CognxSafeTrack
feat: agentic platform β text-to-sql, pedagogy advisor, security hardening & performance
5b8761d | import { FastifyRequest, FastifyReply } from 'fastify'; | |
| /** | |
| * Middleware to enforce organization isolation. | |
| * Ensures the requested organization ID matches the user's organization ID. | |
| * Injects the organization ID into the request object. | |
| */ | |
| export const enforceOrgIsolation = async (request: FastifyRequest, _reply: FastifyReply) => { | |
| const user = request.user; | |
| if (!user) return; | |
| if (user.role === 'SUPER_ADMIN') { | |
| // Super-admins may target any org via the header; fall back to their own org. | |
| const headerOrgId = request.headers['x-organization-id'] as string | undefined; | |
| request.organizationId = headerOrgId || user.organizationId; | |
| } else { | |
| // All other roles: org is authoritative from the JWT β never trust the header. | |
| request.organizationId = user.organizationId; | |
| } | |
| }; | |