UNPKG

tutorbook

Version:

Web app connecting students with expert mentors and tutors.

tutorbook.org

tutorbookapp/tutorbook

41 lines (37 loc) 1.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import { NextApiRequest, NextApiResponse } from 'next'; import { User, Org } from '@tutorbook/model'; import to from 'await-to-js'; import error from './error'; import { db, auth, DecodedIdToken, DocumentSnapshot } from './firebase'; export default async function verify( req: NextApiRequest, res: NextApiResponse, user: User, action: () => Promise<void> | void ): Promise<void> { if (typeof req.headers.authorization !== 'string') { error(res, 'You must provide a valid JWT authorization header.', 401); } else { const [err, token] = await to<DecodedIdToken>( auth.verifyIdToken(req.headers.authorization.replace('Bearer ', ''), true) ); if (err) { error(res, `Your JWT is invalid: ${err.message}`, 401, err); } else { const { uid } = token as DecodedIdToken; const orgs: Org[] = ( await db .collection('orgs') .where('members', 'array-contains', uid) .get() ).docs.map((org: DocumentSnapshot) => Org.fromFirestore(org)); if (user.id === uid) { await action(); } else if (orgs.every((org: Org) => user.orgs.indexOf(org.id) < 0)) { error(res, `${user.toString()} is not part of your orgs.`, 401); } else { await action(); } } } }