From 892279318863d89c836b731483f12b2b0271967c Mon Sep 17 00:00:00 2001 From: Ra Date: Tue, 2 Sep 2025 15:55:26 -0700 Subject: [PATCH] ok --- functions/index.js | 86 +++++++++++++++++++++++++++------------------- src/constants.ts | 4 +-- 2 files changed, 52 insertions(+), 38 deletions(-) diff --git a/functions/index.js b/functions/index.js index 79322ac..8938611 100644 --- a/functions/index.js +++ b/functions/index.js @@ -1,11 +1,10 @@ const { onRequest } = require("firebase-functions/v2/https"); -const { setGlobalOptions } = require("firebase-functions/v2"); +const { setGlobalOptions, logger } = require("firebase-functions/v2"); const admin = require("firebase-admin"); const { VertexAI } = require('@google-cloud/vertexai'); const Stripe = require("stripe"); // Set global options for all functions to use us-central1 region -setGlobalOptions({ cors: true }); const serviceAccount = require("./auditly-consulting-firebase-adminsdk-fbsvc-e4b51ef5cf.json"); // const serviceAccount = require("./auditly-c0027-firebase-adminsdk-fbsvc-1db7c58141.json") @@ -433,8 +432,17 @@ const RESPONSE_FORMAT_COMPANY = { //endregion Constants //region Helper Functions -const validateAuthAndGetContext = async (req) => { +const validateAuthAndGetContext = async (req, res) => { const authHeader = req.headers.authorization; + + if (req.method == "OPTIONS") { + res.headers['Access-Control-Allow-Origin'] = '*'; + res.headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'; + res.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type'; + res.status(204).send(''); + return false; + } + if (!authHeader || !authHeader.startsWith('Bearer ')) { throw new Error('Missing or invalid authorization header'); } @@ -630,7 +638,7 @@ const verifyUserAuthorization = async (userId, orgId) => { //endregion Helper Functions //region Send OTP -exports.sendOTP = onRequest(async (req, res) => { +exports.sendOTP = onRequest({cors: true}, async (req, res) => { if (req.method !== "POST") { return res.status(405).json({ error: "Method not allowed" }); } @@ -672,7 +680,7 @@ exports.sendOTP = onRequest(async (req, res) => { //endregion Send OTP //region Verify OTP -exports.verifyOTP = onRequest(async (req, res) => { +exports.verifyOTP = onRequest({cors: true}, async (req, res) => { if (req.method !== "POST") { return res.status(405).json({ error: "Method not allowed" }); } @@ -811,7 +819,7 @@ exports.verifyOTP = onRequest(async (req, res) => { //endregion Verify OTP //region Create Invitation -exports.createInvitation = onRequest(async (req, res) => { +exports.createInvitation = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); @@ -824,7 +832,7 @@ exports.createInvitation = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const { name, email, role = "employee", department } = req.body; if (!email || !name) { @@ -932,7 +940,7 @@ exports.createInvitation = onRequest(async (req, res) => { //endregion Create Invitation //region Get Invitation Status -exports.getInvitationStatus = onRequest(async (req, res) => { +exports.getInvitationStatus = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -988,7 +996,7 @@ exports.getInvitationStatus = onRequest(async (req, res) => { //endregion Get Invitation Status //region Consume Invitation -exports.consumeInvitation = onRequest(async (req, res) => { +exports.consumeInvitation = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -1082,7 +1090,7 @@ exports.consumeInvitation = onRequest(async (req, res) => { //endregion Consume Invitation //region Submit Employee Answers -exports.submitEmployeeAnswers = onRequest(async (req, res) => { +exports.submitEmployeeAnswers = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); @@ -1174,7 +1182,7 @@ exports.submitEmployeeAnswers = onRequest(async (req, res) => { } } else { // Authenticated submission - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); if (!employeeId || !answers) { return res.status(400).json({ error: "Employee ID and answers are required for authenticated submissions" }); @@ -1369,7 +1377,7 @@ Be thorough, professional, and focus on actionable insights. //endregion Submit Employee Answers //region Generate Employee Report -exports.generateEmployeeReport = onRequest(async (req, res) => { +exports.generateEmployeeReport = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); @@ -1489,7 +1497,7 @@ Be thorough, professional, and focus on actionable insights. //endregion Generate Employee Report //region Generate Company Report -exports.generateCompanyReport = onRequest(async (req, res) => { +exports.generateCompanyReport = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -1499,7 +1507,7 @@ exports.generateCompanyReport = onRequest(async (req, res) => { return res.status(405).json({ error: "Method not allowed" }); } - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const orgId = authContext.orgId; if (!orgId) { @@ -1624,7 +1632,7 @@ Be thorough, professional, and focus on actionable insights.