neogenia/neo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: neogenia:f68321c802ac4513e00cdc5e9aa990712660e3db
Branches Tags
neogenia:master neogenia:nitro-bff neogenia:aiprocessbuilder2 neogenia:copilot-worktree-2026-01-31T01-10-57 neogenia:list-view-search neogenia:codex/add-contact-and-contact-details-objects neogenia:drawer neogenia:managefields neogenia:feature/salesforce-authorization neogenia:feature/twilio neogenia:permissions neogenia:schemaoperations neogenia:pagelayouts
...
compare: neogenia:nitro-bff
Branches Tags
neogenia:nitro-bff neogenia:aiprocessbuilder2 neogenia:master neogenia:copilot-worktree-2026-01-31T01-10-57 neogenia:list-view-search neogenia:codex/add-contact-and-contact-details-objects neogenia:drawer neogenia:managefields neogenia:feature/salesforce-authorization neogenia:feature/twilio neogenia:permissions neogenia:schemaoperations neogenia:pagelayouts

4 Commits
f68321c802 ... nitro-bff

Author SHA1 Message Date
Francisco Gaona
eb1619c56c WIP - fix AI suggestions during call progress 2026-02-05 03:02:02 +01:00
Francisco Gaona
9226442525 WIP - fix twilio functionality now that we use BFF 2026-02-05 02:41:54 +01:00
Francisco Gaona
49a571215d WIP - fix browser refresh not holding user authentication 2026-02-04 08:55:08 +01:00
Francisco Gaona
0e2f3dddbc WIP - BFF 2026-02-04 00:21:06 +01:00
24 changed files with 1037 additions and 400 deletions
Expand all files Collapse all files

4
.env.web
View File

@@ -1,5 +1,5 @@
NUXT_PORT=3001 NUXT_PORT=3001
NUXT_HOST=0.0.0.0 NUXT_HOST=0.0.0.0
# Point Nuxt to the API container (not localhost) # Nitro BFF backend URL (server-only, not exposed to client)
NUXT_PUBLIC_API_BASE_URL=https://tenant1.routebox.co BACKEND_URL=https://backend.routebox.co

18
backend/src/app-builder/app-builder.service.ts
View File

@@ -10,14 +10,14 @@ export class AppBuilderService {
// Runtime endpoints // Runtime endpoints
async getApps(tenantId: string, userId: string) { async getApps(tenantId: string, userId: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
// For now, return all apps // For now, return all apps
// In production, you'd filter by user permissions // In production, you'd filter by user permissions
return App.query(knex).withGraphFetched('pages').orderBy('label', 'asc'); return App.query(knex).withGraphFetched('pages').orderBy('label', 'asc');
} }
async getApp(tenantId: string, slug: string, userId: string) { async getApp(tenantId: string, slug: string, userId: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const app = await App.query(knex) const app = await App.query(knex)
.findOne({ slug }) .findOne({ slug })
.withGraphFetched('pages'); .withGraphFetched('pages');
@@ -35,7 +35,7 @@ export class AppBuilderService {
pageSlug: string, pageSlug: string,
userId: string, userId: string,
) { ) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const app = await this.getApp(tenantId, appSlug, userId); const app = await this.getApp(tenantId, appSlug, userId);
const page = await AppPage.query(knex).findOne({ const page = await AppPage.query(knex).findOne({
@@ -52,12 +52,12 @@ export class AppBuilderService {
// Setup endpoints // Setup endpoints
async getAllApps(tenantId: string) { async getAllApps(tenantId: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
return App.query(knex).withGraphFetched('pages').orderBy('label', 'asc'); return App.query(knex).withGraphFetched('pages').orderBy('label', 'asc');
} }
async getAppForSetup(tenantId: string, slug: string) { async getAppForSetup(tenantId: string, slug: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const app = await App.query(knex) const app = await App.query(knex)
.findOne({ slug }) .findOne({ slug })
.withGraphFetched('pages'); .withGraphFetched('pages');
@@ -77,7 +77,7 @@ export class AppBuilderService {
description?: string; description?: string;
}, },
) { ) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
return App.query(knex).insert({ return App.query(knex).insert({
...data, ...data,
displayOrder: 0, displayOrder: 0,
@@ -92,7 +92,7 @@ export class AppBuilderService {
description?: string; description?: string;
}, },
) { ) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const app = await this.getAppForSetup(tenantId, slug); const app = await this.getAppForSetup(tenantId, slug);
return App.query(knex).patchAndFetchById(app.id, data); return App.query(knex).patchAndFetchById(app.id, data);
@@ -109,7 +109,7 @@ export class AppBuilderService {
sortOrder?: number; sortOrder?: number;
}, },
) { ) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const app = await this.getAppForSetup(tenantId, appSlug); const app = await this.getAppForSetup(tenantId, appSlug);
return AppPage.query(knex).insert({ return AppPage.query(knex).insert({
@@ -133,7 +133,7 @@ export class AppBuilderService {
sortOrder?: number; sortOrder?: number;
}, },
) { ) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const app = await this.getAppForSetup(tenantId, appSlug); const app = await this.getAppForSetup(tenantId, appSlug);
const page = await AppPage.query(knex).findOne({ const page = await AppPage.query(knex).findOne({

15
backend/src/auth/auth.controller.ts
View File

@@ -1,15 +1,19 @@
import { import {
Controller, Controller,
Post, Post,
Get,
Body, Body,
UnauthorizedException, UnauthorizedException,
HttpCode, HttpCode,
HttpStatus, HttpStatus,
Req, Req,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { IsEmail, IsString, MinLength, IsOptional } from 'class-validator'; import { IsEmail, IsString, MinLength, IsOptional } from 'class-validator';
import { AuthService } from './auth.service'; import { AuthService } from './auth.service';
import { TenantId } from '../tenant/tenant.decorator'; import { TenantId } from '../tenant/tenant.decorator';
import { JwtAuthGuard } from './jwt-auth.guard';
import { CurrentUser } from './current-user.decorator';
class LoginDto { class LoginDto {
@IsEmail() @IsEmail()
@@ -111,4 +115,15 @@ export class AuthController {
// This endpoint exists for consistency and potential future enhancements // This endpoint exists for consistency and potential future enhancements
return { message: 'Logged out successfully' }; return { message: 'Logged out successfully' };
} }
@UseGuards(JwtAuthGuard)
@Get('me')
async me(@CurrentUser() user: any, @TenantId() tenantId: string) {
// Return the current authenticated user info
return {
id: user.userId,
email: user.email,
tenantId: tenantId || user.tenantId,
};
}
} }

4
backend/src/auth/auth.service.ts
View File

@@ -29,7 +29,7 @@ export class AuthService {
} }
// Otherwise, validate as tenant user // Otherwise, validate as tenant user
const tenantDb = await this.tenantDbService.getTenantKnex(tenantId); const tenantDb = await this.tenantDbService.getTenantKnexById(tenantId);
const user = await tenantDb('users') const user = await tenantDb('users')
.where({ email }) .where({ email })
@@ -113,7 +113,7 @@ export class AuthService {
} }
// Otherwise, register as tenant user // Otherwise, register as tenant user
const tenantDb = await this.tenantDbService.getTenantKnex(tenantId); const tenantDb = await this.tenantDbService.getTenantKnexById(tenantId);
const hashedPassword = await bcrypt.hash(password, 10); const hashedPassword = await bcrypt.hash(password, 10);

12
backend/src/page-layout/page-layout.service.ts
View File

@@ -7,7 +7,7 @@ export class PageLayoutService {
constructor(private tenantDbService: TenantDatabaseService) {} constructor(private tenantDbService: TenantDatabaseService) {}
async create(tenantId: string, createDto: CreatePageLayoutDto) { async create(tenantId: string, createDto: CreatePageLayoutDto) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const layoutType = createDto.layoutType || 'detail'; const layoutType = createDto.layoutType || 'detail';
// If this layout is set as default, unset other defaults for the same object and layout type // If this layout is set as default, unset other defaults for the same object and layout type
@@ -32,7 +32,7 @@ export class PageLayoutService {
} }
async findAll(tenantId: string, objectId?: string, layoutType?: PageLayoutType) { async findAll(tenantId: string, objectId?: string, layoutType?: PageLayoutType) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
let query = knex('page_layouts'); let query = knex('page_layouts');
@@ -49,7 +49,7 @@ export class PageLayoutService {
} }
async findOne(tenantId: string, id: string) { async findOne(tenantId: string, id: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const layout = await knex('page_layouts').where({ id }).first(); const layout = await knex('page_layouts').where({ id }).first();
@@ -61,7 +61,7 @@ export class PageLayoutService {
} }
async findDefaultByObject(tenantId: string, objectId: string, layoutType: PageLayoutType = 'detail') { async findDefaultByObject(tenantId: string, objectId: string, layoutType: PageLayoutType = 'detail') {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
const layout = await knex('page_layouts') const layout = await knex('page_layouts')
.where({ object_id: objectId, is_default: true, layout_type: layoutType }) .where({ object_id: objectId, is_default: true, layout_type: layoutType })
@@ -71,7 +71,7 @@ export class PageLayoutService {
} }
async update(tenantId: string, id: string, updateDto: UpdatePageLayoutDto) { async update(tenantId: string, id: string, updateDto: UpdatePageLayoutDto) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
// Check if layout exists // Check if layout exists
const layout = await this.findOne(tenantId, id); const layout = await this.findOne(tenantId, id);
@@ -112,7 +112,7 @@ export class PageLayoutService {
} }
async remove(tenantId: string, id: string) { async remove(tenantId: string, id: string) {
const knex = await this.tenantDbService.getTenantKnex(tenantId); const knex = await this.tenantDbService.getTenantKnexById(tenantId);
await this.findOne(tenantId, id); await this.findOne(tenantId, id);

