- Finish cleanup

Signed-off-by: Dave Richer <dave@imexsystems.ca>

server/middleware/validateFirebaseIdTokenMiddleware.js

@@ -0,0 +1,59 @@
+const logger = require("../utils/logger");
+const admin = require("firebase-admin");
+
+const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
+    if (
+        (!req.headers.authorization ||
+            !req.headers.authorization.startsWith("Bearer ")) &&
+        !(req.cookies && req.cookies.__session)
+    ) {
+        console.error("Unauthorized attempt. No authorization provided.");
+        res.status(403).send("Unauthorized");
+        return;
+    }
+
+    let idToken;
+
+    if (
+        req.headers.authorization &&
+        req.headers.authorization.startsWith("Bearer ")
+    ) {
+        // console.log('Found "Authorization" header');
+        // Read the ID Token from the Authorization header.
+        idToken = req.headers.authorization.split("Bearer ")[1];
+    } else if (req.cookies) {
+        //console.log('Found "__session" cookie');
+        // Read the ID Token from cookie.
+        idToken = req.cookies.__session;
+    } else {
+        // No cookie
+        console.error("Unauthorized attempt. No cookie provided.");
+        logger.log("api-unauthorized-call", "WARN", null, null, {
+            req,
+            type: "no-cookie",
+        });
+        res.status(403).send("Unauthorized");
+        return;
+    }
+
+    try {
+        const decodedIdToken = await admin.auth().verifyIdToken(idToken);
+        //console.log("ID Token correctly decoded", decodedIdToken);
+        req.user = decodedIdToken;
+        next();
+
+    } catch (error) {
+        logger.log("api-unauthorized-call", "WARN", null, null, {
+            path: req.path,
+            body: req.body,
+
+            type: "unauthroized",
+            ...error,
+        });
+
+        res.status(401).send("Unauthorized");
+
+    }
+};
+
+module.exports = validateFirebaseIdTokenMiddleware;