Add verifyGitHubUserFetchSSHKeys

Author: gaetanlhf

functions/index.js

@@ -1,3 +1,6 @@
+const {
+  verifyToken,
+} = require("./src/verifyToken");
 const admin = require("firebase-admin");
 const {
   onRequest,
@@ -7,6 +10,7 @@ admin.initializeApp();
 
 const handleGitHubStarsWebhookFunction = require("./src/handleGitHubStarsWebhook.js");
 const handleGitHubSponsorsWebhookFunction = require("./src/handleGitHubSponsorsWebhook.js");
+const verifyGitHubUserAndFetchSSHKeysFunction = require("./src/verifyGitHubUserAndFetchSSHKeys.js");
 
 exports.handleGitHubStarsWebhook = onRequest({
   region: "europe-west9",
@@ -19,3 +23,10 @@ exports.handleGitHubSponsorsWebhook = onRequest({
 }, async (req, res) => {
   handleGitHubSponsorsWebhookFunction.handleGitHubSponsorsWebhook(req, res);
 });
+
+exports.verifyGitHubUserAndFetchSSHKeysFunction = onRequest({
+  region: "europe-west9",
+}, verifyToken(async (req, res) => {
+  verifyGitHubUserAndFetchSSHKeysFunction.verifyGitHubUserAndFetchSSHKeys(req, res);
+}));
+

functions/src/checkIfSponsor.js

@@ -0,0 +1,14 @@
+const admin = require("firebase-admin");
+
+/**
+ * @param {string} username
+ */
+async function checkIfSponsor(username) {
+  const sponsorsRef = admin.firestore().collection("sponsors").doc(username);
+  const sponsorDoc = await sponsorsRef.get();
+  return sponsorDoc.exists;
+}
+
+module.exports = {
+  checkIfSponsor,
+};

functions/src/checkIfStarred.js

@@ -0,0 +1,14 @@
+const admin = require("firebase-admin");
+
+/**
+ * @param {string} username
+ */
+async function checkIfStarred(username) {
+  const starsRef = admin.firestore().collectionGroup("users").where(admin.firestore.FieldPath.documentId(), "==", username);
+  const starsQuerySnapshot = await starsRef.get();
+  return !starsQuerySnapshot.empty;
+}
+
+module.exports = {
+  checkIfStarred,
+};

functions/src/fetchGitHubSSHKeys.js

@@ -0,0 +1,35 @@
+const admin = require("firebase-admin");
+const axios = require("axios");
+const logger = require("firebase-functions/logger");
+
+/**
+ * @param {string} username
+ */
+async function fetchGitHubSSHKeys(username) {
+  const cacheKey = `github_ssh_keys_${username}`;
+  const cacheDocRef = admin.firestore().collection("cache").doc(cacheKey);
+
+  try {
+    const response = await axios.get(`https://github.com/${username}.keys`);
+    const sshKeys = response.data.split("\n").filter(Boolean);
+
+    await cacheDocRef.set({
+      sshKeys: sshKeys,
+    });
+
+    return sshKeys;
+  } catch (error) {
+    logger.error(`Error fetching GitHub SSH keys for ${username}: ${error.message}`);
+    const cachedData = await cacheDocRef.get();
+
+    if (cachedData.exists) {
+      return cachedData.data().sshKeys;
+    } else {
+      throw error;
+    }
+  }
+}
+
+module.exports = {
+  fetchGitHubSSHKeys,
+};

functions/src/verifyGitHubUserAndFetchSSHKeys.js

@@ -0,0 +1,34 @@
+const {
+  checkIfStarred,
+} = require("./checkIfStarred");
+const {
+  checkIfSponsor,
+} = require("./checkIfSponsor");
+const {
+  fetchGitHubSSHKeys,
+} = require("./fetchGitHubSSHKeys");
+const logger = require("firebase-functions/logger");
+
+exports.verifyGitHubUserFetchSSHKeys = async (req, res) => {
+  const username = req.query.username;
+
+  try {
+    const isSponsor = await checkIfSponsor(username);
+    const hasStarred = await checkIfStarred(username);
+
+    if (!isSponsor && !hasStarred) {
+      return res.status(404).send("GitHub user not found as sponsor or stargazer in our records");
+    }
+
+    const sshKeys = await fetchGitHubSSHKeys(username);
+
+    res.status(200).json({
+      sshKeys,
+      sponsor: isSponsor,
+    });
+  } catch (error) {
+    logger.error("Error processing request:", error);
+    res.status(500).send("Internal server error");
+  }
+};
+

functions/src/verifyToken.js

@@ -0,0 +1,26 @@
+const logger = require("firebase-functions/logger");
+
+/**
+ * Verifies the token.
+ *
+ * @param {Function} handler - The handler function to be executed if the token is valid.
+ * @return {Function} - Returns a function that takes a request and a response object, verifies the token, and executes the handler if the token is valid.
+ */
+function verifyToken(handler) {
+  return async (req, res) => {
+    const token = req.headers.authorization;
+
+    if (!token || token !== process.env.ACCESS_TOKEN) {
+      logger.error("Unauthorized - Invalid token");
+      return res.status(200).json({
+        error: "Unauthorized - Invalid token",
+      });
+    }
+
+    await handler(req, res);
+  };
+}
+
+module.exports = {
+  verifyToken,
+};