This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Flea Flicker
1745265fe3
GRO-653: Implement portal session middleware and server-side audit logging
- Add validatePortalSession middleware (apps/api/src/middleware/portalSession.ts)
- Reads X-Impersonation-Session-Id header
- Queries impersonationSessions for active session with status='active'
- Validates expiresAt > new Date() (strict >, consistent everywhere)
- Sets portalClientId and portalSessionId on Hono context
- Returns 401 Unauthorized for missing/invalid/expired sessions
- Add portalAuditMiddleware (apps/api/src/middleware/portalAudit.ts)
- Runs after validatePortalSession via middleware chain
- Inserts impersonationAuditLogs entry on all portal requests
- action: 'METHOD /path', pageVisited: c.req.path, metadata: { method, statusCode }
- Swallows errors (logs to console, does not break user request)
- Apply middleware to all portal routes in portal.ts
- Replace all 11 getClientIdFromSession() calls with c.get('portalClientId')
- Replace 3 inline session queries in waitlist routes (POST/PATCH/DELETE)
- Remove getClientIdFromSession() helper (no longer needed)
- Remove unused 'and' import
- Add portalSession.test.ts with tests for validatePortalSession and portalAuditMiddleware
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-14 16:34:33 +00:00
..
2026-04-14 16:34:33 +00:00
2026-04-07 20:01:56 +00:00
2026-03-17 18:45:28 +00:00
2026-04-14 08:27:03 +00:00
2026-03-17 16:11:04 +00:00
2026-03-21 19:34:52 +00:00