From 4ffb28d8d2c722d149e2ab8623034779007e6f48 Mon Sep 17 00:00:00 2001 From: saravanakumardb1 Date: Mon, 2 Mar 2026 23:45:36 -0800 Subject: [PATCH] fix(diagnostics): BUG-3 - add authentication check to /diagnostics/config endpoint --- .../src/modules/diagnostics/routes.ts | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/services/platform-service/src/modules/diagnostics/routes.ts b/services/platform-service/src/modules/diagnostics/routes.ts index 65ac7f93..16196e4c 100644 --- a/services/platform-service/src/modules/diagnostics/routes.ts +++ b/services/platform-service/src/modules/diagnostics/routes.ts @@ -17,11 +17,11 @@ * @module diagnostics */ -import type { FastifyInstance } from 'fastify'; +import type { FastifyInstance, FastifyRequest } from 'fastify'; import { generateId, buildPk } from './types.js'; import { getRequestProductId } from '../../lib/request-context.js'; import { requireRole } from '../../lib/auth.js'; -import { BadRequestError, NotFoundError } from '../../lib/errors.js'; +import { BadRequestError, NotFoundError, UnauthorizedError } from '../../lib/errors.js'; import * as repo from './repository.js'; import { CreateDebugSessionSchema, @@ -46,15 +46,19 @@ import { type QueryLogsInput, } from './types.js'; -// TODO-1: Event bus integration - need to emit events for session lifecycle -// Import event bus once available: import { emitEvent } from '../../lib/event-bus.js'; +import { bus } from '../../lib/event-bus.js'; +import { generateSasUrl } from '../../lib/blob.js'; +import * as auditRepo from '../audit/repository.js'; +import type { AuditDoc } from '../audit/types.js'; + +// TODO-1: Event bus integration - emit events for session lifecycle +// Import event bus: import { bus } from '../../lib/event-bus.js'; // Re-export shared helpers from types export { generateId, buildPk } from './types.js'; // ─── Helpers ─────────────────────────────────────────────────────────────── - // TODO-2: PII Redaction - need to implement PII scanning for log messages // This should be shared with telemetry module function redactPii(message: string): { redacted: string; patterns: string[] } { @@ -62,6 +66,16 @@ function redactPii(message: string): { redacted: string; patterns: string[] } { return { redacted: message, patterns: [] }; } +/** + * Require at least authentication (JWT present). + * Used for client endpoints that need to identify the caller but don't require admin. + */ +function requireAuth(req: FastifyRequest): void { + if (!req.jwtPayload?.sub) { + throw new UnauthorizedError('Authentication required'); + } +} + // ─── Routes ───────────────────────────────────────────────────────────────── export async function diagnosticsRoutes(app: FastifyInstance) { @@ -231,6 +245,8 @@ export async function diagnosticsRoutes(app: FastifyInstance) { // Client polling endpoint (any authenticated user) app.get('/diagnostics/config', async (req, reply) => { + // BUG-3 FIX: Add authentication check + requireAuth(req); const productId = getRequestProductId(req); const userId = req.jwtPayload?.sub; const deviceId = req.headers['x-device-id'] as string | undefined;