Improve teh securty of teh DB
This commit is contained in:
Urtzi Alfaro
@@ -45,12 +45,28 @@ export const SSEProvider: React.FC<SSEProviderProps> = ({ children }) => {
|
||||
const currentTenant = useCurrentTenant();
|
||||
|
||||
const connect = () => {
|
||||
if (!isAuthenticated || !token || eventSourceRef.current) return;
|
||||
// Check if we're in demo mode
|
||||
const isDemoMode = localStorage.getItem('demo_mode') === 'true';
|
||||
const demoSessionId = localStorage.getItem('demo_session_id');
|
||||
|
||||
// Skip SSE connection for demo/development mode when no backend is available
|
||||
if (token === 'mock-jwt-token') {
|
||||
console.log('SSE connection skipped for demo mode');
|
||||
return;
|
||||
// For demo mode, we need demo_session_id and tenant
|
||||
// For regular mode, we need token and authentication
|
||||
if (isDemoMode) {
|
||||
if (!demoSessionId || !currentTenant?.id || eventSourceRef.current) {
|
||||
console.log('Demo mode: Missing demo session ID or tenant ID for SSE connection');
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
if (!isAuthenticated || !token || eventSourceRef.current) {
|
||||
console.log('Regular mode: Not authenticated or missing token for SSE connection');
|
||||
return;
|
||||
}
|
||||
|
||||
// Skip SSE connection for mock tokens in development mode
|
||||
if (token === 'mock-jwt-token') {
|
||||
console.log('SSE connection skipped for mock token');
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (!currentTenant?.id) {
|
||||
@@ -59,13 +75,21 @@ export const SSEProvider: React.FC<SSEProviderProps> = ({ children }) => {
|
||||
}
|
||||
|
||||
try {
|
||||
// Connect to gateway SSE endpoint with token and tenant_id
|
||||
// Connect to gateway SSE endpoint with token/demo_session_id and tenant_id
|
||||
// Use same protocol and host as the current page to avoid CORS and mixed content issues
|
||||
const protocol = window.location.protocol;
|
||||
const host = window.location.host;
|
||||
const sseUrl = `${protocol}//${host}/api/events?token=${encodeURIComponent(token)}&tenant_id=${currentTenant.id}`;
|
||||
|
||||
console.log('Connecting to SSE endpoint:', sseUrl);
|
||||
let sseUrl: string;
|
||||
if (isDemoMode && demoSessionId) {
|
||||
// For demo mode, use demo_session_id instead of token
|
||||
sseUrl = `${protocol}//${host}/api/events?demo_session_id=${encodeURIComponent(demoSessionId)}&tenant_id=${currentTenant.id}`;
|
||||
console.log('Connecting to SSE endpoint (demo mode):', sseUrl);
|
||||
} else {
|
||||
// For regular mode, use JWT token
|
||||
sseUrl = `${protocol}//${host}/api/events?token=${encodeURIComponent(token!)}&tenant_id=${currentTenant.id}`;
|
||||
console.log('Connecting to SSE endpoint (regular mode):', sseUrl);
|
||||
}
|
||||
|
||||
const eventSource = new EventSource(sseUrl, {
|
||||
withCredentials: true,
|
||||
@@ -358,7 +382,16 @@ export const SSEProvider: React.FC<SSEProviderProps> = ({ children }) => {
|
||||
|
||||
// Connect when authenticated, disconnect when not or when tenant changes
|
||||
useEffect(() => {
|
||||
if (isAuthenticated && token && currentTenant) {
|
||||
const isDemoMode = localStorage.getItem('demo_mode') === 'true';
|
||||
const demoSessionId = localStorage.getItem('demo_session_id');
|
||||
|
||||
// For demo mode: connect if we have demo_session_id and tenant
|
||||
// For regular mode: connect if authenticated with token and tenant
|
||||
const shouldConnect = isDemoMode
|
||||
? (demoSessionId && currentTenant)
|
||||
: (isAuthenticated && token && currentTenant);
|
||||
|
||||
if (shouldConnect) {
|
||||
connect();
|
||||
} else {
|
||||
disconnect();
|
||||
|
||||
Reference in New Issue
Block a user