moving leaderboards to token auth. all cloud functions should move to this as soon as possible

2025-02-05 05:17:51 +08:00 · 2021-06-01 18:50:30 +01:00 · 2021-06-01 18:50:30 +01:00 · 15fc5bd3be
commit 15fc5bd3be
parent 22eb83860f
2 changed files with 62 additions and 17 deletions
--- a/functions/index.js
+++ b/functions/index.js
@ -2454,6 +2454,44 @@ exports.checkLeaderboards = functions.https.onRequest(
    }
    request = request.body.data;

+    if (request.token === undefined) {
+      response.status(200).send({
+        data: {
+          status: -999,
+          message: "No token",
+        },
+      });
+      return;
+    }
+    let tokenDecoded;
+    try {
+      tokenDecoded = await admin.auth().verifyIdToken(request.token);
+    } catch (e) {
+      response.status(200).send({
+        data: {
+          status: -999,
+          message: "Bad token",
+        },
+      });
+      return;
+    }
+    request.emailVerified = tokenDecoded.email_verified;
+    request.uid = tokenDecoded.uid;
+
+    // name:
+    // banned:
+    // verified:
+    // discordId
+
+    let userData = await db.collection("users").doc(request.uid).get();
+    userData = userData.data();
+
+    request.name = userData.name;
+    request.banned = userData.banned;
+    request.verified = userData.verified;
+    request.discordId = userData.discordId;
+    request.lbMemory = userData.lbMemory;
+
    function verifyValue(val) {
      let errCount = 0;
      if (val === null || val === undefined) {
@ -2488,15 +2526,8 @@ exports.checkLeaderboards = functions.https.onRequest(
      return;
    }

-    let emailVerified = await admin
-      .auth()
-      .getUser(request.uid)
-      .then((user) => {
-        return user.emailVerified;
-      });
-
    try {
-      if (emailVerified === false) {
+      if (request.emailVerified === false) {
        response.status(200).send({
          data: {
            needsToVerifyEmail: true,
--- a/src/js/test/test-leaderboards.js
+++ b/src/js/test/test-leaderboards.js
@ -130,7 +130,7 @@ export function show(data, mode2) {
  $("#result .stats .leaderboards .bottom").html(string);
 }

-export function check(completedEvent) {
+export async function check(completedEvent) {
  try {
    if (
      completedEvent.funbox === "none" &&
@ -161,18 +161,32 @@ export function check(completedEvent) {
      delete lbRes.keyDuration;
      delete lbRes.chartData;
      CloudFunctions.checkLeaderboards({
-        uid: completedEvent.uid,
-        lbMemory: DB.getSnapshot().lbMemory,
+        // uid: completedEvent.uid,
+        token: await firebase.auth().currentUser.getIdToken(),
+        // lbMemory: DB.getSnapshot().lbMemory,
        // emailVerified: DB.getSnapshot().emailVerified,
-        name: DB.getSnapshot().name,
-        banned: DB.getSnapshot().banned,
-        verified: DB.getSnapshot().verified,
-        discordId: DB.getSnapshot().discordId,
+        // name: DB.getSnapshot().name,
+        // banned: DB.getSnapshot().banned,
+        // verified: DB.getSnapshot().verified,
+        // discordId: DB.getSnapshot().discordId,
        result: lbRes,
      })
        .then((data) => {
-          Misc.clearTimeouts(textTimeouts);
-          show(data.data, completedEvent.mode2);
+          if (data.data.status === -999) {
+            if (data.data.message === "Bad token") {
+              $("#result .stats .leaderboards").addClass("hidden");
+              Notifications.add(
+                "Bad token. This could mean your client is out of date and is sending data in the old format. Please refresh and clear your cache.",
+                -1
+              );
+            } else {
+              $("#result .stats .leaderboards").addClass("hidden");
+              Notifications.add(data.data.message, -1);
+            }
+          } else {
+            Misc.clearTimeouts(textTimeouts);
+            show(data.data, completedEvent.mode2);
+          }
        })
        .catch((e) => {
          $("#result .stats .leaderboards").addClass("hidden");