2022-05-17 04:43:40 +00:00
|
|
|
import * as admin from 'firebase-admin'
|
2022-07-24 07:26:38 +00:00
|
|
|
import { Request, RequestHandler, Response } from 'express'
|
|
|
|
import { error } from 'firebase-functions/logger'
|
|
|
|
import { HttpsOptions } from 'firebase-functions/v2/https'
|
2022-06-17 03:57:03 +00:00
|
|
|
import { log } from './utils'
|
2022-05-26 21:37:51 +00:00
|
|
|
import { z } from 'zod'
|
2022-07-10 22:03:15 +00:00
|
|
|
import { APIError } from '../../common/api'
|
2022-06-11 00:51:55 +00:00
|
|
|
import { PrivateUser } from '../../common/user'
|
2022-05-21 02:34:26 +00:00
|
|
|
import {
|
|
|
|
CORS_ORIGIN_MANIFOLD,
|
|
|
|
CORS_ORIGIN_LOCALHOST,
|
2022-07-10 18:05:44 +00:00
|
|
|
CORS_ORIGIN_VERCEL,
|
2022-05-21 02:34:26 +00:00
|
|
|
} from '../../common/envs/constants'
|
2022-07-10 22:03:15 +00:00
|
|
|
export { APIError } from '../../common/api'
|
2022-05-17 04:43:40 +00:00
|
|
|
|
2022-05-26 21:37:51 +00:00
|
|
|
type Output = Record<string, unknown>
|
2022-09-27 22:30:07 +00:00
|
|
|
export type AuthedUser = {
|
2022-06-11 00:51:55 +00:00
|
|
|
uid: string
|
|
|
|
creds: JwtCredentials | (KeyCredentials & { privateUser: PrivateUser })
|
|
|
|
}
|
2022-05-26 21:37:51 +00:00
|
|
|
type Handler = (req: Request, user: AuthedUser) => Promise<Output>
|
2022-05-17 04:43:40 +00:00
|
|
|
type JwtCredentials = { kind: 'jwt'; data: admin.auth.DecodedIdToken }
|
|
|
|
type KeyCredentials = { kind: 'key'; data: string }
|
|
|
|
type Credentials = JwtCredentials | KeyCredentials
|
|
|
|
|
|
|
|
export const parseCredentials = async (req: Request): Promise<Credentials> => {
|
2022-08-20 20:32:12 +00:00
|
|
|
const auth = admin.auth()
|
2022-05-17 04:43:40 +00:00
|
|
|
const authHeader = req.get('Authorization')
|
|
|
|
if (!authHeader) {
|
|
|
|
throw new APIError(403, 'Missing Authorization header.')
|
|
|
|
}
|
|
|
|
const authParts = authHeader.split(' ')
|
|
|
|
if (authParts.length !== 2) {
|
|
|
|
throw new APIError(403, 'Invalid Authorization header.')
|
|
|
|
}
|
|
|
|
|
|
|
|
const [scheme, payload] = authParts
|
|
|
|
switch (scheme) {
|
|
|
|
case 'Bearer':
|
|
|
|
try {
|
2022-06-17 03:57:03 +00:00
|
|
|
return { kind: 'jwt', data: await auth.verifyIdToken(payload) }
|
2022-05-17 04:43:40 +00:00
|
|
|
} catch (err) {
|
|
|
|
// This is somewhat suspicious, so get it into the firebase console
|
2022-07-24 07:26:38 +00:00
|
|
|
error('Error verifying Firebase JWT: ', err)
|
2022-05-26 21:37:51 +00:00
|
|
|
throw new APIError(403, 'Error validating token.')
|
2022-05-17 04:43:40 +00:00
|
|
|
}
|
|
|
|
case 'Key':
|
|
|
|
return { kind: 'key', data: payload }
|
|
|
|
default:
|
|
|
|
throw new APIError(403, 'Invalid auth scheme; must be "Key" or "Bearer".')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
export const lookupUser = async (creds: Credentials): Promise<AuthedUser> => {
|
2022-08-20 20:32:12 +00:00
|
|
|
const firestore = admin.firestore()
|
|
|
|
const privateUsers = firestore.collection('private-users')
|
2022-05-17 04:43:40 +00:00
|
|
|
switch (creds.kind) {
|
|
|
|
case 'jwt': {
|
2022-06-11 00:51:55 +00:00
|
|
|
if (typeof creds.data.user_id !== 'string') {
|
2022-05-26 21:37:51 +00:00
|
|
|
throw new APIError(403, 'JWT must contain Manifold user ID.')
