feat: enable tenant check on AMT operations

open-amt-cloud-toolkit · Sep 21, 2023 · 907b29b · 907b29b
1 parent 984e1af
commit 907b29b
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/src/middleware/cira.ts b/src/middleware/cira.ts
@@ -17,9 +17,13 @@ const ciraMiddleware = async (req: Request, res: Response, next): Promise<void>
   const device = devices[guid]
 
   if ((device as any)?.ciraSocket.readyState === 'open') {
-    // const cred = await req.mpsService.secrets.getAMTCredentials(guid);
-    // req.amtStack = req.amtFactory.getAmtStack(guid, amtPort, cred[0], cred[1], 0)
-    // (req as any).httpHandler = new HttpHandler(cred[0], cred[1])
+    // if a tenantId is provided, ensure the request is for the same tenant/device
+    if (req.tenantId != null) {
+      if (req.tenantId !== device.tenantId) {
+        res.status(401).json(ErrorResponse(401, 'Unauthorized')).end()
+        return
+      }
+    }
 
     const ciraHandler = new CIRAHandler(device.httpHandler, device.username, device.password, device.limiter)
     req.deviceAction = new DeviceAction(ciraHandler, device.ciraSocket)