bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(diagnostics): BUG-3 - add authentication check to /diagnostics/config endpoint

Browse Source
This commit is contained in:
saravanakumardb1 2026-03-02 23:45:36 -08:00
parent 4cb8b499af
commit 4ffb28d8d2
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
services/platform-service/src/modules/diagnostics/routes.ts
View File

@ -17,11 +17,11 @@
* @module diagnostics
*/
import type { FastifyInstance } from 'fastify';
import type { FastifyInstance, FastifyRequest } from 'fastify';
import { generateId, buildPk } from './types.js';
import { getRequestProductId } from '../../lib/request-context.js';
import { requireRole } from '../../lib/auth.js';
import { BadRequestError, NotFoundError } from '../../lib/errors.js';
import { BadRequestError, NotFoundError, UnauthorizedError } from '../../lib/errors.js';
import * as repo from './repository.js';
import {
CreateDebugSessionSchema,
@ -46,15 +46,19 @@ import {
type QueryLogsInput,
} from './types.js';
// TODO-1: Event bus integration - need to emit events for session lifecycle
// Import event bus once available: import { emitEvent } from '../../lib/event-bus.js';
import { bus } from '../../lib/event-bus.js';
import { generateSasUrl } from '../../lib/blob.js';
import * as auditRepo from '../audit/repository.js';
import type { AuditDoc } from '../audit/types.js';
// TODO-1: Event bus integration - emit events for session lifecycle
// Import event bus: import { bus } from '../../lib/event-bus.js';
// Re-export shared helpers from types
export { generateId, buildPk } from './types.js';
// ─── Helpers ───────────────────────────────────────────────────────────────
// TODO-2: PII Redaction - need to implement PII scanning for log messages
// This should be shared with telemetry module
function redactPii(message: string): { redacted: string; patterns: string[] } {
@ -62,6 +66,16 @@ function redactPii(message: string): { redacted: string; patterns: string[] } {
return { redacted: message, patterns: [] };
}
/**
* Require at least authentication (JWT present).
* Used for client endpoints that need to identify the caller but don't require admin.
*/
function requireAuth(req: FastifyRequest): void {
if (!req.jwtPayload?.sub) {
throw new UnauthorizedError('Authentication required');
}
}
// ─── Routes ─────────────────────────────────────────────────────────────────
export async function diagnosticsRoutes(app: FastifyInstance) {
@ -231,6 +245,8 @@ export async function diagnosticsRoutes(app: FastifyInstance) {
// Client polling endpoint (any authenticated user)
app.get('/diagnostics/config', async (req, reply) => {
// BUG-3 FIX: Add authentication check
requireAuth(req);
const productId = getRequestProductId(req);
const userId = req.jwtPayload?.sub;
const deviceId = req.headers['x-device-id'] as string | undefined;