ra/auditly
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ok

Browse Source
This commit is contained in:
Ra
2025-09-02 15:55:26 -07:00
parent 27dab3ca9a
commit 8922793188
2 changed files with 52 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
functions/index.js
View File

@@ -1,11 +1,10 @@
const { onRequest } = require("firebase-functions/v2/https");
const { setGlobalOptions } = require("firebase-functions/v2");
const { setGlobalOptions, logger } = require("firebase-functions/v2");
const admin = require("firebase-admin");
const { VertexAI } = require('@google-cloud/vertexai');
const Stripe = require("stripe");
// Set global options for all functions to use us-central1 region
setGlobalOptions({ cors: true });
const serviceAccount = require("./auditly-consulting-firebase-adminsdk-fbsvc-e4b51ef5cf.json");
// const serviceAccount = require("./auditly-c0027-firebase-adminsdk-fbsvc-1db7c58141.json")
@@ -433,8 +432,17 @@ const RESPONSE_FORMAT_COMPANY = {
//endregion Constants
//region Helper Functions
const validateAuthAndGetContext = async (req) => {
const validateAuthAndGetContext = async (req, res) => {
const authHeader = req.headers.authorization;
if (req.method == "OPTIONS") {
res.headers['Access-Control-Allow-Origin'] = '*';
res.headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS';
res.headers['Access-Control-Allow-Headers'] = 'Authorization, Content-Type';
res.status(204).send('');
return false;
}
if (!authHeader || !authHeader.startsWith('Bearer ')) {
throw new Error('Missing or invalid authorization header');
}
@@ -630,7 +638,7 @@ const verifyUserAuthorization = async (userId, orgId) => {
//endregion Helper Functions
//region Send OTP
exports.sendOTP = onRequest(async (req, res) => {
exports.sendOTP = onRequest({cors: true}, async (req, res) => {
if (req.method !== "POST") {
return res.status(405).json({ error: "Method not allowed" });
}
@@ -672,7 +680,7 @@ exports.sendOTP = onRequest(async (req, res) => {
//endregion Send OTP
//region Verify OTP
exports.verifyOTP = onRequest(async (req, res) => {
exports.verifyOTP = onRequest({cors: true}, async (req, res) => {
if (req.method !== "POST") {
return res.status(405).json({ error: "Method not allowed" });
}
@@ -811,7 +819,7 @@ exports.verifyOTP = onRequest(async (req, res) => {
//endregion Verify OTP
//region Create Invitation
exports.createInvitation = onRequest(async (req, res) => {
exports.createInvitation = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
@@ -824,7 +832,7 @@ exports.createInvitation = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const { name, email, role = "employee", department } = req.body;
if (!email || !name) {
@@ -932,7 +940,7 @@ exports.createInvitation = onRequest(async (req, res) => {
//endregion Create Invitation
//region Get Invitation Status
exports.getInvitationStatus = onRequest(async (req, res) => {
exports.getInvitationStatus = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -988,7 +996,7 @@ exports.getInvitationStatus = onRequest(async (req, res) => {
//endregion Get Invitation Status
//region Consume Invitation
exports.consumeInvitation = onRequest(async (req, res) => {
exports.consumeInvitation = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -1082,7 +1090,7 @@ exports.consumeInvitation = onRequest(async (req, res) => {
//endregion Consume Invitation
//region Submit Employee Answers
exports.submitEmployeeAnswers = onRequest(async (req, res) => {
exports.submitEmployeeAnswers = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
@@ -1174,7 +1182,7 @@ exports.submitEmployeeAnswers = onRequest(async (req, res) => {
}
} else {
// Authenticated submission
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
if (!employeeId || !answers) {
return res.status(400).json({ error: "Employee ID and answers are required for authenticated submissions" });
@@ -1369,7 +1377,7 @@ Be thorough, professional, and focus on actionable insights.
//endregion Submit Employee Answers
//region Generate Employee Report
exports.generateEmployeeReport = onRequest(async (req, res) => {
exports.generateEmployeeReport = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
@@ -1489,7 +1497,7 @@ Be thorough, professional, and focus on actionable insights.
