cameleer/cameleer-saas
2
0
Fork 0
Code Issues 23 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ca0e960fb035c56551c23a0d17b0736c4f86063
cameleer-saas/ui/src/auth/OrgResolver.tsx
hsiegeln 1ef8c9dceb
All checks were successful
CI / build (push) Successful in 38s
Details
CI / docker (push) Successful in 37s
Details
refactor: merge tenant isolation into single HandlerInterceptor 
Replace TenantResolutionFilter + TenantOwnershipValidator (15 manual
calls across 5 controllers) with a single TenantIsolationInterceptor
that uses Spring HandlerMapping path variables for fail-closed tenant
isolation. New endpoints with {tenantId}, {environmentId}, or {appId}
path variables are automatically isolated without manual code.

Simplify OrgResolver from dual-token fetch to single token — Logto
merges all scopes into either token type.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 15:48:04 +02:00

83 lines
2.5 KiB
TypeScript
Raw Blame History

import { useEffect } from 'react';
import { useLogto } from '@logto/react';
import { Spinner } from '@cameleer/design-system';
import { useMe } from '../api/hooks';
import { useOrgStore } from './useOrganization';
import { fetchConfig } from '../config';
/**
* Fetches /api/me and populates the org store with tenant-to-org mapping.
* Also reads OAuth2 scopes from the access token and stores them.
* Renders children once resolved.
*/
export function OrgResolver({ children }: { children: React.ReactNode }) {
const { data: me, isLoading, isError } = useMe();
const { getAccessToken } = useLogto();
const { setOrganizations, setCurrentOrg, setScopes, currentOrgId } = useOrgStore();
// Effect 1: Org population — runs when /api/me data loads
useEffect(() => {
if (!me) return;
// Map tenants: logtoOrgId is the org ID for token scoping, id is the DB UUID
const orgEntries = me.tenants.map((t) => ({
id: t.logtoOrgId,
name: t.name,
slug: t.slug,
tenantId: t.id,
}));
setOrganizations(orgEntries);
// Auto-select if single tenant and no org selected yet
if (orgEntries.length === 1 && !currentOrgId) {
setCurrentOrg(orgEntries[0].id);
}
}, [me]);
// Effect 2: Scope fetching — runs when me loads OR when currentOrgId changes
useEffect(() => {
if (!me) return;
// Read scopes from a single access token (org-scoped when an org is selected,
// global otherwise). Logto merges all applicable scopes into either token.
fetchConfig().then(async (config) => {
if (!config.logtoResource) return;
const extractScopes = (token: string | undefined): string[] => {
if (!token) return [];
try {
const payload = JSON.parse(atob(token.split('.')[1]));
return ((payload.scope as string) ?? '').split(' ').filter(Boolean);
} catch {
return [];
}
};
try {
const token = await (currentOrgId
? getAccessToken(config.logtoResource, currentOrgId)
: getAccessToken(config.logtoResource)
).catch(() => undefined);
setScopes(new Set(extractScopes(token)));
} catch {
setScopes(new Set());
}
});
}, [me, currentOrgId]);
if (isLoading) {
return (
<div style={{ display: 'flex', alignItems: 'center', justifyContent: 'center', minHeight: '100vh' }}>
<Spinner />
</div>
);
}
if (isError) {
return null;
}
return <>{children}</>;
}
Reference in New Issue View Git Blame Copy Permalink