63
backend/src/tenant/tenant.controller.ts
View File

@@ -16,26 +16,45 @@ import { TenantId } from './tenant.decorator';
export class TenantController { export class TenantController {
constructor(private readonly tenantDbService: TenantDatabaseService) {} constructor(private readonly tenantDbService: TenantDatabaseService) {}
/**
* Helper to find tenant by ID or domain
*/
private async findTenant(identifier: string) {
const centralPrisma = getCentralPrisma();
// Check if identifier is a CUID (tenant ID) or a domain
const isCUID = /^c[a-z0-9]{24}$/i.test(identifier);
if (isCUID) {
// Look up by tenant ID directly
return centralPrisma.tenant.findUnique({
where: { id: identifier },
select: { id: true, integrationsConfig: true },
});
} else {
// Look up by domain
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain: identifier },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
return domainRecord?.tenant;
}
}
/** /**
* Get integrations configuration for the current tenant * Get integrations configuration for the current tenant
*/ */
@Get('integrations') @Get('integrations')
async getIntegrationsConfig(@TenantId() domain: string) { async getIntegrationsConfig(@TenantId() tenantIdentifier: string) {
const centralPrisma = getCentralPrisma(); const tenant = await this.findTenant(tenantIdentifier);
// Look up tenant by domain if (!tenant || !tenant.integrationsConfig) {
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
if (!domainRecord?.tenant || !domainRecord.tenant.integrationsConfig) {
return { data: null }; return { data: null };
} }
// Decrypt the config // Decrypt the config
const config = this.tenantDbService.decryptIntegrationsConfig( const config = this.tenantDbService.decryptIntegrationsConfig(
domainRecord.tenant.integrationsConfig as any, tenant.integrationsConfig as any,
); );
// Return config with sensitive fields masked // Return config with sensitive fields masked
@@ -49,31 +68,26 @@ export class TenantController {
*/ */
@Put('integrations') @Put('integrations')
async updateIntegrationsConfig( async updateIntegrationsConfig(
@TenantId() domain: string, @TenantId() tenantIdentifier: string,
@Body() body: { integrationsConfig: any }, @Body() body: { integrationsConfig: any },
) { ) {
const { integrationsConfig } = body; const { integrationsConfig } = body;
if (!domain) { if (!tenantIdentifier) {
throw new Error('Domain is missing from request'); throw new Error('Tenant identifier is missing from request');
} }
// Look up tenant by domain const tenant = await this.findTenant(tenantIdentifier);
const centralPrisma = getCentralPrisma();
const domainRecord = await centralPrisma.domain.findUnique({
where: { domain },
include: { tenant: { select: { id: true, integrationsConfig: true } } },
});
if (!domainRecord?.tenant) { if (!tenant) {
throw new Error(`Tenant with domain ${domain} not found`); throw new Error(`Tenant with identifier ${tenantIdentifier} not found`);
} }
// Merge with existing config to preserve masked values // Merge with existing config to preserve masked values
let finalConfig = integrationsConfig; let finalConfig = integrationsConfig;
if (domainRecord.tenant.integrationsConfig) { if (tenant.integrationsConfig) {
const existingConfig = this.tenantDbService.decryptIntegrationsConfig( const existingConfig = this.tenantDbService.decryptIntegrationsConfig(
domainRecord.tenant.integrationsConfig as any, tenant.integrationsConfig as any,
); );
// Replace masked values with actual values from existing config // Replace masked values with actual values from existing config
@@ -86,8 +100,9 @@ export class TenantController {
); );
// Update in database // Update in database
const centralPrisma = getCentralPrisma();
await centralPrisma.tenant.update({ await centralPrisma.tenant.update({
where: { id: domainRecord.tenant.id }, where: { id: tenant.id },
data: { data: {
integrationsConfig: encryptedConfig as any, integrationsConfig: encryptedConfig as any,
}, },

98
backend/src/tenant/tenant.middleware.ts
View File

@@ -14,61 +14,61 @@ export class TenantMiddleware implements NestMiddleware {
next: () => void, next: () => void,
) { ) {
try { try {
// Extract subdomain from hostname // Priority 1: Check x-tenant-subdomain header from Nitro BFF proxy
const host = req.headers.host || ''; // This is the primary method when using the BFF architecture
const hostname = host.split(':')[0]; // Remove port if present let subdomain = req.headers['x-tenant-subdomain'] as string | null;
// Check Origin header to get frontend subdomain (for API calls)
const origin = req.headers.origin as string;
const referer = req.headers.referer as string;
let parts = hostname.split('.');
this.logger.log(`Host header: ${host}, hostname: ${hostname}, origin: ${origin}, referer: ${referer}, parts: ${JSON.stringify(parts)}`);
// For local development, accept x-tenant-id header
let tenantId = req.headers['x-tenant-id'] as string; let tenantId = req.headers['x-tenant-id'] as string;
let subdomain: string | null = null;
this.logger.log(`Host header: ${host}, hostname: ${hostname}, parts: ${JSON.stringify(parts)}, x-tenant-id: ${tenantId}`); if (subdomain) {
this.logger.log(`Using x-tenant-subdomain header: ${subdomain}`);
}
// Try to extract subdomain from Origin header first (for API calls from frontend) // Priority 2: Fall back to extracting subdomain from Origin/Host headers
if (origin) { // This supports direct backend access for development/testing
try { if (!subdomain && !tenantId) {
const originUrl = new URL(origin); const host = req.headers.host || '';
const originHost = originUrl.hostname; const hostname = host.split(':')[0];
parts = originHost.split('.'); const origin = req.headers.origin as string;
this.logger.log(`Using Origin header hostname: ${originHost}, parts: ${JSON.stringify(parts)}`); const referer = req.headers.referer as string;
} catch (error) {
this.logger.warn(`Failed to parse origin: ${origin}`); let parts = hostname.split('.');
this.logger.log(`Host header: ${host}, hostname: ${hostname}, origin: ${origin}, referer: ${referer}`);
// Try to extract subdomain from Origin header first (for API calls from frontend)
if (origin) {
try {
const originUrl = new URL(origin);
const originHost = originUrl.hostname;
parts = originHost.split('.');
this.logger.log(`Using Origin header hostname: ${originHost}, parts: ${JSON.stringify(parts)}`);
} catch (error) {
this.logger.warn(`Failed to parse origin: ${origin}`);
}
} else if (referer) {
// Fallback to Referer if no Origin
try {
const refererUrl = new URL(referer);
const refererHost = refererUrl.hostname;
parts = refererHost.split('.');
this.logger.log(`Using Referer header hostname: ${refererHost}, parts: ${JSON.stringify(parts)}`);
} catch (error) {
this.logger.warn(`Failed to parse referer: ${referer}`);
}
} }
} else if (referer && !tenantId) {
// Fallback to Referer if no Origin // Extract subdomain (e.g., "tenant1" from "tenant1.routebox.co")
try { if (parts.length >= 3) {
const refererUrl = new URL(referer); subdomain = parts[0];
const refererHost = refererUrl.hostname; if (subdomain === 'www') {
parts = refererHost.split('.'); subdomain = null;
this.logger.log(`Using Referer header hostname: ${refererHost}, parts: ${JSON.stringify(parts)}`); }
} catch (error) { } else if (parts.length === 2 && parts[1] === 'localhost') {
this.logger.warn(`Failed to parse referer: ${referer}`); subdomain = parts[0];
} }
} }
// Extract subdomain (e.g., "tenant1" from "tenant1.routebox.co") this.logger.log(`Extracted subdomain: ${subdomain}, x-tenant-id: ${tenantId}`);
// For production domains with 3+ parts, extract first part as subdomain
if (parts.length >= 3) {
subdomain = parts[0];
// Ignore www subdomain
if (subdomain === 'www') {
subdomain = null;
}
}
// For development (e.g., tenant1.localhost), also check 2 parts
else if (parts.length === 2 && parts[1] === 'localhost') {
subdomain = parts[0];
}
this.logger.log(`Extracted subdomain: ${subdomain}`);
// Always attach subdomain to request if present // Always attach subdomain to request if present
if (subdomain) { if (subdomain) {
@@ -122,7 +122,7 @@ export class TenantMiddleware implements NestMiddleware {
// Attach tenant info to request object // Attach tenant info to request object
(req as any).tenantId = tenantId; (req as any).tenantId = tenantId;
} else { } else {
this.logger.warn(`No tenant identified from host: ${hostname}`); this.logger.warn(`No tenant identified from host: ${subdomain}`);
} }
next(); next();

