File size: 846 Bytes
6dd9bad 5b8761d 6dd9bad 5b8761d 6dd9bad 5b8761d 6dd9bad | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | import { FastifyRequest, FastifyReply } from 'fastify';
/**
* Middleware to enforce organization isolation.
* Ensures the requested organization ID matches the user's organization ID.
* Injects the organization ID into the request object.
*/
export const enforceOrgIsolation = async (request: FastifyRequest, _reply: FastifyReply) => {
const user = request.user;
if (!user) return;
if (user.role === 'SUPER_ADMIN') {
// Super-admins may target any org via the header; fall back to their own org.
const headerOrgId = request.headers['x-organization-id'] as string | undefined;
request.organizationId = headerOrgId || user.organizationId;
} else {
// All other roles: org is authoritative from the JWT — never trust the header.
request.organizationId = user.organizationId;
}
};
|