Added required authorization for all API calls. Added template stylesheet.

server/firebase/firebase-handler.js

@@ -1,4 +1,5 @@
 var admin = require("firebase-admin");
+
 const path = require("path");
 require("dotenv").config({
   path: path.resolve(
@@ -42,3 +43,49 @@ exports.sendNotification = (req, res) => {
 
   res.sendStatus(200);
 };
+
+exports.validateFirebaseIdToken = async (req, res, next) => {
+  console.log("Check if request is authorized with Firebase ID token");
+
+  if (
+    (!req.headers.authorization ||
+      !req.headers.authorization.startsWith("Bearer ")) &&
+    !(req.cookies && req.cookies.__session)
+  ) {
+    console.error("Unauthorized attempt. No authorization provided.");
+    res.status(403).send("Unauthorized");
+    return;
+  }
+
+  let idToken;
+  if (
+    req.headers.authorization &&
+    req.headers.authorization.startsWith("Bearer ")
+  ) {
+    // console.log('Found "Authorization" header');
+    // Read the ID Token from the Authorization header.
+    idToken = req.headers.authorization.split("Bearer ")[1];
+  } else if (req.cookies) {
+    //console.log('Found "__session" cookie');
+    // Read the ID Token from cookie.
+    idToken = req.cookies.__session;
+  } else {
+    // No cookie
+    console.error("Unauthorized attempt. No cookie provided.");
+
+    res.status(403).send("Unauthorized");
+    return;
+  }
+
+  try {
+    const decodedIdToken = await admin.auth().verifyIdToken(idToken);
+    //console.log("ID Token correctly decoded", decodedIdToken);
+    req.user = decodedIdToken;
+    next();
+    return;
+  } catch (error) {
+    console.error("Error while verifying Firebase ID token:", error);
+    res.status(403).send("Unauthorized");
+    return;
+  }
+};