138
backend/src/voice/voice.controller.ts
View File

@@ -98,37 +98,75 @@ export class VoiceController {
/** /**
* TwiML for outbound calls from browser (Twilio Device) * TwiML for outbound calls from browser (Twilio Device)
* Twilio sends application/x-www-form-urlencoded data
*/ */
@Post('twiml/outbound') @Post('twiml/outbound')
async outboundTwiml(@Req() req: FastifyRequest, @Res() res: FastifyReply) { async outboundTwiml(@Req() req: FastifyRequest, @Res() res: FastifyReply) {
const body = req.body as any; // Parse body - Twilio sends URL-encoded form data
let body = req.body as any;
// Handle case where body might be parsed as JSON key (URL-encoded string as key)
if (body && typeof body === 'object' && Object.keys(body).length === 1) {
const key = Object.keys(body)[0];
if (key.startsWith('{') || key.includes('=')) {
try {
// Try parsing as JSON if it looks like JSON
if (key.startsWith('{')) {
body = JSON.parse(key);
} else {
// Parse as URL-encoded
const params = new URLSearchParams(key);
body = Object.fromEntries(params.entries());
}
} catch (e) {
this.logger.warn(`Failed to re-parse body: ${e.message}`);
}
}
}
const to = body.To; const to = body.To;
const from = body.From; const from = body.From; // Format: "client:tenantId:userId"
const callSid = body.CallSid; const callSid = body.CallSid;
this.logger.log(`=== TwiML OUTBOUND REQUEST RECEIVED ===`); this.logger.log(`=== TwiML OUTBOUND REQUEST RECEIVED ===`);
this.logger.log(`CallSid: ${callSid}, Body From: ${from}, Body To: ${to}`); this.logger.log(`CallSid: ${callSid}, From: ${from}, To: ${to}`);
this.logger.log(`Full body: ${JSON.stringify(body)}`);
try { try {
// Extract tenant domain from Host header // Extract tenant ID from the client identity
const host = req.headers.host || ''; // Format: "client:tenantId:userId"
const tenantDomain = host.split('.')[0]; // e.g., "tenant1" from "tenant1.routebox.co" let tenantId: string | null = null;
if (from && from.startsWith('client:')) {
const parts = from.replace('client:', '').split(':');
if (parts.length >= 2) {
tenantId = parts[0]; // First part is tenantId
this.logger.log(`Extracted tenantId from client identity: ${tenantId}`);
}
}
this.logger.log(`Extracted tenant domain: ${tenantDomain}`); if (!tenantId) {
this.logger.error(`Could not extract tenant from From: ${from}`);
throw new Error('Could not determine tenant from call');
}
// Look up tenant's Twilio phone number from config // Look up tenant's Twilio phone number from config
let callerId = to; // Fallback (will cause error if not found) let callerId: string | undefined;
try { try {
// Get Twilio config to find the phone number const { config } = await this.voiceService['getTwilioClient'](tenantId);
const { config } = await this.voiceService['getTwilioClient'](tenantDomain);
callerId = config.phoneNumber; callerId = config.phoneNumber;
this.logger.log(`Retrieved Twilio phone number for tenant: ${callerId}`); this.logger.log(`Retrieved Twilio phone number for tenant: ${callerId}`);
} catch (error: any) { } catch (error: any) {
this.logger.error(`Failed to get Twilio config: ${error.message}`); this.logger.error(`Failed to get Twilio config: ${error.message}`);
throw error;
} }
const dialNumber = to; if (!callerId) {
throw new Error('No caller ID configured for tenant');
}
const dialNumber = to?.trim();
if (!dialNumber) {
throw new Error('No destination number provided');
}
this.logger.log(`Using callerId: ${callerId}, dialNumber: ${dialNumber}`); this.logger.log(`Using callerId: ${callerId}, dialNumber: ${dialNumber}`);
@@ -145,10 +183,9 @@ export class VoiceController {
} catch (error: any) { } catch (error: any) {
this.logger.error(`=== ERROR GENERATING TWIML ===`); this.logger.error(`=== ERROR GENERATING TWIML ===`);
this.logger.error(`Error: ${error.message}`); this.logger.error(`Error: ${error.message}`);
this.logger.error(`Stack: ${error.stack}`);
const errorTwiml = `<?xml version="1.0" encoding="UTF-8"?> const errorTwiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response> <Response>
<Say>An error occurred while processing your call.</Say> <Say>An error occurred while processing your call. ${error.message}</Say>
</Response>`; </Response>`;
res.type('text/xml').send(errorTwiml); res.type('text/xml').send(errorTwiml);
} }
@@ -156,13 +193,33 @@ export class VoiceController {
/** /**
* TwiML for inbound calls * TwiML for inbound calls
* Twilio sends application/x-www-form-urlencoded data
*/ */
@Post('twiml/inbound') @Post('twiml/inbound')
async inboundTwiml(@Req() req: FastifyRequest, @Res() res: FastifyReply) { async inboundTwiml(@Req() req: FastifyRequest, @Res() res: FastifyReply) {
const body = req.body as any; // Parse body - Twilio sends URL-encoded form data
let body = req.body as any;
// Handle case where body might be parsed incorrectly
if (body && typeof body === 'object' && Object.keys(body).length === 1) {
const key = Object.keys(body)[0];
if (key.startsWith('{') || key.includes('=')) {
try {
if (key.startsWith('{')) {
body = JSON.parse(key);
} else {
const params = new URLSearchParams(key);
body = Object.fromEntries(params.entries());
}
} catch (e) {
this.logger.warn(`Failed to re-parse body: ${e.message}`);
}
}
}
const callSid = body.CallSid; const callSid = body.CallSid;
const fromNumber = body.From; const fromNumber = body.From;
const toNumber = body.To; const toNumber = body.To; // This is the Twilio phone number that was called
this.logger.log(`\n\n╔════════════════════════════════════════╗`); this.logger.log(`\n\n╔════════════════════════════════════════╗`);
this.logger.log(`║ === INBOUND CALL RECEIVED ===`); this.logger.log(`║ === INBOUND CALL RECEIVED ===`);
@@ -170,19 +227,28 @@ export class VoiceController {
this.logger.log(`CallSid: ${callSid}`); this.logger.log(`CallSid: ${callSid}`);
this.logger.log(`From: ${fromNumber}`); this.logger.log(`From: ${fromNumber}`);
this.logger.log(`To: ${toNumber}`); this.logger.log(`To: ${toNumber}`);
this.logger.log(`Full body: ${JSON.stringify(body)}`);
try { try {
// Extract tenant domain from Host header // Look up tenant by the Twilio phone number that was called
const host = req.headers.host || ''; const tenantInfo = await this.voiceService.findTenantByPhoneNumber(toNumber);
const tenantDomain = host.split('.')[0]; // e.g., "tenant1" from "tenant1.routebox.co"
this.logger.log(`Extracted tenant domain: ${tenantDomain}`); if (!tenantInfo) {
this.logger.error(`No tenant found for phone number: ${toNumber}`);
const twiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Say>Sorry, this number is not configured. Please contact support.</Say>
<Hangup/>
</Response>`;
return res.type('text/xml').send(twiml);
}
const tenantId = tenantInfo.tenantId;
this.logger.log(`Found tenant: ${tenantId}`);
// Get all connected users for this tenant // Get all connected users for this tenant
const connectedUsers = this.voiceGateway.getConnectedUsers(tenantDomain); const connectedUsers = this.voiceGateway.getConnectedUsers(tenantId);
this.logger.log(`Connected users for tenant ${tenantDomain}: ${connectedUsers.length}`); this.logger.log(`Connected users for tenant ${tenantId}: ${connectedUsers.length}`);
if (connectedUsers.length > 0) { if (connectedUsers.length > 0) {
this.logger.log(`Connected user IDs: ${connectedUsers.join(', ')}`); this.logger.log(`Connected user IDs: ${connectedUsers.join(', ')}`);
} }
@@ -198,20 +264,22 @@ export class VoiceController {
return res.type('text/xml').send(twiml); return res.type('text/xml').send(twiml);
} }
// Build TwiML to dial all connected clients with Media Streams for AI // Build TwiML to dial all connected clients
const clientElements = connectedUsers.map(userId => ` <Client>${userId}</Client>`).join('\n'); // Client identity format is now: tenantId:userId
const clientElements = connectedUsers.map(userId => ` <Client>${tenantId}:${userId}</Client>`).join('\n');
// Use wss:// for secure WebSocket (Traefik handles HTTPS) // Log the client identities being dialed
this.logger.log(`Client identities being dialed:`);
connectedUsers.forEach(userId => {
this.logger.log(` - ${tenantId}:${userId}`);
});
// Use wss:// for secure WebSocket
const host = req.headers.host || 'backend.routebox.co';
const streamUrl = `wss://${host}/api/voice/media-stream`; const streamUrl = `wss://${host}/api/voice/media-stream`;
this.logger.log(`Stream URL: ${streamUrl}`); this.logger.log(`Stream URL: ${streamUrl}`);
this.logger.log(`Dialing ${connectedUsers.length} client(s)...`); this.logger.log(`Dialing ${connectedUsers.length} client(s)...`);
this.logger.log(`Client IDs to dial: ${connectedUsers.join(', ')}`);
// Verify we have client IDs in proper format
if (connectedUsers.length > 0) {
this.logger.log(`First Client ID format check: "${connectedUsers[0]}" (length: ${connectedUsers[0].length})`);
}
// Notify connected users about incoming call via Socket.IO // Notify connected users about incoming call via Socket.IO
connectedUsers.forEach(userId => { connectedUsers.forEach(userId => {
@@ -219,7 +287,7 @@ export class VoiceController {
callSid, callSid,
fromNumber, fromNumber,
toNumber, toNumber,
tenantDomain, tenantId,
}); });
}); });
@@ -227,7 +295,7 @@ export class VoiceController {
<Response> <Response>
<Start> <Start>
<Stream url="${streamUrl}"> <Stream url="${streamUrl}">
<Parameter name="tenantId" value="${tenantDomain}"/> <Parameter name="tenantId" value="${tenantId}"/>
<Parameter name="userId" value="${connectedUsers[0]}"/> <Parameter name="userId" value="${connectedUsers[0]}"/>
</Stream> </Stream>
</Start> </Start>
@@ -236,7 +304,7 @@ ${clientElements}
</Dial> </Dial>
</Response>`; </Response>`;
this.logger.log(`✓ Returning inbound TwiML with Media Streams - dialing ${connectedUsers.length} client(s)`); this.logger.log(`✓ Returning inbound TwiML - dialing ${connectedUsers.length} client(s)`);
this.logger.log(`Generated TwiML:\n${twiml}\n`); this.logger.log(`Generated TwiML:\n${twiml}\n`);
res.type('text/xml').send(twiml); res.type('text/xml').send(twiml);
} catch (error: any) { } catch (error: any) {

