bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(diagnostics): BUG-3 - add authentication check to /diagnostics/config endpoint

Browse Source
This commit is contained in:
saravanakumardb1 2026-03-02 23:45:36 -08:00
parent 4cb8b499af
commit 4ffb28d8d2
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
services/platform-service/src/modules/diagnostics/routes.ts
View File

@ -17,11 +17,11 @@
* @module diagnostics * @module diagnostics
*/ */
import type { FastifyInstance } from 'fastify'; import type { FastifyInstance, FastifyRequest } from 'fastify';
import { generateId, buildPk } from './types.js'; import { generateId, buildPk } from './types.js';
import { getRequestProductId } from '../../lib/request-context.js'; import { getRequestProductId } from '../../lib/request-context.js';
import { requireRole } from '../../lib/auth.js'; import { requireRole } from '../../lib/auth.js';
import { BadRequestError, NotFoundError } from '../../lib/errors.js'; import { BadRequestError, NotFoundError, UnauthorizedError } from '../../lib/errors.js';
import * as repo from './repository.js'; import * as repo from './repository.js';
import { import {
CreateDebugSessionSchema, CreateDebugSessionSchema,
@ -46,15 +46,19 @@ import {
type QueryLogsInput, type QueryLogsInput,
} from './types.js'; } from './types.js';
// TODO-1: Event bus integration - need to emit events for session lifecycle import { bus } from '../../lib/event-bus.js';
// Import event bus once available: import { emitEvent } from '../../lib/event-bus.js'; import { generateSasUrl } from '../../lib/blob.js';
import * as auditRepo from '../audit/repository.js';
import type { AuditDoc } from '../audit/types.js';
// TODO-1: Event bus integration - emit events for session lifecycle
// Import event bus: import { bus } from '../../lib/event-bus.js';
// Re-export shared helpers from types // Re-export shared helpers from types
export { generateId, buildPk } from './types.js'; export { generateId, buildPk } from './types.js';
// ─── Helpers ─────────────────────────────────────────────────────────────── // ─── Helpers ───────────────────────────────────────────────────────────────
// TODO-2: PII Redaction - need to implement PII scanning for log messages // TODO-2: PII Redaction - need to implement PII scanning for log messages
// This should be shared with telemetry module // This should be shared with telemetry module
function redactPii(message: string): { redacted: string; patterns: string[] } { function redactPii(message: string): { redacted: string; patterns: string[] } {
@ -62,6 +66,16 @@ function redactPii(message: string): { redacted: string; patterns: string[] } {
return { redacted: message, patterns: [] }; return { redacted: message, patterns: [] };
} }
/**
* Require at least authentication (JWT present).
* Used for client endpoints that need to identify the caller but don't require admin.
*/
function requireAuth(req: FastifyRequest): void {
if (!req.jwtPayload?.sub) {
throw new UnauthorizedError('Authentication required');
}
}
// ─── Routes ───────────────────────────────────────────────────────────────── // ─── Routes ─────────────────────────────────────────────────────────────────
export async function diagnosticsRoutes(app: FastifyInstance) { export async function diagnosticsRoutes(app: FastifyInstance) {
@ -231,6 +245,8 @@ export async function diagnosticsRoutes(app: FastifyInstance) {
// Client polling endpoint (any authenticated user) // Client polling endpoint (any authenticated user)
app.get('/diagnostics/config', async (req, reply) => { app.get('/diagnostics/config', async (req, reply) => {
// BUG-3 FIX: Add authentication check
requireAuth(req);
const productId = getRequestProductId(req); const productId = getRequestProductId(req);
const userId = req.jwtPayload?.sub; const userId = req.jwtPayload?.sub;
const deviceId = req.headers['x-device-id'] as string | undefined; const deviceId = req.headers['x-device-id'] as string | undefined;