSecret } from './hocuspocusJwtSecret.js'
export function parseDocumentRoom(roomName) {
if (!roomName || !roomName.startsWith('document:')) {
return null;
}
const parts = roomName.split(':');
if (parts.length !== 3) {
return null;
}
const [, tenantId, documentId] = parts;
if (!tenantId || !documentId) {
return null;
}
return { tenantId, documentId };
}
export function parseTicketRoom(roomName) {
if (!roomName || !roomName.startsWith('ticket:')) {
return null;
}
const parts = roomName.split(':');
if (parts.length !== 3) {
return null;
}
const [, tenantId, ticketId] = parts;
if (!tenantId || !ticketId) {
return null;
}
return { tenantId, ticketId };
}
export function getTenantFromRequest(request) {
if (!request?.url) {
return null;
}
try {
const url = new URL(request.url, 'http://localhost');
return url.searchParams.get('tenantId');
} catch (error) {
console.error('[Hocuspocus] Failed to parse request URL for tenant validation:', error);
return null;
}
}
export function validateDocumentRoomAccess(roomName, request) {
if (roomName?.startsWith('notifications:')) {
return { status: 'bypass', reason: 'notifications' };
}
const parsedTicketRoom = parseTicketRoom(roomName);
if (parsedTicketRoom) {
if (!request?.url) {
throw new Error('Ticket validation failed: missing request URL');
}
let token = null;
try {
const url = new URL(request.url, 'http://localhost');
token = url.searchParams.get('token');
} catch (error) {
console.error('[Hocuspocus] Failed to parse request URL for ticket validation:', error);
throw new Error('Ticket validation failed: invalid request URL');
}
if (!token) {
throw new Error('Ticket validation failed: missing token');
}
let claims;
try {
claims = jwt.verify(token, getHocuspocusJwtSecret());
} catch (error) {
throw new Error(`Ticket validation failed: ${error instanceof Error ? error.message : 'invalid token'}`);
}
if (claims?.tenantId !== parsedTicketRoom.tenantId) {
throw new Error('Ticket validation failed: room tenant mismatch');
}
if (claims?.ticketId !== parsedTicketRoom.ticketId) {
throw new Error('Ticket validation failed: room ticket mismatch');
}
return {
status: 'ok',
tenantId: parsedTicketRoom.tenantId,
ticketId: parsedTicketRoom.ticketId,
userId: claims.userId,
};
}
const parsedRoom = parseDocumentRoom(roomName);
if (!parsedRoom) {
return { status: 'bypass', reason: 'non-document' };
}
const tenantFromRequest = getTenantFromRequest(request);
if (!tenantFromRequest) {
throw new Error('Tenant validation failed: missing tenantId');
}
if (tenantFromRequest !== parsedRoom.tenantId) {
throw new Error('Tenant validation failed: room tenant mismatch');
}
return {
status: 'ok',
tenantId: tenantFromRequest,
documentId: parsedRoom.documentId,
};
}
Reference in New Issue View Git Blame Copy Permalink