async function isAuthenticated()

in api/v1/src/lib/auth.js [68:109]

• 33 lines of code
• 8 McCabe index (conditional complexity)

async function isAuthenticated(req, res, next) {
    console.debug(`Request path isAuthenticated: ${req.path}`);

    if (isExcludedPath(req.path) === true) {
        return next();
    }

    let authorization;
    // 'X-Forwarded-Authorization' takes precedence over 'Authorization'
    for (let name of ['X-Forwarded-Authorization', 'Authorization']) {
        if (req.header(name) !== undefined) {
            authorization = req.header(name);
            break;
        }
    }

    if (!authorization) {
        return res.status(401).send({ message: 'Unauthorized' });
    }

    if (!authorization.startsWith('Bearer')) {
        return res.status(401).send({ message: 'Unauthorized' });
    }

    const split = authorization.split('Bearer ')
    if (split.length !== 2) {
        return res.status(401).send({ message: 'Unauthorized' });
    }

    const token = split[1];

    try {
        const decodedToken = await fbAdmin.auth().tenantManager().authForTenant(config.tenantId).verifyIdToken(token);
        // console.debug("decodedToken", JSON.stringify(decodedToken))
        res.locals = { ...res.locals, uid: decodedToken.uid, role: decodedToken.role, email: decodedToken.email }
        return next();
    }
    catch (err) {
        console.error(`${err.code} -  ${err.message}`);
        return res.status(401).send({ message: 'Unauthorized' });
    }
}