fix(dashboard): attach Keycloak token on agent API calls (#90)

compliance-agent/src/api/handlers/notifications.rs

@@ -5,15 +5,18 @@ use mongodb::bson::doc;
 use serde::Deserialize;
 
 use compliance_core::models::notification::CveNotification;
+use compliance_core::tenant_ctx::TenantCtx;
 
-use super::dto::{AgentExt, ApiResponse};
+use super::dto::{tenant_db, AgentExt, ApiResponse};
 
 /// GET /api/v1/notifications — List CVE notifications (newest first)
 #[tracing::instrument(skip_all)]
 pub async fn list_notifications(
     Extension(agent): AgentExt,
+    tenant: TenantCtx,
     axum::extract::Query(params): axum::extract::Query<NotificationFilter>,
 ) -> Result<Json<ApiResponse<Vec<CveNotification>>>, StatusCode> {
+    let db = tenant_db(&agent, &tenant).await?;
     let mut filter = doc! {};
 
     // Filter by status (default: show new + read, exclude dismissed)
@@ -41,15 +44,13 @@ pub async fn list_notifications(
     let limit = params.limit.unwrap_or(50).min(200);
     let skip = (page - 1) * limit as u64;
 
-    let total = agent
-        .db
+    let total = db
         .cve_notifications()
         .count_documents(filter.clone())
         .await
         .unwrap_or(0);
 
-    let notifications: Vec<CveNotification> = match agent
-        .db
+    let notifications: Vec<CveNotification> = match db
         .cve_notifications()
         .find(filter)
         .sort(doc! { "created_at": -1 })
@@ -83,9 +84,10 @@ pub async fn list_notifications(
 #[tracing::instrument(skip_all)]
 pub async fn notification_count(
     Extension(agent): AgentExt,
+    tenant: TenantCtx,
 ) -> Result<Json<serde_json::Value>, StatusCode> {
-    let count = agent
-        .db
+    let db = tenant_db(&agent, &tenant).await?;
+    let count = db
         .cve_notifications()
         .count_documents(doc! { "status": "new" })
         .await
@@ -98,12 +100,13 @@ pub async fn notification_count(
 #[tracing::instrument(skip_all, fields(id = %id))]
 pub async fn mark_read(
     Extension(agent): AgentExt,
+    tenant: TenantCtx,
     axum::extract::Path(id): axum::extract::Path<String>,
 ) -> Result<Json<serde_json::Value>, StatusCode> {
     let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?;
+    let db = tenant_db(&agent, &tenant).await?;
 
-    let result = agent
-        .db
+    let result = db
         .cve_notifications()
         .update_one(
             doc! { "_id": oid },
@@ -125,12 +128,13 @@ pub async fn mark_read(
 #[tracing::instrument(skip_all, fields(id = %id))]
 pub async fn dismiss_notification(
     Extension(agent): AgentExt,
+    tenant: TenantCtx,
     axum::extract::Path(id): axum::extract::Path<String>,
 ) -> Result<Json<serde_json::Value>, StatusCode> {
     let oid = mongodb::bson::oid::ObjectId::parse_str(&id).map_err(|_| StatusCode::BAD_REQUEST)?;
+    let db = tenant_db(&agent, &tenant).await?;
 
-    let result = agent
-        .db
+    let result = db
         .cve_notifications()
         .update_one(
             doc! { "_id": oid },
@@ -149,9 +153,10 @@ pub async fn dismiss_notification(
 #[tracing::instrument(skip_all)]
 pub async fn mark_all_read(
     Extension(agent): AgentExt,
+    tenant: TenantCtx,
 ) -> Result<Json<serde_json::Value>, StatusCode> {
-    let result = agent
-        .db
+    let db = tenant_db(&agent, &tenant).await?;
+    let result = db
         .cve_notifications()
         .update_many(
             doc! { "status": "new" },