39
backend/src/voice/voice.gateway.ts
View File

@@ -61,33 +61,41 @@ export class VoiceGateway
const payload = await this.jwtService.verifyAsync(token); const payload = await this.jwtService.verifyAsync(token);
// Extract domain from origin header (e.g., http://tenant1.routebox.co:3001) // Extract domain from origin header (e.g., http://tenant1.routebox.co:3001)
// The domains table stores just the subdomain part (e.g., "tenant1")
const origin = client.handshake.headers.origin || client.handshake.headers.referer; const origin = client.handshake.headers.origin || client.handshake.headers.referer;
let domain = 'localhost'; let subdomain = 'localhost';
if (origin) { if (origin) {
try { try {
const url = new URL(origin); const url = new URL(origin);
const hostname = url.hostname; // e.g., tenant1.routebox.co or localhost const hostname = url.hostname;
subdomain = hostname.split('.')[0];
// Extract first part of subdomain as domain
// tenant1.routebox.co -> tenant1
// localhost -> localhost
domain = hostname.split('.')[0];
} catch (error) { } catch (error) {
this.logger.warn(`Failed to parse origin: ${origin}`); this.logger.warn(`Failed to parse origin: ${origin}`);
} }
} }
client.tenantId = domain; // Store the subdomain as tenantId // Resolve the actual tenantId (UUID) from the subdomain
let tenantId: string | null = null;
try {
const tenant = await this.tenantDbService.getTenantByDomain(subdomain);
if (tenant) {
tenantId = tenant.id;
this.logger.log(`Resolved tenant ${subdomain} -> ${tenantId}`);
}
} catch (error) {
this.logger.warn(`Failed to resolve tenant for subdomain ${subdomain}: ${error.message}`);
}
// Fall back to subdomain if tenant lookup fails
client.tenantId = tenantId || subdomain;
client.userId = payload.sub; client.userId = payload.sub;
client.tenantSlug = domain; // Same as subdomain client.tenantSlug = subdomain;
this.connectedUsers.set(client.userId, client); this.connectedUsers.set(client.userId, client);
this.logger.log( this.logger.log(
`✓ Client connected: ${client.id} (User: ${client.userId}, Domain: ${domain})`, `✓ Client connected: ${client.id} (User: ${client.userId}, TenantId: ${client.tenantId}, Subdomain: ${subdomain})`,
); );
this.logger.log(`Total connected users in ${domain}: ${this.getConnectedUsers(domain).length}`); this.logger.log(`Total connected users in tenant ${client.tenantId}: ${this.getConnectedUsers(client.tenantId).length}`);
// Send current call state if any active call // Send current call state if any active call
const activeCallSid = this.activeCallsByUser.get(client.userId); const activeCallSid = this.activeCallsByUser.get(client.userId);
@@ -303,13 +311,14 @@ export class VoiceGateway
/** /**
* Get connected users for a tenant * Get connected users for a tenant
* @param tenantId - The tenant UUID to filter by
*/ */
getConnectedUsers(tenantDomain?: string): string[] { getConnectedUsers(tenantId?: string): string[] {
const userIds: string[] = []; const userIds: string[] = [];
for (const [userId, socket] of this.connectedUsers.entries()) { for (const [userId, socket] of this.connectedUsers.entries()) {
// If tenantDomain specified, filter by tenant // If tenantId specified, filter by tenant
if (!tenantDomain || socket.tenantSlug === tenantDomain) { if (!tenantId || socket.tenantId === tenantId) {
userIds.push(userId); userIds.push(userId);
} }
} }

106
backend/src/voice/voice.service.ts
View File

@@ -31,46 +31,46 @@ export class VoiceService {
/** /**
* Get Twilio client for a tenant * Get Twilio client for a tenant
*/ */
private async getTwilioClient(tenantIdOrDomain: string): Promise<{ client: Twilio.Twilio; config: TwilioConfig; tenantId: string }> { private async getTwilioClient(tenantId: string): Promise<{ client: Twilio.Twilio; config: TwilioConfig; tenantId: string }> {
// Check cache first // Check cache first
if (this.twilioClients.has(tenantIdOrDomain)) { if (this.twilioClients.has(tenantId)) {
const centralPrisma = getCentralPrisma(); const centralPrisma = getCentralPrisma();
// Look up tenant by domain // Look up tenant by ID
const domainRecord = await centralPrisma.domain.findUnique({ const tenant = await centralPrisma.tenant.findUnique({
where: { domain: tenantIdOrDomain }, where: { id: tenantId },
include: { tenant: { select: { id: true, integrationsConfig: true } } }, select: { id: true, integrationsConfig: true },
}); });
const config = this.getIntegrationConfig(domainRecord?.tenant?.integrationsConfig as any); const config = this.getIntegrationConfig(tenant?.integrationsConfig as any);
return { return {
client: this.twilioClients.get(tenantIdOrDomain), client: this.twilioClients.get(tenantId),
config: config.twilio, config: config.twilio,
tenantId: domainRecord.tenant.id tenantId: tenant.id
}; };
} }
// Fetch tenant integrations config // Fetch tenant integrations config
const centralPrisma = getCentralPrisma(); const centralPrisma = getCentralPrisma();
this.logger.log(`Looking up domain: ${tenantIdOrDomain}`); this.logger.log(`Looking up tenant: ${tenantId}`);
const domainRecord = await centralPrisma.domain.findUnique({ const tenant = await centralPrisma.tenant.findUnique({
where: { domain: tenantIdOrDomain }, where: { id: tenantId },
include: { tenant: { select: { id: true, integrationsConfig: true } } }, select: { id: true, integrationsConfig: true },
}); });
this.logger.log(`Domain record found: ${!!domainRecord}, Tenant: ${!!domainRecord?.tenant}, Config: ${!!domainRecord?.tenant?.integrationsConfig}`); this.logger.log(`Tenant found: ${!!tenant}, Config: ${!!tenant?.integrationsConfig}`);
if (!domainRecord?.tenant) { if (!tenant) {
throw new Error(`Domain ${tenantIdOrDomain} not found`); throw new Error(`Tenant ${tenantId} not found`);
} }
if (!domainRecord.tenant.integrationsConfig) { if (!tenant.integrationsConfig) {
throw new Error('Tenant integrations config not found. Please configure Twilio credentials in Settings > Integrations'); throw new Error('Tenant integrations config not found. Please configure Twilio credentials in Settings > Integrations');
} }
const config = this.getIntegrationConfig(domainRecord.tenant.integrationsConfig as any); const config = this.getIntegrationConfig(tenant.integrationsConfig as any);
this.logger.log(`Config decrypted: ${!!config.twilio}, AccountSid: ${config.twilio?.accountSid?.substring(0, 10)}..., AuthToken: ${config.twilio?.authToken?.substring(0, 10)}..., Phone: ${config.twilio?.phoneNumber}`); this.logger.log(`Config decrypted: ${!!config.twilio}, AccountSid: ${config.twilio?.accountSid?.substring(0, 10)}..., AuthToken: ${config.twilio?.authToken?.substring(0, 10)}..., Phone: ${config.twilio?.phoneNumber}`);
@@ -79,9 +79,9 @@ export class VoiceService {
} }
const client = Twilio.default(config.twilio.accountSid, config.twilio.authToken); const client = Twilio.default(config.twilio.accountSid, config.twilio.authToken);
this.twilioClients.set(tenantIdOrDomain, client); this.twilioClients.set(tenantId, client);
return { client, config: config.twilio, tenantId: domainRecord.tenant.id }; return { client, config: config.twilio, tenantId: tenant.id };
} }
/** /**
@@ -105,22 +105,64 @@ export class VoiceService {
return {}; return {};
} }
/**
* Find tenant by their configured Twilio phone number
* Used for inbound call routing
*/
async findTenantByPhoneNumber(phoneNumber: string): Promise<{ tenantId: string; config: TwilioConfig } | null> {
const centralPrisma = getCentralPrisma();
// Normalize phone number (remove spaces, ensure + prefix for comparison)
const normalizedPhone = phoneNumber.replace(/\s+/g, '').replace(/^(\d)/, '+$1');
this.logger.log(`Looking up tenant by phone number: ${normalizedPhone}`);
// Get all tenants with integrations config
const tenants = await centralPrisma.tenant.findMany({
where: {
integrationsConfig: { not: null },
},
select: { id: true, integrationsConfig: true },
});
for (const tenant of tenants) {
const config = this.getIntegrationConfig(tenant.integrationsConfig as any);
if (config.twilio?.phoneNumber) {
const tenantPhone = config.twilio.phoneNumber.replace(/\s+/g, '').replace(/^(\d)/, '+$1');
if (tenantPhone === normalizedPhone) {
this.logger.log(`Found tenant ${tenant.id} for phone number ${normalizedPhone}`);
return { tenantId: tenant.id, config: config.twilio };
}
}
}
this.logger.warn(`No tenant found for phone number: ${normalizedPhone}`);
return null;
}
/** /**
* Generate Twilio access token for browser Voice SDK * Generate Twilio access token for browser Voice SDK
*/ */
async generateAccessToken(tenantDomain: string, userId: string): Promise<string> { async generateAccessToken(tenantId: string, userId: string): Promise<string> {
const { config, tenantId } = await this.getTwilioClient(tenantDomain); const { config, tenantId: resolvedTenantId } = await this.getTwilioClient(tenantId);
if (!config.accountSid || !config.apiKey || !config.apiSecret) { if (!config.accountSid || !config.apiKey || !config.apiSecret) {
throw new Error('Twilio API credentials not configured. Please add API Key and Secret in Settings > Integrations'); throw new Error('Twilio API credentials not configured. Please add API Key and Secret in Settings > Integrations');
} }
// Include tenantId in the identity so we can extract it in TwiML webhooks
// Format: tenantId:userId
const identity = `${resolvedTenantId}:${userId}`;
this.logger.log(`Generating access token with identity: ${identity}`);
this.logger.log(` Input tenantId: ${tenantId}, Resolved tenantId: ${resolvedTenantId}, userId: ${userId}`);
// Create an access token // Create an access token
const token = new AccessToken( const token = new AccessToken(
config.accountSid, config.accountSid,
config.apiKey, config.apiKey,
config.apiSecret, config.apiSecret,
{ identity: userId, ttl: 3600 } // 1 hour expiry { identity, ttl: 3600 } // 1 hour expiry
); );
// Create a Voice grant // Create a Voice grant
@@ -436,20 +478,28 @@ export class VoiceService {
const { callSid, tenantId, userId } = params; const { callSid, tenantId, userId } = params;
try { try {
// Get OpenAI config - tenantId might be a domain, so look it up // Get OpenAI config - tenantId might be a domain or a tenant ID (UUID or CUID)
const centralPrisma = getCentralPrisma(); const centralPrisma = getCentralPrisma();
// Try to find tenant by domain first (if tenantId is like "tenant1") // Detect if tenantId looks like an ID (UUID or CUID) or a domain name
// UUIDs: 8-4-4-4-12 hex format
// CUIDs: 25 character alphanumeric starting with 'c'
const isUUID = /^[0-9a-f]{8}-[0-9a-f]{4}-/i.test(tenantId);
const isCUID = /^c[a-z0-9]{24}$/i.test(tenantId);
const isId = isUUID || isCUID;
let tenant; let tenant;
if (!tenantId.match(/^[0-9a-f]{8}-[0-9a-f]{4}-/i)) { if (!isId) {
// Looks like a domain, not a UUID // Looks like a domain, not an ID
this.logger.log(`Looking up tenant by domain: ${tenantId}`);
const domainRecord = await centralPrisma.domain.findUnique({ const domainRecord = await centralPrisma.domain.findUnique({
where: { domain: tenantId }, where: { domain: tenantId },
include: { tenant: { select: { id: true, integrationsConfig: true } } }, include: { tenant: { select: { id: true, integrationsConfig: true } } },
}); });
tenant = domainRecord?.tenant; tenant = domainRecord?.tenant;
} else { } else {
// It's a UUID // It's an ID (UUID or CUID)
this.logger.log(`Looking up tenant by ID: ${tenantId}`);
tenant = await centralPrisma.tenant.findUnique({ tenant = await centralPrisma.tenant.findUnique({
where: { id: tenantId }, where: { id: tenantId },
select: { id: true, integrationsConfig: true }, select: { id: true, integrationsConfig: true },

