ecrs-auth-core 1.0.114 → 1.0.116
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -4,6 +4,7 @@ declare const JwtCustomerStrategy_base: new (...args: any[]) => Strategy;
|
|
|
4
4
|
export declare class JwtCustomerStrategy extends JwtCustomerStrategy_base {
|
|
5
5
|
private readonly authCustomerService;
|
|
6
6
|
constructor(authCustomerService: AuthCustomerService);
|
|
7
|
+
private extractSubdomain;
|
|
7
8
|
validate(req: any, payload: any): Promise<{
|
|
8
9
|
id: number;
|
|
9
10
|
email: string;
|
|
@@ -24,12 +24,27 @@ let JwtCustomerStrategy = class JwtCustomerStrategy extends (0, passport_1.Passp
|
|
|
24
24
|
});
|
|
25
25
|
this.authCustomerService = authCustomerService;
|
|
26
26
|
}
|
|
27
|
+
extractSubdomain(url) {
|
|
28
|
+
if (!url)
|
|
29
|
+
return null;
|
|
30
|
+
try {
|
|
31
|
+
const hostname = new URL(url).hostname; // e.g. "acme.ecrs.com" or "wht.localhost"
|
|
32
|
+
const parts = hostname.split(".");
|
|
33
|
+
if (parts.length > 2)
|
|
34
|
+
return parts[0];
|
|
35
|
+
if (parts.length === 2 && parts[1] === "localhost")
|
|
36
|
+
return parts[0];
|
|
37
|
+
return null;
|
|
38
|
+
}
|
|
39
|
+
catch {
|
|
40
|
+
return null;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
27
43
|
async validate(req, payload) {
|
|
28
44
|
// 1. Subdomain check against tbl_super_customer_ets_setup_details
|
|
29
|
-
const
|
|
30
|
-
const
|
|
31
|
-
|
|
32
|
-
console.log(`🔍 Validating JWT for subdomain: ${subdomain ?? "N/A"}`);
|
|
45
|
+
const origin = req.headers['origin'] || req.headers['referer'] || '';
|
|
46
|
+
const subdomain = this.extractSubdomain(origin);
|
|
47
|
+
console.log(`🔍 Validating JWT for subdomain: ${subdomain ?? "N/A"} (origin: ${origin || "N/A"})`);
|
|
33
48
|
if (subdomain) {
|
|
34
49
|
const customerId = await this.authCustomerService.getCustomerIdBySubdomain(subdomain);
|
|
35
50
|
if (!customerId) {
|