v0.11.9 fixed tenant isolation bug

backend/src/routes/auth.js

@@ -3,6 +3,8 @@ const bcrypt  = require('bcryptjs');
 const { query, queryOne, queryResult, exec, getOrCreateSupportGroup } = require('../models/db');
 const { generateToken, authMiddleware, setActiveSession, clearActiveSession } = require('../middleware/auth');
 
+const R = (schema, type, id) => `${schema}:${type}:${id}`;
+
 module.exports = function(io) {
   const router = express.Router();
 
@@ -25,7 +27,7 @@ module.exports = function(io) {
       const token  = generateToken(user.id);
       const ua     = req.headers['user-agent'] || '';
       const device = await setActiveSession(req.schema, user.id, token, ua);
-      if (io) io.to(`user:${user.id}`).emit('session:displaced', { device });
+      if (io) io.to(R(req.schema,'user',user.id)).emit('session:displaced', { device });
 
       const { password: _, ...userSafe } = user;
       res.json({ token, user: userSafe, mustChangePassword: !!user.must_change_password, rememberMe: !!rememberMe });
@@ -87,10 +89,10 @@ module.exports = function(io) {
         SELECT m.*, u.name AS user_name, u.display_name AS user_display_name, u.avatar AS user_avatar
         FROM messages m JOIN users u ON m.user_id = u.id WHERE m.id = $1
       `, [mr.rows[0].id]);
-      if (newMsg) { newMsg.reactions = []; io.to(`group:${groupId}`).emit('message:new', newMsg); }
+      if (newMsg) { newMsg.reactions = []; io.to(R(req.schema,'group',groupId)).emit('message:new', newMsg); }
 
       const admins = await query(req.schema, "SELECT id FROM users WHERE role = 'admin' AND status = 'active'");
-      for (const a of admins) io.to(`user:${a.id}`).emit('notification:new', { type: 'support', groupId });
+      for (const a of admins) io.to(R(req.schema,'user',a.id)).emit('notification:new', { type: 'support', groupId });
 
       res.json({ success: true });
     } catch (e) { res.status(500).json({ error: e.message }); }