feat: enable tenant check on AMT operations

open-amt-cloud-toolkit · Sep 21, 2023 · 49101a7 · 49101a7
1 parent 984e1af
commit 49101a7
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/src/middleware/cira.ts b/src/middleware/cira.ts
@@ -17,9 +17,13 @@ const ciraMiddleware = async (req: Request, res: Response, next): Promise<void>
   const device = devices[guid]
 
   if ((device as any)?.ciraSocket.readyState === 'open') {
-    // const cred = await req.mpsService.secrets.getAMTCredentials(guid);
-    // req.amtStack = req.amtFactory.getAmtStack(guid, amtPort, cred[0], cred[1], 0)
-    // (req as any).httpHandler = new HttpHandler(cred[0], cred[1])
+    // if a tenantId is provided, ensure the request is for the same tenant/device
+    if (req.tenantId != null) {
+      if (req.tenantId !== device.tenantId) {
+        res.status(401).json(ErrorResponse(401, 'Unauthorized')).end()
+        return
+      }
+    }
 
     const ciraHandler = new CIRAHandler(device.httpHandler, device.username, device.password, device.limiter)
     req.deviceAction = new DeviceAction(ciraHandler, device.ciraSocket)

diff --git a/src/utils/constants.ts b/src/utils/constants.ts
@@ -17,7 +17,7 @@ export const UUIDRegex = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA
 export const HTTPErrorTable = {
   200: 'httpErrorTableOK',
   400: 'Incorrect URI or Bad Request',
-  401: 'Authentication Error',
+  401: 'Unauthorized',
   404: {
     alarm: 'Alarm instance not found',
     device: 'Device not found/connected. Please connect again using CIRA.',