feature/IO-3255-simplified-parts-management - Checkoint
This commit is contained in:
Dave
42
server/middleware/validateFirebaseIdTokenLiteMiddleware.js
Normal file
42
server/middleware/validateFirebaseIdTokenLiteMiddleware.js
Normal file
@@ -0,0 +1,42 @@
|
||||
const logger = require("../utils/logger");
|
||||
const admin = require("firebase-admin");
|
||||
|
||||
/**
|
||||
* Lite Firebase ID token validator.
|
||||
* - Only accepts Authorization: Bearer <token>
|
||||
* - Sets req.user to the decoded token on success
|
||||
*/
|
||||
const validateFirebaseIdTokenLite = async (req, res, next) => {
|
||||
const authHeader = req.headers.authorization || "";
|
||||
const match = authHeader.match(/^Bearer\s+(.+)$/i);
|
||||
|
||||
if (!match) {
|
||||
logger.log("api-authorization-call", "warn", null, null, {
|
||||
type: "unauthorized",
|
||||
reason: "missing Bearer token",
|
||||
path: req.path,
|
||||
body: req.body
|
||||
});
|
||||
return res.status(401).send("Unauthorized");
|
||||
}
|
||||
|
||||
const idToken = match[1].trim();
|
||||
|
||||
try {
|
||||
const decodedIdToken = await admin.auth().verifyIdToken(idToken);
|
||||
req.user = decodedIdToken;
|
||||
return next();
|
||||
} catch (error) {
|
||||
logger.log("api-unauthorized-call", "warn", null, null, {
|
||||
type: "unauthorized",
|
||||
reason: "invalid or expired token",
|
||||
path: req.path,
|
||||
body: req.body,
|
||||
code: error?.errorInfo?.code || error?.code,
|
||||
message: error?.message
|
||||
});
|
||||
return res.status(401).send("Unauthorized");
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = validateFirebaseIdTokenLite;
|
||||
@@ -1,13 +1,14 @@
|
||||
const express = require("express");
|
||||
const router = express.Router();
|
||||
const { inlineCSS } = require("../render/inlinecss");
|
||||
const validateFirebaseIdTokenMiddleware = require("../middleware/validateFirebaseIdTokenMiddleware");
|
||||
const validateFirebaseIdTokenLite = require("../middleware/validateFirebaseIdTokenLiteMiddleware");
|
||||
const { canvas } = require("../render/canvas-handler");
|
||||
const validateCanvasInputMiddleware = require("../middleware/validateCanvasInputMiddleware");
|
||||
|
||||
// Define the route for inline CSS rendering
|
||||
router.post("/inlinecss", validateFirebaseIdTokenMiddleware, inlineCSS);
|
||||
router.post("/canvas-skia", validateFirebaseIdTokenMiddleware, validateCanvasInputMiddleware, canvas);
|
||||
router.post("/canvas", validateFirebaseIdTokenMiddleware, validateCanvasInputMiddleware, canvas);
|
||||
router.post("/inlinecss", validateFirebaseIdTokenLite, inlineCSS);
|
||||
|
||||
router.post("/canvas-skia", validateFirebaseIdTokenLite, validateCanvasInputMiddleware, canvas);
|
||||
router.post("/canvas", validateFirebaseIdTokenLite, validateCanvasInputMiddleware, canvas);
|
||||
|
||||
module.exports = router;
|
||||
|
||||
Reference in New Issue
Block a user