vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

fix: Resolve 500/404 cascade — JWT tenant context, wipe routes, changelog stub
All checks were successful
Test Asgard Runner / test (push) Successful in 3s
Details

Browse Source 
Root cause: super_admin JWT returned early with no license_id, causing
@CurrentTenant() to pass undefined to every tenant-scoped service query.

- jwt.strategy: Move license lookup before super_admin early return so
  admins who own licenses get their license_id in the JWT payload
- CurrentTenant decorator: Throw 401 with clear message when license_id
  is undefined instead of letting undefined cascade into TypeORM queries
- Wipe store: Fix 6 wrong routes (/profiles → /wipes/profiles, etc.)
  and remove redundant manual license_id guards
- Changelog module: Add stub controller/service returning empty array
  to eliminate 404 on /api/changelog
- ChangelogView: Handle both array and {entries} response shapes
- AGENTS.md: Streamlined 3-tier roster (Opus/Sonnet/Haiku)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
2026-02-15 22:11:41 -05:00
parent 05315cc88a
commit 3cb714a792
9 changed files with 139 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend-nest/src/modules/auth/jwt.strategy.ts
View File

@@ -52,16 +52,6 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
last_login_at: new Date(),
});
// If super admin, return basic payload
if (user.is_super_admin) {
return {
sub: user.id,
email: user.email,
username: user.username,
is_super_admin: true,
};
}
// Find user's license - either as owner or team member
let license: License | null = null;
let role: Role | null = null;
@@ -76,8 +66,8 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
role = await this.roleRepository.findOne({
where: { role_name: 'Owner', is_system_default: true },
});
} else {
// Check if user is a team member
} else if (!user.is_super_admin) {
// Check if user is a team member (skip for super admins without a license)
const teamMember = await this.teamMemberRepository.findOne({
where: { user_id: user.id },
relations: ['license', 'role'],
@@ -93,7 +83,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
sub: user.id,
email: user.email,
username: user.username,
is_super_admin: false,
is_super_admin: user.is_super_admin,
license_id: license?.id,
permissions: role?.permissions || {},
};