838d25394b
This commit fixes a critical security issue where multiple concurrent demo
sessions would see each other's data due to sharing the same demo user IDs.
## The Problem:
When two enterprise demo sessions run simultaneously:
- Session A: user_id=Director, tenants=[parent_A, child_A1, child_A2]
- Session B: user_id=Director, tenants=[parent_B, child_B1, child_B2]
The endpoint /api/v1/tenants/user/{user_id}/tenants was querying by user_id
only, so Session A would see BOTH its own tenants AND Session B's tenants!
## The Solution:
Added demo_session_id filtering to get_user_tenants endpoint:
- For demo sessions, use get_virtual_tenants_for_session(demo_session_id)
- This filters tenants by the demo_session_id field (set during cloning)
- Each session now sees ONLY its own virtual tenants
## Implementation:
services/tenant/app/api/tenants.py (lines 180-194):
- Check if user is_demo
- Extract demo_session_id from current_user context (set by gateway)
- Call get_virtual_tenants_for_session() instead of get_user_tenants()
- This method filters by: demo_session_id + is_active + account_type
## Database Schema:
The tenants table has a demo_session_id column (indexed) that links
each virtual tenant to its specific demo session. This is set during
tenant cloning in internal_demo.py.
## Impact:
✅ Complete isolation between concurrent demo sessions
✅ Users only see their own session's data
✅ No performance impact (demo_session_id is indexed)
✅ Backward compatible (non-demo users unchanged)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
🍞 BakeWise - Multi-Service Architecture
Welcome to BakeWise, an advanced AI-powered platform for bakery management and optimization. This project implements a microservices architecture with multiple interconnected services to provide comprehensive bakery management solutions.
🚀 Quick Start
Prerequisites
- Docker Desktop with Kubernetes enabled
- Docker Compose
- Node.js (for frontend development)
Running the Application
-
Clone the repository:
git clone <repository-url> cd bakery-ia -
Set up environment variables:
cp .env.example .env # Edit .env with your specific configuration -
Run with Docker Compose:
docker-compose up --build -
Or run with Kubernetes (Docker Desktop):
# Enable Kubernetes in Docker Desktop # Run the setup script ./scripts/setup-kubernetes-dev.sh
🏗️ Architecture Overview
The project follows a microservices architecture with the following main components:
- Frontend: React-based dashboard for user interaction
- Gateway: API gateway handling authentication and routing
- Services: Multiple microservices handling different business domains
- Infrastructure: Redis, RabbitMQ, PostgreSQL databases
🐳 Kubernetes Infrastructure
🛠️ Services
The project includes multiple services:
- Auth Service: Authentication and authorization
- Tenant Service: Multi-tenancy management
- Sales Service: Sales processing
- External Service: Integration with external systems
- Training Service: AI model training
- Forecasting Service: Demand forecasting
- Notification Service: Notifications and alerts
- Inventory Service: Inventory management
- Recipes Service: Recipe management
- Suppliers Service: Supplier management
- POS Service: Point of sale
- Orders Service: Order management
- Production Service: Production planning
- Alert Processor: Background alert processing
📊 Monitoring
The system includes comprehensive monitoring with:
- Prometheus for metrics collection
- Grafana for visualization
- ELK stack for logging (planned)
🚀 Production Deployment
For production deployment on clouding.io with Kubernetes:
- Set up your clouding.io Kubernetes cluster
- Update image references to your container registry
- Configure production-specific values
- Deploy using the production kustomization:
kubectl apply -k infrastructure/kubernetes/environments/production/
🤝 Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
📄 License
This project is licensed under the MIT License.