Additional security hardening.

server.js

@@ -123,7 +123,11 @@ app.post(
   twilio.webhook({ validate: process.env.NODE_ENV === "PRODUCTION" }),
   smsStatus.status
 );
-app.post("/sms/markConversationRead", smsStatus.markConversationRead);
+app.post(
+  "/sms/markConversationRead",
+  fb.validateFirebaseIdToken,
+  smsStatus.markConversationRead
+);
 
 var job = require("./server/job/job");
 app.post("/job/totals", fb.validateFirebaseIdToken, job.totals);
@@ -147,11 +151,11 @@ app.post("/scheduling/job", fb.validateFirebaseIdToken, scheduling.job);
 var inlineCss = require("./server/render/inlinecss");
 app.post("/render/inlinecss", fb.validateFirebaseIdToken, inlineCss.inlinecss);
 
-app.post(
-  "/notifications/send",
+// app.post(
+//   "/notifications/send",
 
-  fb.sendNotification
-);
+//   fb.sendNotification
+// );
 app.post("/notifications/subscribe", fb.validateFirebaseIdToken, fb.subscribe);
 app.post(
   "/notifications/unsubscribe",
@@ -188,13 +192,13 @@ app.post(
 );
 
 //Stripe Processing
-var stripe = require("./server/stripe/payment");
-app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
-app.post(
-  "/stripe/mobilepayment",
-  fb.validateFirebaseIdToken,
-  stripe.mobile_payment
-);
+// var stripe = require("./server/stripe/payment");
+// app.post("/stripe/payment", fb.validateFirebaseIdToken, stripe.payment);
+// app.post(
+//   "/stripe/mobilepayment",
+//   fb.validateFirebaseIdToken,
+//   stripe.mobile_payment
+// );
 
 //Tech Console
 var tech = require("./server/tech/tech");
@@ -202,7 +206,7 @@ app.post("/tech/login", fb.validateFirebaseIdToken, tech.techLogin);
 
 var utils = require("./server/utils/utils");
 app.post("/utils/time", utils.servertime);
-
+app.post("/utils/jsr", fb.validateFirebaseIdToken, utils.jsrAuth);
 var qbo = require("./server/accounting/qbo/qbo");
 app.post("/qbo/authorize", fb.validateFirebaseIdToken, qbo.authorize);
 app.get("/qbo/callback", qbo.callback);
@@ -215,7 +219,7 @@ app.post("/data/ah", data.autohouse);
 app.post("/record-handler/arms", data.arms);
 
 var taskHandler = require("./server/tasks/tasks");
-app.post("/taskHandler", taskHandler.taskHandler);
+app.post("/taskHandler", fb.validateFirebaseIdToken, taskHandler.taskHandler);
 
 var mixdataUpload = require("./server/mixdata/mixdata");
 
@@ -228,10 +232,10 @@ app.post(
 
 var ioevent = require("./server/ioevent/ioevent");
 app.post("/ioevent", ioevent.default);
-app.post("/newlog", (req, res) => {
-  const { message, type, user, record, object } = req.body;
-  logger.log(message, type, user, record, object);
-});
+// app.post("/newlog", (req, res) => {
+//   const { message, type, user, record, object } = req.body;
+//   logger.log(message, type, user, record, object);
+// });
 
 var os = require("./server/opensearch/os-handler");
 app.post(
@@ -243,9 +247,9 @@ app.post("/search", fb.validateFirebaseIdToken, os.search);
 var cdkGetMake = require("./server/cdk/cdk-get-makes");
 app.post("/cdk/getvehicles", fb.validateFirebaseIdToken, cdkGetMake.default);
 
-app.get("/", async function (req, res) {
-  res.status(200).send("Access Forbidden.");
-});
+// app.get("/", async function (req, res) {
+//   res.status(200).send("Access Forbidden.");
+// });
 
 server.listen(port, (error) => {
   if (error) throw error;