63 lines
1.8 KiB
JavaScript
63 lines
1.8 KiB
JavaScript
const logger = require("../utils/logger");
|
|
const admin = require("firebase-admin");
|
|
|
|
/**
|
|
* Middleware to validate Firebase ID Tokens.
|
|
* This middleware is used to protect API endpoints from unauthorized access.
|
|
* It adds the following properties to the request object:
|
|
* - req.user - the decoded Firebase ID Token
|
|
* @param req
|
|
* @param res
|
|
* @param next
|
|
* @returns {Promise<void>}
|
|
*/
|
|
const validateFirebaseIdTokenMiddleware = async (req, res, next) => {
|
|
if (
|
|
(!req.headers.authorization || !req.headers.authorization.startsWith("Bearer ")) &&
|
|
!(req.cookies && req.cookies.__session)
|
|
) {
|
|
console.error("Unauthorized attempt. No authorization provided.");
|
|
return res.status(403).send("Unauthorized");
|
|
}
|
|
|
|
let idToken;
|
|
|
|
if (req.headers.authorization && req.headers.authorization.startsWith("Bearer ")) {
|
|
// console.log('Found "Authorization" header');
|
|
// Read the ID Token from the Authorization header.
|
|
idToken = req.headers.authorization.split("Bearer ")[1];
|
|
} else if (req.cookies) {
|
|
//console.log('Found "__session" cookie');
|
|
// Read the ID Token from cookie.
|
|
idToken = req.cookies.__session;
|
|
} else {
|
|
// No cookie
|
|
console.error("Unauthorized attempt. No cookie provided.");
|
|
logger.log("api-unauthorized-call", "WARN", null, null, {
|
|
req,
|
|
type: "no-cookie"
|
|
});
|
|
|
|
return res.status(403).send("Unauthorized");
|
|
}
|
|
|
|
try {
|
|
const decodedIdToken = await admin.auth().verifyIdToken(idToken);
|
|
//console.log("ID Token correctly decoded", decodedIdToken);
|
|
req.user = decodedIdToken;
|
|
next();
|
|
} catch (error) {
|
|
logger.log("api-unauthorized-call", "WARN", null, null, {
|
|
path: req.path,
|
|
body: req.body,
|
|
|
|
type: "unauthroized",
|
|
...error
|
|
});
|
|
|
|
return res.status(401).send("Unauthorized");
|
|
}
|
|
};
|
|
|
|
module.exports = validateFirebaseIdTokenMiddleware;
|