84
frontend/components/LoginForm.vue
View File

@@ -3,90 +3,32 @@ import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input' import { Input } from '@/components/ui/input'
import { Label } from '@/components/ui/label' import { Label } from '@/components/ui/label'
const config = useRuntimeConfig()
const router = useRouter() const router = useRouter()
const { toast } = useToast() const { toast } = useToast()
const { login, isLoading } = useAuth()
// Cookie for server-side auth check
const tokenCookie = useCookie('token')
// Extract subdomain from hostname (e.g., tenant1.localhost → tenant1)
const getSubdomain = () => {
if (!import.meta.client) return null
const hostname = window.location.hostname
const parts = hostname.split('.')
console.log('Extracting subdomain from:', hostname, 'parts:', parts)
// For localhost development: tenant1.localhost or localhost
if (hostname === 'localhost' || hostname === '127.0.0.1') {
return null // Use default tenant for plain localhost
}
// For subdomains like tenant1.routebox.co or tenant1.localhost
if (parts.length >= 2 && parts[0] !== 'www') {
console.log('Using subdomain:', parts[0])
return parts[0] // Return subdomain
}
return null
}
const subdomain = ref(getSubdomain())
const email = ref('') const email = ref('')
const password = ref('') const password = ref('')
const loading = ref(false)
const error = ref('') const error = ref('')
const handleLogin = async () => { const handleLogin = async () => {
try { try {
loading.value = true
error.value = '' error.value = ''
const headers: Record<string, string> = { // Use the BFF login endpoint via useAuth
'Content-Type': 'application/json', const result = await login(email.value, password.value)
if (result.success) {
toast.success('Login successful!')
// Redirect to home
router.push('/')
} else {
error.value = result.error || 'Login failed'
toast.error(result.error || 'Login failed')
} }
// Only send x-tenant-id if we have a subdomain
if (subdomain.value) {
headers['x-tenant-id'] = subdomain.value
}
const response = await fetch(`${config.public.apiBaseUrl}/api/auth/login`, {
method: 'POST',
headers,
body: JSON.stringify({
email: email.value,
password: password.value,
}),
})
if (!response.ok) {
const data = await response.json()
throw new Error(data.message || 'Login failed')
}
const data = await response.json()
// Store credentials in localStorage
// Store the tenant ID that was used for login
const tenantToStore = subdomain.value || data.user?.tenantId || 'tenant1'
localStorage.setItem('tenantId', tenantToStore)
localStorage.setItem('token', data.access_token)
localStorage.setItem('user', JSON.stringify(data.user))
// Also store token in cookie for server-side auth check
tokenCookie.value = data.access_token
toast.success('Login successful!')
// Redirect to home
router.push('/')
} catch (e: any) { } catch (e: any) {
error.value = e.message || 'Login failed' error.value = e.message || 'Login failed'
toast.error(e.message || 'Login failed') toast.error(e.message || 'Login failed')
} finally {
loading.value = false
} }
} }
</script> </script>
@@ -118,8 +60,8 @@ const handleLogin = async () => {
</div> </div>
<Input id="password" v-model="password" type="password" required /> <Input id="password" v-model="password" type="password" required />
</div> </div>
<Button type="submit" class="w-full" :disabled="loading"> <Button type="submit" class="w-full" :disabled="isLoading">
{{ loading ? 'Logging in...' : 'Login' }} {{ isLoading ? 'Logging in...' : 'Login' }}
</Button> </Button>
</div> </div>
<div class="text-center text-sm"> <div class="text-center text-sm">

35
frontend/composables/useApi.ts
View File

@@ -1,40 +1,25 @@
export const useApi = () => { export const useApi = () => {
const config = useRuntimeConfig()
const router = useRouter() const router = useRouter()
const { toast } = useToast() const { toast } = useToast()
const { isLoggedIn, logout } = useAuth() const { isLoggedIn, logout } = useAuth()
// Use current domain for API calls (same subdomain routing) /**
* API calls now go through the Nitro BFF proxy at /api/*
* The proxy handles:
* - Auth token injection from HTTP-only cookies
* - Tenant subdomain extraction and forwarding
* - Forwarding requests to the NestJS backend
*/
const getApiBaseUrl = () => { const getApiBaseUrl = () => {
if (import.meta.client) { // All API calls go through Nitro proxy - works for both SSR and client
// In browser, use current hostname but with port 3000 for API return ''
const currentHost = window.location.hostname
const protocol = window.location.protocol
//return `${protocol}//${currentHost}:3000`
return `${protocol}//${currentHost}`
}
// Fallback for SSR
return config.public.apiBaseUrl
} }
const getHeaders = () => { const getHeaders = () => {
// Headers are now minimal - auth and tenant are handled by the Nitro proxy
const headers: Record<string, string> = { const headers: Record<string, string> = {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
} }
// Add tenant ID from localStorage or state
if (import.meta.client) {
const tenantId = localStorage.getItem('tenantId')
if (tenantId) {
headers['x-tenant-id'] = tenantId
}
const token = localStorage.getItem('token')
if (token) {
headers['Authorization'] = `Bearer ${token}`
}
}
return headers return headers
} }

