- Finish cleanup

Signed-off-by: Dave Richer <dave@imexsystems.ca>
2024-01-22 23:11:10 -05:00
parent 2e7232bb65
commit a162b275a3
3 changed files with 32 additions and 8 deletions
--- a/server/middleware/validateFirebaseIdTokenMiddleware.js
+++ b/server/middleware/validateFirebaseIdTokenMiddleware.js
@@ -1,15 +1,26 @@
 const logger = require("../utils/logger");
 const admin = require("firebase-admin");

+/**
+ *  Middleware to validate Firebase ID Tokens.
+ *  This middleware is used to protect API endpoints from unauthorized access.
+ *  It adds the following properties to the request object:
+ *  - req.user - the decoded Firebase ID Token
+ * @param req
+ * @param res
+ * @param next
+ * @returns {Promise<void>}
+ */
 const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
    if (
-        (!req.headers.authorization ||
+        (
+            !req.headers.authorization ||
            !req.headers.authorization.startsWith("Bearer ")) &&
-        !(req.cookies && req.cookies.__session)
+            !(req.cookies && req.cookies.__session
+        )
    ) {
        console.error("Unauthorized attempt. No authorization provided.");
-        res.status(403).send("Unauthorized");
-        return;
+        return res.status(403).send("Unauthorized");
    }

    let idToken;
@@ -32,8 +43,8 @@ const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
            req,
            type: "no-cookie",
        });
-        res.status(403).send("Unauthorized");
-        return;
+
+        return res.status(403).send("Unauthorized");
    }

    try {
@@ -51,8 +62,7 @@ const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
            ...error,
        });

-        res.status(401).send("Unauthorized");
-
+        return res.status(401).send("Unauthorized");
    }
 };