WIp - fix login into central

2025-12-23 22:16:58 +01:00
parent 838a010fb2
commit e4f3bad971
8 changed files with 574 additions and 19 deletions
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -1,6 +1,7 @@
 import { Injectable } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { TenantDatabaseService } from '../tenant/tenant-database.service';
+import { getCentralPrisma } from '../prisma/central-prisma.service';
 import * as bcrypt from 'bcrypt';

@Injectable()
@@ -10,11 +11,24 @@ export class AuthService {
    private jwtService: JwtService,
  ) {}

+  private isCentralSubdomain(subdomain: string): boolean {
+    const centralSubdomains = (process.env.CENTRAL_SUBDOMAINS || 'central,admin').split(',');
+    return centralSubdomains.includes(subdomain);
+  }
+
  async validateUser(
    tenantId: string,
    email: string,
    password: string,
+    subdomain?: string,
  ): Promise<any> {
+
+    // Check if this is a central subdomain
+    if (subdomain && this.isCentralSubdomain(subdomain)) {
+      return this.validateCentralUser(email, password);
+    }
+
+    // Otherwise, validate as tenant user
    const tenantDb = await this.tenantDbService.getTenantKnex(tenantId);
    
    const user = await tenantDb('users')
@@ -43,6 +57,31 @@ export class AuthService {
    return null;
  }

+  private async validateCentralUser(
+    email: string,
+    password: string,
+  ): Promise<any> {
+    const centralPrisma = getCentralPrisma();
+    
+    const user = await centralPrisma.user.findUnique({
+      where: { email },
+    });
+
+    if (!user) {
+      return null;
+    }
+
+    if (await bcrypt.compare(password, user.password)) {
+      const { password: _, ...result } = user;
+      return {
+        ...result,
+        isCentralAdmin: true,
+      };
+    }
+
+    return null;
+  }
+
  async login(user: any) {
    const payload = {
      sub: user.id,
@@ -66,7 +105,14 @@ export class AuthService {
    password: string,
    firstName?: string,
    lastName?: string,
+    subdomain?: string,
  ) {
+    // Check if this is a central subdomain
+    if (subdomain && this.isCentralSubdomain(subdomain)) {
+      return this.registerCentralUser(email, password, firstName, lastName);
+    }
+
+    // Otherwise, register as tenant user
    const tenantDb = await this.tenantDbService.getTenantKnex(tenantId);
    
    const hashedPassword = await bcrypt.hash(password, 10);
@@ -88,4 +134,28 @@ export class AuthService {
    const { password: _, ...result } = user;
    return result;
  }
+
+  private async registerCentralUser(
+    email: string,
+    password: string,
+    firstName?: string,
+    lastName?: string,
+  ) {
+    const centralPrisma = getCentralPrisma();
+    
+    const hashedPassword = await bcrypt.hash(password, 10);
+
+    const user = await centralPrisma.user.create({
+      data: {
+        email,
+        password: hashedPassword,
+        firstName: firstName || null,
+        lastName: lastName || null,
+        isActive: true,
+      },
+    });
+
+    const { password: _, ...result } = user;
+    return result;
+  }
 }