|
|
|
|
}
|
2022-06-11 00:51:55 +00:00
|
|
|
return { uid: creds.data.user_id, creds }
|
2022-05-17 04:43:40 +00:00
|
|
|
}
|
|
|
|
case 'key': {
|
|
|
|
const key = creds.data
|
|
|
|
const privateUserQ = await privateUsers.where('apiKey', '==', key).get()
|
|
|
|
if (privateUserQ.empty) {
|
|
|
|
throw new APIError(403, `No private user exists with API key ${key}.`)
|
|
|
|
}
|
2022-08-20 20:32:12 +00:00
|
|
|
const privateUser = privateUserQ.docs[0].data() as PrivateUser
|
2022-06-11 00:51:55 +00:00
|
|
|
return { uid: privateUser.id, creds: { privateUser, ...creds } }
|
2022-05-17 04:43:40 +00:00
|
|
|
}
|
|
|
|
default:
|
|
|
|
throw new APIError(500, 'Invalid credential type.')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-06 03:49:29 +00:00
|
|
|
export const writeResponseError = (e: unknown, res: Response) => {
|
|
|
|
if (e instanceof APIError) {
|
|
|
|
const output: { [k: string]: unknown } = { message: e.message }
|
|
|
|
if (e.details != null) {
|
|
|
|
output.details = e.details
|
|
|
|
}
|
|
|
|
res.status(e.code).json(output)
|
|
|
|
} else {
|
|
|
|
error(e)
|
|
|
|
res.status(500).json({ message: 'An unknown error occurred.' })
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-05-26 21:37:51 +00:00
|
|
|
export const zTimestamp = () => {
|
|
|
|
return z.preprocess((arg) => {
|
|
|
|
return typeof arg == 'number' ? new Date(arg) : undefined
|
|
|
|
}, z.date())
|
|
|
|
}
|
|
|
|
|
2022-07-24 07:26:38 +00:00
|
|
|
export type EndpointDefinition = {
|
|
|
|
opts: EndpointOptions & { method: string }
|
|
|
|
handler: RequestHandler
|
|
|
|
}
|
|
|
|
|
2022-05-26 21:37:51 +00:00
|
|
|
export const validate = <T extends z.ZodTypeAny>(schema: T, val: unknown) => {
|
|
|
|
const result = schema.safeParse(val)
|
|
|
|
if (!result.success) {
|
|
|
|
const issues = result.error.issues.map((i) => {
|
2022-06-22 16:35:50 +00:00
|
|
|
// TODO: export this type for the front-end to parse
|
2022-05-26 21:37:51 +00:00
|
|
|
return {
|
|
|
|
field: i.path.join('.') || null,
|
|
|
|
error: i.message,
|
|
|
|
}
|
|
|
|
})
|
|
|
|
throw new APIError(400, 'Error validating request.', issues)
|
|
|
|
} else {
|
|
|
|
return result.data as z.infer<T>
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-07-24 07:26:38 +00:00
|
|
|
export interface EndpointOptions extends HttpsOptions {
|
|
|
|
method?: string
|
2022-06-29 23:47:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
const DEFAULT_OPTS = {
|
2022-07-24 07:26:38 +00:00
|
|
|
method: 'POST',
|
2022-06-17 03:57:03 +00:00
|
|
|
minInstances: 1,
|
2022-06-24 07:18:08 +00:00
|
|
|
concurrency: 100,
|
|
|
|
memory: '2GiB',
|
|
|
|
cpu: 1,
|
2022-07-10 18:05:44 +00:00
|
|
|
cors: [CORS_ORIGIN_MANIFOLD, CORS_ORIGIN_VERCEL, CORS_ORIGIN_LOCALHOST],
|
2022-06-17 03:57:03 +00:00
|
|
|
}
|
|
|
|
|
2022-06-29 23:47:06 +00:00
|
|
|
export const newEndpoint = (endpointOpts: EndpointOptions, fn: Handler) => {
|
2022-07-24 07:26:38 +00:00
|
|
|
const opts = Object.assign({}, DEFAULT_OPTS, endpointOpts)
|
|
|
|
return {
|
|
|
|
opts,
|
|
|
|
handler: async (req: Request, res: Response) => {
|
|
|
|
log(`${req.method} ${req.url} ${JSON.stringify(req.body)}`)
|
|
|
|
try {
|
|
|
|
if (opts.method !== req.method) {
|
|
|
|
throw new APIError(405, `This endpoint supports only ${opts.method}.`)
|
|
|
|
}
|
|
|
|
const authedUser = await lookupUser(await parseCredentials(req))
|
|
|
|
res.status(200).json(await fn(req, authedUser))
|
|
|
|
} catch (e) {
|
2022-08-06 03:49:29 +00:00
|
|
|
writeResponseError(e, res)
|
2022-05-17 04:43:40 +00:00
|
|
|
}
|
2022-07-24 07:26:38 +00:00
|
|
|
},
|
|
|
|
} as EndpointDefinition
|
2022-06-29 23:47:06 +00:00
|
|
|
}
|