Initial Commit

backend/src/core/middleware/error.middleware.ts

@@ -1,24 +0,0 @@
-/**
- * @ai-summary Global error handling middleware
- */
-import { Request, Response, NextFunction } from 'express';
-import { logger } from '../logging/logger';
-
-export const errorHandler = (
-  err: Error,
-  req: Request,
-  res: Response,
-  _next: NextFunction
-) => {
-  logger.error('Unhandled error', {
-    error: err.message,
-    stack: err.stack,
-    path: req.path,
-    method: req.method,
-  });
-
-  res.status(500).json({
-    error: 'Internal server error',
-    message: process.env.NODE_ENV === 'development' ? err.message : undefined,
-  });
-};

backend/src/core/middleware/logging.middleware.ts

@@ -1,26 +0,0 @@
-/**
- * @ai-summary Request logging middleware
- */
-import { Request, Response, NextFunction } from 'express';
-import { logger } from '../logging/logger';
-
-export const requestLogger = (
-  req: Request,
-  res: Response,
-  next: NextFunction
-) => {
-  const start = Date.now();
-
-  res.on('finish', () => {
-    const duration = Date.now() - start;
-    logger.info('Request processed', {
-      method: req.method,
-      path: req.path,
-      status: res.statusCode,
-      duration,
-      ip: req.ip,
-    });
-  });
-
-  next();
-};

backend/src/core/middleware/tenant.ts

@@ -0,0 +1,84 @@
+
+/**
+ * Tenant detection and validation middleware for multi-tenant architecture
+ */
+import { FastifyRequest, FastifyReply } from 'fastify';
+import { getTenantConfig, isValidTenant, extractTenantId } from '../config/tenant';
+import { logger } from '../logging/logger';
+
+// Extend FastifyRequest to include tenant context
+declare module 'fastify' {
+  interface FastifyRequest {
+    tenantId: string;
+    tenantConfig: {
+      tenantId: string;
+      databaseUrl: string;
+      redisUrl: string;
+      platformServicesUrl: string;
+      isAdminTenant: boolean;
+    };
+  }
+}
+
+export const tenantMiddleware = async (
+  request: FastifyRequest,
+  reply: FastifyReply
+) => {
+  try {
+    // Method 1: From environment variable (container-level)
+    const envTenantId = process.env.TENANT_ID;
+    
+    // Method 2: From JWT token claims (verify or decode if available)
+    let jwtTenantId = (request as any).user?.['https://motovaultpro.com/tenant_id'] as string | undefined;
+    if (!jwtTenantId && typeof (request as any).jwtDecode === 'function') {
+      try {
+        const decoded = (request as any).jwtDecode();
+        jwtTenantId = decoded?.payload?.['https://motovaultpro.com/tenant_id']
+          || decoded?.['https://motovaultpro.com/tenant_id'];
+      } catch { /* ignore decode errors */ }
+    }
+    
+    // Method 3: From subdomain parsing (if needed)
+    const host = request.headers.host || '';
+    const subdomain = host.split('.')[0];
+    const subdomainTenantId = subdomain !== 'admin' && subdomain !== 'localhost' ? subdomain : undefined;
+    
+    // Extract tenant ID with priority: Environment > JWT > Subdomain > Default
+    const tenantId = extractTenantId({
+      envTenantId,
+      jwtTenantId,
+      subdomain: subdomainTenantId
+    });
+    
+    // Validate tenant exists
+    const isValid = await isValidTenant(tenantId);
+    if (!isValid) {
+      logger.warn('Invalid tenant access attempt', { 
+        tenantId, 
+        host, 
+        path: request.url,
+        method: request.method 
+      });
+      reply.code(403).send({ error: 'Invalid or unauthorized tenant' });
+      return;
+    }
+    
+    // Get tenant configuration
+    const tenantConfig = getTenantConfig();
+    
+    // Attach tenant context to request
+    request.tenantId = tenantId;
+    request.tenantConfig = tenantConfig;
+    
+    logger.info('Tenant context established', { 
+      tenantId, 
+      isAdmin: tenantConfig.isAdminTenant,
+      path: request.url 
+    });
+    
+    return;
+  } catch (error) {
+    logger.error('Tenant middleware error', { error });
+    reply.code(500).send({ error: 'Internal server error' });
+  }
+};