//endregion Generate Employee Report
//region Generate Company Report
exports.generateCompanyReport = onRequest(async (req, res) => {
exports.generateCompanyReport = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -1499,7 +1507,7 @@ exports.generateCompanyReport = onRequest(async (req, res) => {
return res.status(405).json({ error: "Method not allowed" });
}
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const orgId = authContext.orgId;
if (!orgId) {
@@ -1624,7 +1632,7 @@ Be thorough, professional, and focus on actionable insights.`;
//endregion Generate Company Report
//region Chat
exports.chat = onRequest(async (req, res) => {
exports.chat = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
@@ -1716,7 +1724,7 @@ Instructions:
//endregion Chat
//region Create Organization
exports.createOrganization = onRequest(async (req, res) => {
exports.createOrganization = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -1728,7 +1736,7 @@ exports.createOrganization = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const { name } = req.body;
if (!name) {
@@ -1832,6 +1840,13 @@ exports.createOrganization = onRequest(async (req, res) => {
//region Get Organizations
exports.getUserOrganizations = onRequest(async (req, res) => {
let authContext;
try {
authContext = await validateAuthAndGetContext(req, res);
} catch (error) {
logger.debug("Auth validation failed:", error);
return;
}
if (req.method === 'OPTIONS') {
res.status(204).send('');
@@ -1844,7 +1859,6 @@ exports.getUserOrganizations = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
// Get user's organizations
const userOrgsSnapshot = await db
@@ -1877,7 +1891,7 @@ exports.getUserOrganizations = onRequest(async (req, res) => {
//endregion Get Organizations
//region Join Organization
exports.joinOrganization = onRequest(async (req, res) => {
exports.joinOrganization = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -1889,7 +1903,7 @@ exports.joinOrganization = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const { inviteCode } = req.body;
if (!inviteCode) {
@@ -2005,7 +2019,7 @@ exports.joinOrganization = onRequest(async (req, res) => {
// try {
// // Validate auth token and get user context
// const authContext = await validateAuthAndGetContext(req);
// const authContext = await validateAuthAndGetContext(req, res);
// const { userEmail, priceId } = req.body;
// if (!userEmail) {
@@ -2154,7 +2168,7 @@ exports.joinOrganization = onRequest(async (req, res) => {
// try {
// // Validate auth token and get user context
// const authContext = await validateAuthAndGetContext(req);
// const authContext = await validateAuthAndGetContext(req, res);
// const orgId = authContext.orgId;
// if (!orgId) {
@@ -2247,7 +2261,7 @@ exports.joinOrganization = onRequest(async (req, res) => {
//endregion Save Company Report
//region Get Org Data
exports.getOrgData = onRequest(async (req, res) => {
exports.getOrgData = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -2259,7 +2273,7 @@ exports.getOrgData = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const orgId = authContext.orgId;
if (!orgId) {
@@ -2290,7 +2304,7 @@ exports.getOrgData = onRequest(async (req, res) => {
//endregion Get Org Data
//region Update Organization Data
exports.updateOrgData = onRequest(async (req, res) => {
exports.updateOrgData = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -2302,7 +2316,7 @@ exports.updateOrgData = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const { data } = req.body;
if (!data) {
@@ -2337,7 +2351,7 @@ exports.updateOrgData = onRequest(async (req, res) => {
//endregion Update Organization Data
//region Get Employees
exports.getEmployees = onRequest(async (req, res) => {
exports.getEmployees = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -2349,7 +2363,7 @@ exports.getEmployees = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const orgId = authContext.orgId;
if (!orgId) {
@@ -2384,7 +2398,7 @@ exports.getEmployees = onRequest(async (req, res) => {
//endregion Get Employees
//region Get Submissions
exports.getSubmissions = onRequest(async (req, res) => {
exports.getSubmissions = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -2396,7 +2410,7 @@ exports.getSubmissions = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const orgId = authContext.orgId;
if (!orgId) {
@@ -2427,7 +2441,7 @@ exports.getSubmissions = onRequest(async (req, res) => {
//endregion Get Submissions
//region Get Reports
exports.getReports = onRequest(async (req, res) => {
exports.getReports = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -2439,7 +2453,7 @@ exports.getReports = onRequest(async (req, res) => {
try {
// Validate auth token and get user context
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const orgId = authContext.orgId;
if (!orgId) {
@@ -2523,7 +2537,7 @@ exports.getReports = onRequest(async (req, res) => {
//endregion Create/Update Employee
//region Save Report
exports.saveReport = onRequest(async (req, res) => {
exports.saveReport = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -2574,7 +2588,7 @@ exports.saveReport = onRequest(async (req, res) => {
//endregion Save Report
//region Get Company Reports
exports.getCompanyReports = onRequest(async (req, res) => {
exports.getCompanyReports = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;
@@ -2585,7 +2599,7 @@ exports.getCompanyReports = onRequest(async (req, res) => {
}
try {
const authContext = await validateAuthAndGetContext(req);
const authContext = await validateAuthAndGetContext(req, res);
const orgId = authContext.orgId;
if (!orgId) {
@@ -2617,7 +2631,7 @@ exports.getCompanyReports = onRequest(async (req, res) => {
//endregion Get Company Reports
//region Upload Image
exports.uploadImage = onRequest(async (req, res) => {
exports.uploadImage = onRequest({cors: true}, async (req, res) => {
if (req.method === 'OPTIONS') {
res.status(204).send('');
return;