bulltrackers-module 1.0.598 → 1.0.600

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/functions/api-v2/helpers/data-fetchers/firestore.js +1 -1
  2. package/functions/api-v2/middleware/identity_middleware.js +12 -5
  3. package/package.json +1 -1
package/functions/api-v2/helpers/data-fetchers/firestore.js CHANGED
@@ -541,7 +541,7 @@ const lookupCidByEmail = async (firestore, userEmail) => {
541
541
  const verificationRef = userDoc.ref.collection('verification').doc('data');
542
542
  const verificationDoc = await verificationRef.get();
543
543
 
544
- if (verificationDoc.exists()) {
544
+ if (verificationDoc.exists) {
545
545
  const verificationData = verificationDoc.data();
546
546
  const emails = Array.isArray(verificationData.email)
547
547
  ? verificationData.email
package/functions/api-v2/middleware/identity_middleware.js CHANGED
@@ -12,12 +12,14 @@
12
12
  const { isDeveloper } = require('../helpers/data-fetchers/firestore.js'); // Using your provided helper
13
13
 
14
14
  // List of public routes that don't require userCid
15
+ // Also includes routes that use Firebase Auth token authentication (like /verification/lookup)
15
16
  const PUBLIC_ROUTES = [
16
17
  '/watchlists/public',
17
18
  '/popular-investors/trending',
18
19
  '/popular-investors/categories',
19
20
  '/popular-investors/master-list',
20
- '/popular-investors/search'
21
+ '/popular-investors/search',
22
+ '/verification/lookup' // Uses Firebase Auth token instead of userCid
21
23
  ];
22
24
 
23
25
  const isPublicRoute = (path, originalUrl) => {
@@ -31,16 +33,21 @@ const resolveUserIdentity = async (req, res, next) => {
31
33
  // Check if this is a public route (check both path and originalUrl for Express routing)
32
34
  const isPublic = isPublicRoute(req.path, req.originalUrl);
33
35
 
36
+ // Check if route uses Firebase Auth token (has Authorization header with Bearer token)
37
+ // These routes authenticate via Firebase Auth token, not userCid
38
+ const hasFirebaseAuth = req.headers.authorization &&
39
+ req.headers.authorization.startsWith('Bearer ');
40
+
34
41
  // 1. Identify the actual authenticated user (from Auth middleware or params)
35
42
  const actualUserId = req.query.userCid || req.body.userCid || req.headers['x-user-cid'];
36
43
 
37
- // For public routes, userCid is optional
38
- if (!actualUserId && !isPublic) {
44
+ // For public routes or Firebase Auth routes, userCid is optional
45
+ if (!actualUserId && !isPublic && !hasFirebaseAuth) {
39
46
  return res.status(400).json({ error: "Missing user identification (userCid)" });
40
47
  }
41
48
 
42
- // If no user ID provided and it's a public route, skip identity resolution
43
- if (!actualUserId && isPublic) {
49
+ // If no user ID provided and it's a public route or uses Firebase Auth, skip identity resolution
50
+ if (!actualUserId && (isPublic || hasFirebaseAuth)) {
44
51
  req.actualUserId = null;
45
52
  req.targetUserId = null;
46
53
  req.isImpersonating = false;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "bulltrackers-module",
3
- "version": "1.0.598",
3
+ "version": "1.0.600",
4
4
  "description": "Helper Functions for Bulltrackers.",
5
5
  "main": "index.js",
6
6
  "files": [