CognxSafeTrack commited on
Commit ·
ea8815c
1
Parent(s): 6282d86
fix(super-admin): move routes to JWT-only scope to bypass tenant extension
Browse filesSuper-admin routes need cross-org Prisma access. The previous registration
inside the tenant-guarded scope called runWithTenant('xamle-admin-org'),
which caused the Prisma extension to silently filter all User, Message,
WalletTransaction and other queries to a single org.
Moving to a separate scope with JWT-only auth (no runWithTenant) means
getOrganizationId() returns null inside these handlers, so the tenant
extension skips filtering — enabling true cross-org stats and queries.
- apps/api/src/app.ts +8 -0
apps/api/src/app.ts
CHANGED
|
@@ -95,6 +95,14 @@ export async function buildApp() {
|
|
| 95 |
scope.register(billingRoutes, { prefix: '/v1/billing' });
|
| 96 |
scope.register(notificationRoutes, { prefix: '/v1/notifications' });
|
| 97 |
scope.register(campaignRoutes, { prefix: '/v1/organizations' });
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 98 |
scope.register(superAdminRoutes, { prefix: '/v1/super-admin' });
|
| 99 |
});
|
| 100 |
|
|
|
|
| 95 |
scope.register(billingRoutes, { prefix: '/v1/billing' });
|
| 96 |
scope.register(notificationRoutes, { prefix: '/v1/notifications' });
|
| 97 |
scope.register(campaignRoutes, { prefix: '/v1/organizations' });
|
| 98 |
+
});
|
| 99 |
+
|
| 100 |
+
// Super-admin routes — JWT-only scope, deliberately NO runWithTenant so Prisma
|
| 101 |
+
// queries are cross-org (tenant extension only filters when AsyncLocalStorage is set).
|
| 102 |
+
server.register(async (scope) => {
|
| 103 |
+
scope.addHook('preHandler', async (request, reply) => {
|
| 104 |
+
await verifyJwt(request, reply);
|
| 105 |
+
});
|
| 106 |
scope.register(superAdminRoutes, { prefix: '/v1/super-admin' });
|
| 107 |
});
|
| 108 |
|