refactor: simplify tenantId handling in authentication routes

antosubash · antosubash · commit add1d14d03d4 · 2025-08-12T21:41:24.000+02:00
- Streamlined tenantId assignment in the login route by directly using the session value, ensuring it is a string or defaulting to an empty string.
- Enhanced tenantId validation in the set-tenant route to ensure it is a valid GUID, improving data integrity.
- Introduced a new utility function, isGuid, to validate GUID format, promoting code reuse and clarity.
diff --git a/src/src/app/auth/login/route.ts b/src/src/app/auth/login/route.ts
@@ -16,17 +16,8 @@ export async function GET() {
   let code_verifier = client.randomPKCECodeVerifier()
   let code_challenge = await client.calculatePKCECodeChallenge(code_verifier)
   const openIdClientConfig = await getClientConfig()
-  let tenantId = session.tenantId
-
-  // Ensure tenantId is always a string and handle edge cases
-  if (!tenantId || 
-      tenantId === 'default' || 
-      (typeof tenantId === 'object' && Object.keys(tenantId).length === 0) ||
-      typeof tenantId !== 'string') {
-    tenantId = ''
-  } else {
-    tenantId = String(tenantId)
-  }
+  // Just use the saved tenantId (assumed sanitized at the time of saving)
+  const tenantId = typeof session.tenantId === 'string' ? session.tenantId : ''
 
   let parameters: Record<string, string> = {
     redirect_uri: clientConfig.redirect_uri,
diff --git a/src/src/app/auth/set-tenant/route.ts b/src/src/app/auth/set-tenant/route.ts
@@ -3,6 +3,7 @@ import { getSession } from '@/lib/actions'
 import { setUpLayoutConfig } from '@/lib/auth'
 import { headers } from 'next/headers'
 import { redirect } from 'next/navigation'
+import { isGuid } from '@/lib/session-utils'
 
 /**
  * Handles the GET request to set the tenant for the current session.
@@ -27,8 +28,9 @@ export async function GET() {
   try {
     const { data } = await tenantGetTenantGuid({ query: { host: host! } })
     console.log('Fetched tenant GUID:', data)
-    // Ensure tenantId is always a string
-    session.tenantId = data ? String(data) : ''
+    const raw = data ? (typeof data === 'string' ? data : String(data)) : ''
+    const candidate = raw.trim()
+    session.tenantId = candidate && candidate !== 'default' && isGuid(candidate) ? candidate : ''
   } catch (error) {
     console.error('Failed to fetch tenant GUID:', error)
     session.tenantId = ''
diff --git a/src/src/lib/session-utils.ts b/src/src/lib/session-utils.ts
@@ -47,6 +47,15 @@ export async function getClientConfig() {
   return await client.discovery(new URL(clientConfig.url!), clientConfig.client_id!)
 }
 
+/**
+ * Validates whether a string is a GUID (UUID v1-5).
+ */
+export function isGuid(value: string): boolean {
+  return /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/.test(
+    value
+  )
+}
+
 /**
  * Sets the tenant ID in the session based on the provided host.
  * This function updates the session with the tenant ID associated with the given host.
@@ -71,11 +80,9 @@ export async function setTenantWithHost(host: string) {
     isObject: typeof data === 'object'
   })
   
-  // Ensure we store a string, not an object
-  if (data) {
-    session.tenantId = typeof data === 'string' ? data : String(data)
-  } else {
-    session.tenantId = ''
-  }
+  // Ensure we store a GUID or empty string
+  const raw = data ? (typeof data === 'string' ? data : String(data)) : ''
+  const candidate = raw.trim()
+  session.tenantId = candidate && candidate !== 'default' && isGuid(candidate) ? candidate : ''
   await session.save()
 }
