admin/bodyshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Finish cleanup

Browse Source 
Signed-off-by: Dave Richer <dave@imexsystems.ca>
This commit is contained in:
Dave Richer
2024-01-22 23:11:10 -05:00
parent 2e7232bb65
commit a162b275a3
3 changed files with 32 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/middleware/eventAuthorizationMIddleware.js
View File

@@ -1,5 +1,7 @@
/** /**
* Checks if the event secret is correct * Checks if the event secret is correct
* It adds the following properties to the request object:
* - req.isEventAuthorized - Returns true if the event secret is correct
* @param req * @param req
* @param res * @param res
* @param next * @param next
@@ -9,6 +11,7 @@ function eventAuthorizationMiddleware(req, res, next) {
return res.status(401).send("Unauthorized"); return res.status(401).send("Unauthorized");
} }
req.isEventAuthorized = true;
next(); next();
} }

11
server/middleware/validateAdminMiddleware.js
View File

@@ -1,6 +1,15 @@
const logger = require("../utils/logger"); const logger = require("../utils/logger");
const adminEmail = require("../utils/adminEmail"); const adminEmail = require("../utils/adminEmail");
/**
* Validate admin middleware
* It adds the following properties to the request object:
* - req.isAdmin - returns true if the user passed an admin check
* @param req
* @param res
* @param next
* @returns {*}
*/
const validateAdminMiddleware = (req, res, next) => { const validateAdminMiddleware = (req, res, next) => {
if (!adminEmail.includes(req.user.email) && !req.user.ioadmin) { if (!adminEmail.includes(req.user.email) && !req.user.ioadmin) {
logger.log("admin-validation-failed", "ERROR", req.user.email, null, { logger.log("admin-validation-failed", "ERROR", req.user.email, null, {
@@ -9,6 +18,8 @@ const validateAdminMiddleware = (req, res, next) => {
}); });
return res.sendStatus(404); return res.sendStatus(404);
} }
req.isAdmin = true;
next(); next();
}; };

26
server/middleware/validateFirebaseIdTokenMiddleware.js
View File

@@ -1,15 +1,26 @@
const logger = require("../utils/logger"); const logger = require("../utils/logger");
const admin = require("firebase-admin"); const admin = require("firebase-admin");
/**
* Middleware to validate Firebase ID Tokens.
* This middleware is used to protect API endpoints from unauthorized access.
* It adds the following properties to the request object:
* - req.user - the decoded Firebase ID Token
* @param req
* @param res
* @param next
* @returns {Promise<void>}
*/
const validateFirebaseIdTokenMiddleware = async (req, res, next) => { const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
if ( if (
(!req.headers.authorization || (
!req.headers.authorization ||
!req.headers.authorization.startsWith("Bearer ")) && !req.headers.authorization.startsWith("Bearer ")) &&
!(req.cookies && req.cookies.__session) !(req.cookies && req.cookies.__session
)
) { ) {
console.error("Unauthorized attempt. No authorization provided."); console.error("Unauthorized attempt. No authorization provided.");
res.status(403).send("Unauthorized"); return res.status(403).send("Unauthorized");
return;
} }
let idToken; let idToken;
@@ -32,8 +43,8 @@ const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
req, req,
type: "no-cookie", type: "no-cookie",
}); });
res.status(403).send("Unauthorized");
return; return res.status(403).send("Unauthorized");
} }
try { try {
@@ -51,8 +62,7 @@ const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
...error, ...error,
}); });
res.status(401).send("Unauthorized"); return res.status(401).send("Unauthorized");
} }
}; };