148
frontend/composables/useAuth.ts
View File

@@ -1,61 +1,131 @@
/**
* Authentication composable using BFF (Backend for Frontend) pattern
* Auth tokens are stored in HTTP-only cookies managed by Nitro server
* Tenant context is stored in a readable cookie for client-side access
*/
export const useAuth = () => { export const useAuth = () => {
const tokenCookie = useCookie('token')
const authMessageCookie = useCookie('authMessage') const authMessageCookie = useCookie('authMessage')
const tenantCookie = useCookie('routebox_tenant')
const router = useRouter() const router = useRouter()
const config = useRuntimeConfig()
// Reactive user state - populated from /api/auth/me
const user = useState<any>('auth_user', () => null)
const isAuthenticated = useState<boolean>('auth_is_authenticated', () => false)
const isLoading = useState<boolean>('auth_is_loading', () => false)
/**
* Check if user is logged in
* Uses server-side session validation via /api/auth/me
*/
const isLoggedIn = () => { const isLoggedIn = () => {
if (!import.meta.client) return false return isAuthenticated.value
const token = localStorage.getItem('token')
const tenantId = localStorage.getItem('tenantId')
return !!(token && tenantId)
} }
const logout = async () => { /**
if (import.meta.client) { * Login with email and password
// Call backend logout endpoint * Calls the Nitro BFF login endpoint which sets HTTP-only cookies
try { */
const token = localStorage.getItem('token') const login = async (email: string, password: string) => {
const tenantId = localStorage.getItem('tenantId') isLoading.value = true
if (token) { try {
await fetch(`${config.public.apiBaseUrl}/api/auth/logout`, { const response = await $fetch('/api/auth/login', {
method: 'POST', method: 'POST',
headers: { body: { email, password },
'Authorization': `Bearer ${token}`, })
...(tenantId && { 'x-tenant-id': tenantId }),
}, if (response.success) {
}) user.value = response.user
} isAuthenticated.value = true
} catch (error) { return { success: true, user: response.user }
console.error('Logout error:', error)
} }
// Clear local storage return { success: false, error: 'Login failed' }
localStorage.removeItem('token') } catch (error: any) {
localStorage.removeItem('tenantId') const message = error.data?.message || error.message || 'Login failed'
localStorage.removeItem('user') return { success: false, error: message }
} finally {
// Clear cookie for server-side check isLoading.value = false
tokenCookie.value = null
// Set flash message for login page
authMessageCookie.value = 'Logged out successfully'
// Redirect to login page
router.push('/login')
} }
} }
/**
* Logout user
* Calls the Nitro BFF logout endpoint which clears HTTP-only cookies
*/
const logout = async () => {
try {
await $fetch('/api/auth/logout', {
method: 'POST',
})
} catch (error) {
console.error('Logout error:', error)
}
// Clear local state
user.value = null
isAuthenticated.value = false
// Set flash message for login page
authMessageCookie.value = 'Logged out successfully'
// Redirect to login page
router.push('/login')
}
/**
* Check current authentication status
* Validates session with backend via Nitro BFF
*/
const checkAuth = async () => {
isLoading.value = true
try {
const response = await $fetch('/api/auth/me', {
method: 'GET',
})
if (response.authenticated && response.user) {
user.value = response.user
isAuthenticated.value = true
return true
}
} catch (error) {
// Session invalid or expired
user.value = null
isAuthenticated.value = false
} finally {
isLoading.value = false
}
return false
}
/**
* Get current user
*/
const getUser = () => { const getUser = () => {
if (!import.meta.client) return null return user.value
const userStr = localStorage.getItem('user') }
return userStr ? JSON.parse(userStr) : null
/**
* Get current tenant ID from cookie
*/
const getTenantId = () => {
return tenantCookie.value
} }
return { return {
// State
user,
isAuthenticated,
isLoading,
// Methods
isLoggedIn, isLoggedIn,
login,
logout, logout,
checkAuth,
getUser, getUser,
getTenantId,
} }
} }

122
frontend/composables/useSoftphone.ts
View File

@@ -1,4 +1,4 @@
import { ref, computed, onMounted, onUnmounted, shallowRef } from 'vue'; import { ref, computed, onMounted, onUnmounted, shallowRef, watch } from 'vue';
import { io, Socket } from 'socket.io-client'; import { io, Socket } from 'socket.io-client';
import { Device, Call as TwilioCall } from '@twilio/voice-sdk'; import { Device, Call as TwilioCall } from '@twilio/voice-sdk';
import { useAuth } from './useAuth'; import { useAuth } from './useAuth';
@@ -44,17 +44,6 @@ const volume = ref(100);
export function useSoftphone() { export function useSoftphone() {
const auth = useAuth(); const auth = useAuth();
// Get token and tenantId from localStorage
const getToken = () => {
if (typeof window === 'undefined') return null;
return localStorage.getItem('token');
};
const getTenantId = () => {
if (typeof window === 'undefined') return null;
return localStorage.getItem('tenantId');
};
// Computed properties // Computed properties
const isInCall = computed(() => currentCall.value !== null); const isInCall = computed(() => currentCall.value !== null);
const hasIncomingCall = computed(() => incomingCall.value !== null); const hasIncomingCall = computed(() => incomingCall.value !== null);
@@ -93,6 +82,12 @@ export function useSoftphone() {
* Initialize Twilio Device * Initialize Twilio Device
*/ */
const initializeTwilioDevice = async () => { const initializeTwilioDevice = async () => {
// Prevent re-initialization if device already exists and is registered
if (twilioDevice.value) {
console.log('Twilio Device already exists, skipping initialization');
return;
}
try { try {
// First, explicitly request microphone permission // First, explicitly request microphone permission
const hasPermission = await requestMicrophonePermission(); const hasPermission = await requestMicrophonePermission();
@@ -107,12 +102,14 @@ export function useSoftphone() {
// Log the token payload to see what identity is being used // Log the token payload to see what identity is being used
try { try {
const tokenPayload = JSON.parse(atob(token.split('.')[1])); const tokenPayload = JSON.parse(atob(token.split('.')[1]));
console.log('📱 Twilio Device identity:', tokenPayload.grants?.identity || tokenPayload.sub);
} catch (e) { } catch (e) {
console.log('Could not parse token payload'); console.log('Could not parse token payload');
} }
console.log('📱 Creating new Twilio Device...');
twilioDevice.value = new Device(token, { twilioDevice.value = new Device(token, {
logLevel: 3, logLevel: 1, // Reduce log level (1 = errors only, 3 = debug)
codecPreferences: ['opus', 'pcmu'], codecPreferences: ['opus', 'pcmu'],
enableImprovedSignalingErrorPrecision: true, enableImprovedSignalingErrorPrecision: true,
edge: 'ashburn', edge: 'ashburn',
@@ -120,10 +117,12 @@ export function useSoftphone() {
// Device events // Device events
twilioDevice.value.on('registered', () => { twilioDevice.value.on('registered', () => {
console.log('✅ Twilio Device registered successfully');
toast.success('Softphone ready'); toast.success('Softphone ready');
}); });
twilioDevice.value.on('unregistered', () => { twilioDevice.value.on('unregistered', () => {
console.log('📱 Twilio Device unregistered');
}); });
twilioDevice.value.on('error', (error) => { twilioDevice.value.on('error', (error) => {
@@ -132,6 +131,11 @@ export function useSoftphone() {
}); });
twilioDevice.value.on('incoming', (call: TwilioCall) => { twilioDevice.value.on('incoming', (call: TwilioCall) => {
console.log('📞 Twilio Device incoming call event!', {
callSid: call.parameters.CallSid,
from: call.parameters.From,
to: call.parameters.To,
});
twilioCall.value = call; twilioCall.value = call;
// Update state // Update state
@@ -210,35 +214,54 @@ export function useSoftphone() {
/** /**
* Initialize WebSocket connection * Initialize WebSocket connection
*/ */
const connect = () => { const connect = async () => {
const token = getToken(); // Guard against multiple connection attempts
if (socket.value) {
if (socket.value?.connected || !token) { console.log('Softphone: Socket already exists, skipping connection');
return; return;
} }
// Use same pattern as useApi to preserve subdomain for multi-tenant // Check if user is authenticated
const getBackendUrl = () => { if (!auth.isAuthenticated.value) {
if (typeof window !== 'undefined') { // Try to verify authentication first
const currentHost = window.location.hostname; const isValid = await auth.checkAuth();
const protocol = window.location.protocol; if (!isValid) {
return `${protocol}//${currentHost}`; console.log('Softphone: User not authenticated, skipping connection');
return;
} }
return 'http://localhost:3000'; }
};
// Connect to /voice namespace with proper auth header try {
socket.value = io(`${getBackendUrl()}/voice`, { // Get WebSocket token from BFF (this retrieves the token from HTTP-only cookie server-side)
auth: { const wsAuth = await $fetch('/api/auth/ws-token');
token: token,
}, if (!wsAuth.token) {
transports: ['websocket', 'polling'], console.log('Softphone: No WebSocket token available');
reconnection: true, return;
reconnectionDelay: 1000, }
reconnectionDelayMax: 5000,
reconnectionAttempts: 5, // Use same pattern as useApi to preserve subdomain for multi-tenant
query: {}, // Explicitly set empty query to prevent token leaking const getBackendUrl = () => {
}); if (typeof window !== 'undefined') {
const currentHost = window.location.hostname;
const protocol = window.location.protocol;
return `${protocol}//${currentHost}`;
}
return 'http://localhost:3000';
};
// Connect to /voice namespace with proper auth header
socket.value = io(`${getBackendUrl()}/voice`, {
auth: {
token: wsAuth.token,
},
transports: ['websocket', 'polling'],
reconnection: true,
reconnectionDelay: 1000,
reconnectionDelayMax: 5000,
reconnectionAttempts: 5,
query: {}, // Explicitly set empty query to prevent token leaking
});
// Connection events // Connection events
socket.value.on('connect', () => { socket.value.on('connect', () => {
@@ -279,6 +302,10 @@ export function useSoftphone() {
socket.value.on('ai:action', handleAiAction); socket.value.on('ai:action', handleAiAction);
isInitialized.value = true; isInitialized.value = true;
} catch (error: any) {
console.error('Softphone: Failed to connect:', error);
toast.error('Failed to initialize voice service');
}
}; };
/** /**
@@ -569,14 +596,25 @@ export function useSoftphone() {
} }
}; };
// Auto-connect on mount if token is available // Only set up auto-connect and watchers once (not for every component that uses this composable)
onMounted(() => { // Use a module-level flag to track if watchers are already set up
if (getToken() && !isInitialized.value) { if (process.client && !isInitialized.value && !socket.value) {
// Auto-connect if authenticated
if (auth.isAuthenticated.value) {
connect(); connect();
} }
});
// Cleanup on unmount // Watch for authentication changes to connect/disconnect
watch(() => auth.isAuthenticated.value, async (isAuth) => {
if (isAuth && !isInitialized.value && !socket.value) {
await connect();
} else if (!isAuth && isInitialized.value) {
disconnect();
}
});
}
// Cleanup on unmount - only stop ringtone, don't disconnect shared socket
onUnmounted(() => { onUnmounted(() => {
stopRingtone(); stopRingtone();
}); });

