- Finish cleanup

Signed-off-by: Dave Richer <dave@imexsystems.ca>

server/middleware/eventAuthorizationMIddleware.js

@@ -0,0 +1,15 @@
+/**
+ * Checks if the event secret is correct
+ * @param req
+ * @param res
+ * @param next
+ */
+function eventAuthorizationMiddleware(req, res, next) {
+    if (req.headers["event-secret"] !== process.env.EVENT_SECRET) {
+        return res.status(401).send("Unauthorized");
+    }
+
+    next();
+}
+
+module.exports = eventAuthorizationMiddleware;

server/middleware/validateAdminMiddleware.js

@@ -0,0 +1,15 @@
+const logger = require("../utils/logger");
+const adminEmail = require("../utils/adminEmail");
+
+const validateAdminMiddleware = (req, res, next) => {
+    if (!adminEmail.includes(req.user.email) && !req.user.ioadmin) {
+        logger.log("admin-validation-failed", "ERROR", req.user.email, null, {
+            request: req.body,
+            user: req.user,
+        });
+        return res.sendStatus(404);
+    }
+    next();
+};
+
+module.exports = validateAdminMiddleware;

server/middleware/validateFirebaseIdTokenMiddleware.js

@@ -0,0 +1,59 @@
+const logger = require("../utils/logger");
+const admin = require("firebase-admin");
+
+const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
+    if (
+        (!req.headers.authorization ||
+            !req.headers.authorization.startsWith("Bearer ")) &&
+        !(req.cookies && req.cookies.__session)
+    ) {
+        console.error("Unauthorized attempt. No authorization provided.");
+        res.status(403).send("Unauthorized");
+        return;
+    }
+
+    let idToken;
+
+    if (
+        req.headers.authorization &&
+        req.headers.authorization.startsWith("Bearer ")
+    ) {
+        // console.log('Found "Authorization" header');
+        // Read the ID Token from the Authorization header.
+        idToken = req.headers.authorization.split("Bearer ")[1];
+    } else if (req.cookies) {
+        //console.log('Found "__session" cookie');
+        // Read the ID Token from cookie.
+        idToken = req.cookies.__session;
+    } else {
+        // No cookie
+        console.error("Unauthorized attempt. No cookie provided.");
+        logger.log("api-unauthorized-call", "WARN", null, null, {
+            req,
+            type: "no-cookie",
+        });
+        res.status(403).send("Unauthorized");
+        return;
+    }
+
+    try {
+        const decodedIdToken = await admin.auth().verifyIdToken(idToken);
+        //console.log("ID Token correctly decoded", decodedIdToken);
+        req.user = decodedIdToken;
+        next();
+
+    } catch (error) {
+        logger.log("api-unauthorized-call", "WARN", null, null, {
+            path: req.path,
+            body: req.body,
+
+            type: "unauthroized",
+            ...error,
+        });
+
+        res.status(401).send("Unauthorized");
+
+    }
+};
+
+module.exports = validateFirebaseIdTokenMiddleware;