in api/v1/src/lib/auth.js [116:164]
async function setCustomUserClaims(req, res, next) {
if (isExcludedPath(req.path) === true) {
return next();
}
const adminRole = 'admin';
const forceTokenRefreshHeader = 'x-gcp-needs-token-refresh';
const { role, email, uid } = res.locals;
let isProducer = false;
if (config.dataProducers) {
for (const p of config.dataProducers) {
if (p.toLowerCase() === email.toLowerCase()) {
isProducer = true;
break;
}
else if (p.includes('*') || p.includes('?')) {
if (commonUtil.wildTest(p.toLowerCase(), email.toLowerCase())) {
isProducer = true;
break;
}
}
}
}
if (isProducer === true) {
if (role !== adminRole) {
console.debug(`User ${uid} is an admin, updating claims to be admin`);
await fbAdmin.auth().tenantManager().authForTenant(config.tenantId).setCustomUserClaims(uid, { role: adminRole }).then(() => {
console.debug(`claims set for user ${uid}`);
}).catch(err => {
console.error(`${err.code} - ${err.message}`);
return res.status(401).send({ message: 'Unauthorized' });
});
res.set(forceTokenRefreshHeader, true);
}
res.locals.role = adminRole;
} else {
const consumerRole = 'consumer';
if (role === adminRole) {
console.debug(`User ${uid} is no longer an admin, updating claims to remove admin`);
await fbAdmin.auth().tenantManager().authForTenant(config.tenantId).setCustomUserClaims(uid, { role: consumerRole });
res.set(forceTokenRefreshHeader, true);
}
res.locals.role = consumerRole;
}
// console.debug(`User ${uid} claims are up-to-date`);
next();
}