`; //endregion Generate Company Report //region Chat -exports.chat = onRequest(async (req, res) => { +exports.chat = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); @@ -1716,7 +1724,7 @@ Instructions: //endregion Chat //region Create Organization -exports.createOrganization = onRequest(async (req, res) => { +exports.createOrganization = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -1728,7 +1736,7 @@ exports.createOrganization = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const { name } = req.body; if (!name) { @@ -1832,6 +1840,13 @@ exports.createOrganization = onRequest(async (req, res) => { //region Get Organizations exports.getUserOrganizations = onRequest(async (req, res) => { + let authContext; + try { + authContext = await validateAuthAndGetContext(req, res); + } catch (error) { + logger.debug("Auth validation failed:", error); + return; + } if (req.method === 'OPTIONS') { res.status(204).send(''); @@ -1844,7 +1859,6 @@ exports.getUserOrganizations = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); // Get user's organizations const userOrgsSnapshot = await db @@ -1877,7 +1891,7 @@ exports.getUserOrganizations = onRequest(async (req, res) => { //endregion Get Organizations //region Join Organization -exports.joinOrganization = onRequest(async (req, res) => { +exports.joinOrganization = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -1889,7 +1903,7 @@ exports.joinOrganization = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const { inviteCode } = req.body; if (!inviteCode) { @@ -2005,7 +2019,7 @@ exports.joinOrganization = onRequest(async (req, res) => { // try { // // Validate auth token and get user context -// const authContext = await validateAuthAndGetContext(req); +// const authContext = await validateAuthAndGetContext(req, res); // const { userEmail, priceId } = req.body; // if (!userEmail) { @@ -2154,7 +2168,7 @@ exports.joinOrganization = onRequest(async (req, res) => { // try { // // Validate auth token and get user context -// const authContext = await validateAuthAndGetContext(req); +// const authContext = await validateAuthAndGetContext(req, res); // const orgId = authContext.orgId; // if (!orgId) { @@ -2247,7 +2261,7 @@ exports.joinOrganization = onRequest(async (req, res) => { //endregion Save Company Report //region Get Org Data -exports.getOrgData = onRequest(async (req, res) => { +exports.getOrgData = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -2259,7 +2273,7 @@ exports.getOrgData = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const orgId = authContext.orgId; if (!orgId) { @@ -2290,7 +2304,7 @@ exports.getOrgData = onRequest(async (req, res) => { //endregion Get Org Data //region Update Organization Data -exports.updateOrgData = onRequest(async (req, res) => { +exports.updateOrgData = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -2302,7 +2316,7 @@ exports.updateOrgData = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const { data } = req.body; if (!data) { @@ -2337,7 +2351,7 @@ exports.updateOrgData = onRequest(async (req, res) => { //endregion Update Organization Data //region Get Employees -exports.getEmployees = onRequest(async (req, res) => { +exports.getEmployees = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -2349,7 +2363,7 @@ exports.getEmployees = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const orgId = authContext.orgId; if (!orgId) { @@ -2384,7 +2398,7 @@ exports.getEmployees = onRequest(async (req, res) => { //endregion Get Employees //region Get Submissions -exports.getSubmissions = onRequest(async (req, res) => { +exports.getSubmissions = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -2396,7 +2410,7 @@ exports.getSubmissions = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const orgId = authContext.orgId; if (!orgId) { @@ -2427,7 +2441,7 @@ exports.getSubmissions = onRequest(async (req, res) => { //endregion Get Submissions //region Get Reports -exports.getReports = onRequest(async (req, res) => { +exports.getReports = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -2439,7 +2453,7 @@ exports.getReports = onRequest(async (req, res) => { try { // Validate auth token and get user context - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const orgId = authContext.orgId; if (!orgId) { @@ -2523,7 +2537,7 @@ exports.getReports = onRequest(async (req, res) => { //endregion Create/Update Employee //region Save Report -exports.saveReport = onRequest(async (req, res) => { +exports.saveReport = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -2574,7 +2588,7 @@ exports.saveReport = onRequest(async (req, res) => { //endregion Save Report //region Get Company Reports -exports.getCompanyReports = onRequest(async (req, res) => { +exports.getCompanyReports = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; @@ -2585,7 +2599,7 @@ exports.getCompanyReports = onRequest(async (req, res) => { } try { - const authContext = await validateAuthAndGetContext(req); + const authContext = await validateAuthAndGetContext(req, res); const orgId = authContext.orgId; if (!orgId) { @@ -2617,7 +2631,7 @@ exports.getCompanyReports = onRequest(async (req, res) => { //endregion Get Company Reports //region Upload Image -exports.uploadImage = onRequest(async (req, res) => { +exports.uploadImage = onRequest({cors: true}, async (req, res) => { if (req.method === 'OPTIONS') { res.status(204).send(''); return; diff --git a/src/constants.ts b/src/constants.ts index 27972c0..ca458c9 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -16,8 +16,8 @@ const isLocalhost = typeof window !== 'undefined' && // ? 'http://127.0.0.1:5002/auditly-consulting/us-central1' // Firebase Functions Emulator // : 'https://us-central1-auditly-consulting.cloudfunctions.net'; // Production Firebase Functions -// export const API_URL = 'https://us-central1-auditly-c0027.cloudfunctions.net'; -export const API_URL = 'https://us-central1-auditly-consulting.cloudfunctions.net'; +export const API_URL = 'https://us-central1-auditly-c0027.cloudfunctions.net'; +// export const API_URL = 'https://us-central1-auditly-consulting.cloudfunctions.net'; // export const API_URL = 'http://127.0.0.1:5002/auditly-consulting/us-central1'; // Log URL configuration in development