diff --git a/backend/routes/cardApi.js b/backend/routes/cardApi.js index eed018d..c572022 100644 --- a/backend/routes/cardApi.js +++ b/backend/routes/cardApi.js @@ -596,7 +596,8 @@ function createCardApiRouter() { // Fast path: if Ivanti hostId is provided, try asset-search first // The asset-search returns the full record including owner data, so we can - // return directly without a separate getOwner() call. + // often return directly without a separate getOwner() call. + // If update_token is missing, do a follow-up getOwner() to fetch it. let assetId = null; if (hostId && /^\d+$/.test(hostId)) { try { @@ -607,6 +608,19 @@ function createCardApiRouter() { if (assets.length > 0) { const asset = assets[0]; const owner = asset.owner || {}; + let updateToken = owner.update_token || null; + + // If no update_token, fetch it from the owner endpoint using the resolved _id + if (!updateToken && asset._id) { + try { + const ownerResult = await getOwner(asset._id); + if (ownerResult.ok) { + const ownerData = JSON.parse(ownerResult.body); + updateToken = (ownerData.owner && ownerData.owner.update_token) || null; + } + } catch (_) { /* best effort */ } + } + return res.json({ asset_id: asset._id || null, ip: ip.trim(), @@ -614,7 +628,7 @@ function createCardApiRouter() { unconfirmed: owner.unconfirmed || null, declined: owner.declined || [], candidate: owner.candidate || [], - update_token: owner.update_token || null, + update_token: updateToken, }); } }