41
frontend/middleware/auth.global.ts
View File

@@ -1,4 +1,4 @@
export default defineNuxtRouteMiddleware((to, from) => { export default defineNuxtRouteMiddleware(async (to, from) => {
// Allow pages to opt-out of auth with definePageMeta({ auth: false }) // Allow pages to opt-out of auth with definePageMeta({ auth: false })
if (to.meta.auth === false) { if (to.meta.auth === false) {
return return
@@ -11,28 +11,45 @@ export default defineNuxtRouteMiddleware((to, from) => {
return return
} }
const token = useCookie('token')
const authMessage = useCookie('authMessage') const authMessage = useCookie('authMessage')
// Check for tenant cookie (set alongside session cookie on login)
const tenantCookie = useCookie('routebox_tenant')
// Also check for session cookie (HTTP-only, but readable in SSR context)
const sessionCookie = useCookie('routebox_session')
// Routes that don't need a toast message (user knows they need to login) // Routes that don't need a toast message (user knows they need to login)
const silentRoutes = ['/'] const silentRoutes = ['/']
// Check token cookie (works on both server and client) // On client side, check the reactive auth state
if (!token.value) { if (import.meta.client) {
const { isAuthenticated, checkAuth } = useAuth()
// If we already know we're authenticated, allow
if (isAuthenticated.value) {
return
}
// If we have a tenant cookie, try to validate the session
if (tenantCookie.value) {
const isValid = await checkAuth()
if (isValid) {
return
}
}
// Not authenticated
if (!silentRoutes.includes(to.path)) { if (!silentRoutes.includes(to.path)) {
authMessage.value = 'Please login to access this page' authMessage.value = 'Please login to access this page'
} }
return navigateTo('/login') return navigateTo('/login')
} }
// On client side, also verify localStorage is in sync // Server-side: check for both session and tenant cookies
if (import.meta.client) { // The session cookie is HTTP-only but can be read in SSR context
const { isLoggedIn } = useAuth() if (!sessionCookie.value || !tenantCookie.value) {
if (!isLoggedIn()) { if (!silentRoutes.includes(to.path)) {
if (!silentRoutes.includes(to.path)) { authMessage.value = 'Please login to access this page'
authMessage.value = 'Please login to access this page'
}
return navigateTo('/login')
} }
return navigateTo('/login')
} }
}) })

6
frontend/nuxt.config.ts
View File

@@ -24,9 +24,9 @@ export default defineNuxtConfig({
}, },
runtimeConfig: { runtimeConfig: {
public: { // Server-only config (not exposed to client)
apiBaseUrl: process.env.NUXT_PUBLIC_API_BASE_URL || 'http://localhost:3000', // Used by Nitro BFF to proxy requests to the NestJS backend
}, backendUrl: process.env.BACKEND_URL || 'http://localhost:3000',
}, },
app: { app: {

40
frontend/pages/register.vue
View File

@@ -74,24 +74,8 @@ definePageMeta({
auth: false auth: false
}) })
const config = useRuntimeConfig()
const router = useRouter() const router = useRouter()
// Extract subdomain from hostname
const getSubdomain = () => {
if (!import.meta.client) return null
const hostname = window.location.hostname
const parts = hostname.split('.')
if (hostname === 'localhost' || hostname === '127.0.0.1') {
return null
}
if (parts.length > 1 && parts[0] !== 'www') {
return parts[0]
}
return null
}
const subdomain = ref(getSubdomain())
const email = ref('') const email = ref('')
const password = ref('') const password = ref('')
const firstName = ref('') const firstName = ref('')
@@ -106,30 +90,17 @@ const handleRegister = async () => {
error.value = '' error.value = ''
success.value = false success.value = false
const headers: Record<string, string> = { // Use BFF proxy - subdomain/tenant is handled automatically by Nitro
'Content-Type': 'application/json', await $fetch('/api/auth/register', {
}
if (subdomain.value) {
headers['x-tenant-id'] = subdomain.value
}
const response = await fetch(`${config.public.apiBaseUrl}/api/auth/register`, {
method: 'POST', method: 'POST',
headers, body: {
body: JSON.stringify({
email: email.value, email: email.value,
password: password.value, password: password.value,
firstName: firstName.value || undefined, firstName: firstName.value || undefined,
lastName: lastName.value || undefined, lastName: lastName.value || undefined,
}), },
}) })
if (!response.ok) {
const data = await response.json()
throw new Error(data.message || 'Registration failed')
}
success.value = true success.value = true
// Redirect to login after 2 seconds // Redirect to login after 2 seconds
@@ -137,9 +108,10 @@ const handleRegister = async () => {
router.push('/login') router.push('/login')
}, 2000) }, 2000)
} catch (e: any) { } catch (e: any) {
error.value = e.message || 'Registration failed' error.value = e.data?.message || e.message || 'Registration failed'
} finally { } finally {
loading.value = false loading.value = false
} }
} }
</script> </script>

119
frontend/server/api/[...path].ts Normal file
View File

@@ -0,0 +1,119 @@
import { defineEventHandler, getMethod, readBody, getQuery, createError, getHeader } from 'h3'
import { getSubdomainFromRequest } from '~/server/utils/tenant'
import { getSessionToken } from '~/server/utils/session'
/**
* Catch-all API proxy that forwards requests to the NestJS backend
* Injects x-tenant-subdomain header and Authorization from HTTP-only cookie
*/
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig()
const method = getMethod(event)
const path = event.context.params?.path || ''
// Get subdomain and session token
const subdomain = getSubdomainFromRequest(event)
const token = getSessionToken(event)
const backendUrl = config.backendUrl || 'http://localhost:3000'
// Build the full URL with query parameters
const query = getQuery(event)
const queryString = new URLSearchParams(query as Record<string, string>).toString()
const fullUrl = `${backendUrl}/api/${path}${queryString ? `?${queryString}` : ''}`
console.log(`[BFF Proxy] ${method} ${fullUrl} (subdomain: ${subdomain}, hasToken: ${!!token})`)
// Build headers to forward
const headers: Record<string, string> = {
'Content-Type': getHeader(event, 'content-type') || 'application/json',
}
// Add subdomain header for backend tenant resolution
if (subdomain) {
headers['x-tenant-subdomain'] = subdomain
}
// Add auth token from HTTP-only cookie
if (token) {
headers['Authorization'] = `Bearer ${token}`
}
// Forward additional headers that might be needed
const acceptHeader = getHeader(event, 'accept')
if (acceptHeader) {
headers['Accept'] = acceptHeader
}
try {
// Prepare fetch options
const fetchOptions: RequestInit = {
method,
headers,
}
// Add body for methods that support it
if (['POST', 'PUT', 'PATCH'].includes(method)) {
const body = await readBody(event)
if (body) {
fetchOptions.body = JSON.stringify(body)
}
}
// Make request to backend
const response = await fetch(fullUrl, fetchOptions)
// Handle non-JSON responses (like file downloads)
const contentType = response.headers.get('content-type')
if (!response.ok) {
// Try to get error details
let errorMessage = `Backend error: ${response.status}`
let errorData = null
try {
errorData = await response.json()
errorMessage = errorData.message || errorMessage
} catch {
// Response wasn't JSON
try {
const text = await response.text()
console.error(`[BFF Proxy] Backend error (non-JSON): ${text}`)
} catch {}
}
console.error(`[BFF Proxy] Backend returned ${response.status}: ${errorMessage}`, errorData)
throw createError({
statusCode: response.status,
statusMessage: errorMessage,
data: errorData,
})
}
// Return empty response for 204 No Content
if (response.status === 204) {
return null
}
// Handle JSON responses
if (contentType?.includes('application/json')) {
return await response.json()
}
// Handle other content types (text, etc.)
return await response.text()
} catch (error: any) {
// Re-throw H3 errors
if (error.statusCode) {
throw error
}
console.error(`Proxy error for ${method} /api/${path}:`, error)
throw createError({
statusCode: 502,
statusMessage: 'Failed to connect to backend service',
})
}
})

