fix: wrong document property lead to error when checking github antisybil

0xjei · 0xjei · commit fbe22ea6d84b · 2023-05-31T11:07:43.000+02:00
diff --git a/packages/actions/src/helpers/security.ts b/packages/actions/src/helpers/security.ts
@@ -1,53 +1,45 @@
 import fetch from "@adobe/node-fetch-retry"
-
 /**
  * This function will return the number of public repos of a user
  * @param user <string> The username of the user
  * @returns <number> The number of public repos
  */
 const getNumberOfPublicReposGitHub = async (user: string): Promise<number> => {
-    const response = await fetch(`https://api.github.com/users/${user}/repos`, {
+    const response = await fetch(`https://api.github.com/user/${user}/repos`, {
         method: "GET",
         headers: {
             Authorization: `token ${process.env.GITHUB_ACCESS_TOKEN!}`
         }
     })
     if (response.status !== 200)
         throw new Error("It was not possible to retrieve the number of public repositories. Please try again.")
-
     const jsonData: any = await response.json()
-
     return jsonData.length
 }
-
 /**
  * This function will return the number of followers of a user
  * @param user <string> The username of the user
  * @returns <number> The number of followers
  */
 const getNumberOfFollowersGitHub = async (user: string): Promise<number> => {
-    const response = await fetch(`https://api.github.com/users/${user}/followers`, {
+    const response = await fetch(`https://api.github.com/user/${user}/followers`, {
         method: "GET",
         headers: {
             Authorization: `token ${process.env.GITHUB_ACCESS_TOKEN!}`
         }
     })
-
     if (response.status !== 200)
         throw new Error("It was not possible to retrieve the number of followers. Please try again.")
-
     const jsonData: any = await response.json()
-
     return jsonData.length
 }
-
 /**
  * This function will return the number of following of a user
  * @param user <string> The username of the user
  * @returns <number> The number of following users
  */
 const getNumberOfFollowingGitHub = async (user: string): Promise<number> => {
-    const response = await fetch(`https://api.github.com/users/${user}/following`, {
+    const response = await fetch(`https://api.github.com/user/${user}/following`, {
         method: "GET",
         headers: {
             Authorization: `token ${process.env.GITHUB_ACCESS_TOKEN!}`
diff --git a/packages/backend/src/functions/user.ts b/packages/backend/src/functions/user.ts
@@ -9,7 +9,6 @@ import { logAndThrowError, makeError, printLog, SPECIFIC_ERRORS } from "../lib/e
 import { LogLevel } from "../types/enums"
 
 dotenv.config()
-
 /**
  * Record the authenticated user information inside the Firestore DB upon authentication.
  * @dev the data is recorded in a new document in the `users` collection.
@@ -24,31 +23,24 @@ export const registerAuthUser = functions
     .onCreate(async (user: UserRecord) => {
         // Get DB.
         const firestore = admin.firestore()
-
         // Get user information.
         if (!user.uid) logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER)
-
         // The user object has basic properties such as display name, email, etc.
         const { displayName } = user
         const { email } = user
         const { photoURL } = user
         const { emailVerified } = user
-
         // Metadata.
         const { creationTime } = user.metadata
         const { lastSignInTime } = user.metadata
-
         // The user's ID, unique to the Firebase project. Do NOT use
         // this value to authenticate with your backend server, if
         // you have one. Use User.getToken() instead.
         const { uid } = user
-
         // Reference to a document using uid.
         const userRef = firestore.collection(commonTerms.collections.users.name).doc(uid)
-
         // html encode the display name
         const encodedDisplayName = encode(displayName)
-
         // we only do reputation check if the user is not a coordinator
         if (
             !(
@@ -60,18 +52,18 @@ export const registerAuthUser = functions
             // if provider == github.com let's use our functions to check the user's reputation
             if (user.providerData[0].providerId === "github.com") {
                 const vars = getGitHubVariables()
+
                 // this return true or false
                 try {
                     const res = await githubReputation(
-                        user.displayName!,
+                        user.providerData[0].uid,
                         vars.minimumFollowing,
                         vars.minimumFollowers,
                         vars.minimumPublicRepos
                     )
                     if (!res) {
                         // Delete user
                         await auth.deleteUser(user.uid)
-
                         // Throw error
                         logAndThrowError(
                             makeError(
@@ -89,13 +81,12 @@ export const registerAuthUser = functions
                         makeError(
                             "permission-denied",
                             "There was an error while checking the user's Github reputation.",
-                            `There was an error while checking the user's Github reputation. This is likely due to GitHub rate limiting. Please contact the administrator if you think this is a mistake.`
+                            `${error}`
                         )
                     )
                 }
             }
         }
-
         // Set document (nb. we refer to providerData[0] because we use Github OAuth provider only).
         await userRef.set({
             name: encodedDisplayName,
@@ -109,10 +100,8 @@ export const registerAuthUser = functions
             photoURL: photoURL || "",
             lastUpdated: getCurrentServerTimestampInMillis()
         })
-
         printLog(`Authenticated user document with identifier ${uid} has been correctly stored`, LogLevel.DEBUG)
     })
-
 /**
  * Set custom claims for role-based access control on the newly created user.
  * @notice this method is automatically triggered upon user authentication in the Firebase app
@@ -126,32 +115,26 @@ export const processSignUpWithCustomClaims = functions
     .onCreate(async (user: UserRecord) => {
         // Get user information.
         if (!user.uid) logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER)
-
         // Prepare state.
         let customClaims: any
-
         // Check if user meets role criteria to be a coordinator.
         if (
             user.email &&
             (user.email.endsWith(`@${process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN}`) ||
                 user.email === process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN)
         ) {
             customClaims = { coordinator: true }
-
             printLog(`Authenticated user ${user.uid} has been identified as coordinator`, LogLevel.DEBUG)
         } else {
             customClaims = { participant: true }
-
             printLog(`Authenticated user ${user.uid} has been identified as participant`, LogLevel.DEBUG)
         }
-
         try {
             // Set custom user claims on this newly created user.
             await admin.auth().setCustomUserClaims(user.uid, customClaims)
         } catch (error: any) {
             const specificError = SPECIFIC_ERRORS.SE_AUTH_SET_CUSTOM_USER_CLAIMS_FAIL
             const additionalDetails = error.toString()
-
             logAndThrowError(makeError(specificError.code, specificError.message, additionalDetails))
         }
     })