81
frontend/server/api/auth/login.post.ts Normal file
View File

@@ -0,0 +1,81 @@
import { defineEventHandler, readBody, createError } from 'h3'
import { getSubdomainFromRequest, isCentralSubdomain } from '~/server/utils/tenant'
import { setSessionCookie, setTenantIdCookie } from '~/server/utils/session'
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig()
const body = await readBody(event)
// Extract subdomain from the request
const subdomain = getSubdomainFromRequest(event)
if (!subdomain) {
throw createError({
statusCode: 400,
statusMessage: 'Unable to determine tenant from subdomain',
})
}
// Determine the backend URL based on whether this is central admin or tenant
const isCentral = isCentralSubdomain(subdomain)
const backendUrl = config.backendUrl || 'http://localhost:3000'
const loginEndpoint = isCentral ? '/api/auth/central/login' : '/api/auth/login'
try {
// Forward login request to NestJS backend with subdomain header
const response = await fetch(`${backendUrl}${loginEndpoint}`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-tenant-subdomain': subdomain,
},
body: JSON.stringify(body),
})
const data = await response.json()
if (!response.ok) {
throw createError({
statusCode: response.status,
statusMessage: data.message || 'Login failed',
data: data,
})
}
// Extract token and tenant info from response
const { access_token, user, tenantId } = data
if (!access_token) {
throw createError({
statusCode: 500,
statusMessage: 'No access token received from backend',
})
}
// Set HTTP-only cookie with the JWT token
setSessionCookie(event, access_token)
// Set tenant ID cookie (readable by client for context)
// Use tenantId from response, or fall back to subdomain
const tenantToStore = tenantId || subdomain
setTenantIdCookie(event, tenantToStore)
// Return user info (but NOT the token - it's in HTTP-only cookie)
return {
success: true,
user,
tenantId: tenantToStore,
}
} catch (error: any) {
// Re-throw H3 errors
if (error.statusCode) {
throw error
}
console.error('Login proxy error:', error)
throw createError({
statusCode: 500,
statusMessage: 'Failed to connect to authentication service',
})
}
})

37
frontend/server/api/auth/logout.post.ts Normal file
View File

@@ -0,0 +1,37 @@
import { defineEventHandler, createError } from 'h3'
import { getSubdomainFromRequest } from '~/server/utils/tenant'
import { getSessionToken, clearSessionCookie, clearTenantIdCookie } from '~/server/utils/session'
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig()
const subdomain = getSubdomainFromRequest(event)
const token = getSessionToken(event)
const backendUrl = config.backendUrl || 'http://localhost:3000'
try {
// Call backend logout endpoint if we have a token
if (token) {
await fetch(`${backendUrl}/api/auth/logout`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${token}`,
...(subdomain && { 'x-tenant-subdomain': subdomain }),
},
})
}
} catch (error) {
// Log but don't fail - we still want to clear cookies
console.error('Backend logout error:', error)
}
// Always clear cookies regardless of backend response
clearSessionCookie(event)
clearTenantIdCookie(event)
return {
success: true,
message: 'Logged out successfully',
}
})

60
frontend/server/api/auth/me.get.ts Normal file
View File

@@ -0,0 +1,60 @@
import { defineEventHandler, createError } from 'h3'
import { getSubdomainFromRequest } from '~/server/utils/tenant'
import { getSessionToken } from '~/server/utils/session'
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig()
const subdomain = getSubdomainFromRequest(event)
const token = getSessionToken(event)
if (!token) {
throw createError({
statusCode: 401,
statusMessage: 'Not authenticated',
})
}
const backendUrl = config.backendUrl || 'http://localhost:3000'
try {
// Fetch current user from backend
const response = await fetch(`${backendUrl}/api/auth/me`, {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${token}`,
...(subdomain && { 'x-tenant-subdomain': subdomain }),
},
})
if (!response.ok) {
if (response.status === 401) {
throw createError({
statusCode: 401,
statusMessage: 'Session expired',
})
}
throw createError({
statusCode: response.status,
statusMessage: 'Failed to fetch user',
})
}
const user = await response.json()
return {
authenticated: true,
user,
}
} catch (error: any) {
if (error.statusCode) {
throw error
}
console.error('Auth check error:', error)
throw createError({
statusCode: 500,
statusMessage: 'Failed to verify authentication',
})
}
})

26
frontend/server/api/auth/ws-token.get.ts Normal file
View File

@@ -0,0 +1,26 @@
import { defineEventHandler, createError } from 'h3'
import { getSubdomainFromRequest } from '~/server/utils/tenant'
import { getSessionToken } from '~/server/utils/session'
/**
* Get a short-lived token for WebSocket authentication
* This is needed because socket.io cannot use HTTP-only cookies directly
*/
export default defineEventHandler(async (event) => {
const subdomain = getSubdomainFromRequest(event)
const token = getSessionToken(event)
if (!token) {
throw createError({
statusCode: 401,
statusMessage: 'Not authenticated',
})
}
// Return the token for WebSocket use
// The token is already validated by being in the HTTP-only cookie
return {
token,
subdomain,
}
})

94
frontend/server/utils/session.ts Normal file
View File

@@ -0,0 +1,94 @@
import type { H3Event } from 'h3'
import { getCookie, setCookie, deleteCookie, getHeader } from 'h3'
const SESSION_COOKIE_NAME = 'routebox_session'
const SESSION_MAX_AGE = 60 * 60 * 24 * 7 // 7 days
export interface SessionData {
token: string
tenantId: string
userId: string
email: string
}
/**
* Determine if the request is over a secure connection
* Checks both direct HTTPS and proxy headers
*/
function isSecureRequest(event: H3Event): boolean {
// Check x-forwarded-proto header (set by reverse proxies)
const forwardedProto = getHeader(event, 'x-forwarded-proto')
if (forwardedProto === 'https') {
return true
}
// Check if NODE_ENV is production (assume HTTPS in production)
if (process.env.NODE_ENV === 'production') {
return true
}
return false
}
/**
* Get the session token from HTTP-only cookie
*/
export function getSessionToken(event: H3Event): string | null {
return getCookie(event, SESSION_COOKIE_NAME) || null
}
/**
* Set the session token in an HTTP-only cookie
*/
export function setSessionCookie(event: H3Event, token: string): void {
const secure = isSecureRequest(event)
setCookie(event, SESSION_COOKIE_NAME, token, {
httpOnly: true,
secure,
sameSite: 'lax',
maxAge: SESSION_MAX_AGE,
path: '/',
})
}
/**
* Clear the session cookie
*/
export function clearSessionCookie(event: H3Event): void {
deleteCookie(event, SESSION_COOKIE_NAME, {
path: '/',
})
}
/**
* Get tenant ID from a separate cookie (for SSR access)
* This is NOT the auth token - just tenant context
*/
export function getTenantIdFromCookie(event: H3Event): string | null {
return getCookie(event, 'routebox_tenant') || null
}
/**
* Set tenant ID cookie (readable by client for context)
*/
export function setTenantIdCookie(event: H3Event, tenantId: string): void {
const secure = isSecureRequest(event)
setCookie(event, 'routebox_tenant', tenantId, {
httpOnly: false, // Allow client to read tenant context
secure,
sameSite: 'lax',
maxAge: SESSION_MAX_AGE,
path: '/',
})
}
/**
* Clear tenant ID cookie
*/
export function clearTenantIdCookie(event: H3Event): void {
deleteCookie(event, 'routebox_tenant', {
path: '/',
})
}

39
frontend/server/utils/tenant.ts Normal file
View File

@@ -0,0 +1,39 @@
import type { H3Event } from 'h3'
import { getHeader } from 'h3'
/**
* Extract subdomain from the request Host header
* Handles production domains (tenant1.routebox.co) and development (tenant1.localhost)
*/
export function getSubdomainFromRequest(event: H3Event): string | null {
const host = getHeader(event, 'host') || ''
const hostname = host.split(':')[0] // Remove port if present
const parts = hostname.split('.')
// For production domains with 3+ parts (e.g., tenant1.routebox.co)
if (parts.length >= 3) {
const subdomain = parts[0]
// Ignore www subdomain
if (subdomain === 'www') {
return null
}
return subdomain
}
// For development (e.g., tenant1.localhost)
if (parts.length === 2 && parts[1] === 'localhost') {
return parts[0]
}
return null
}
/**
* Check if the subdomain is a central/admin subdomain
*/
export function isCentralSubdomain(subdomain: string | null): boolean {
if (!subdomain) return false
const centralSubdomains = (process.env.CENTRAL_SUBDOMAINS || 'central,admin').split(',')
return centralSubdomains.includes(subdomain)
}