initial commit

Author: isabellehuangg

backend/typescript/graphql/resolvers/authResolvers.ts

@@ -53,6 +53,16 @@ const authResolvers = {
       );
       return isAuthorized;
     },
+    isAuthorizedReviewer: async (
+      _parent: undefined,
+      {accessToken, applicantRecordId}: {accessToken: string, applicantRecordId: string},
+    ): Promise<boolean> => {
+      const isAuthorized = await authService.isAuthorizedReviewer(
+        accessToken,
+        applicantRecordId,
+      );
+      return isAuthorized;
+    }
   },
   Mutation: {
     login: async (

backend/typescript/services/implementations/authService.ts

@@ -7,6 +7,7 @@ import { AuthDTO, Role, Token } from "../../types";
 import { getErrorMessage } from "../../utilities/errorUtils";
 import FirebaseRestClient from "../../utilities/firebaseRestClient";
 import logger from "../../utilities/logger";
+import ReviewedApplicantRecord from "../../models/reviewedApplicantRecord.model";
 
 const Logger = logger(__filename);
 
@@ -41,9 +42,8 @@ class AuthService implements IAuthService {
   /* eslint-disable class-methods-use-this */
   async generateTokenOAuth(idToken: string): Promise<AuthDTO> {
     try {
-      const googleUser = await FirebaseRestClient.signInWithGoogleOAuth(
-        idToken,
-      );
+      const googleUser =
+        await FirebaseRestClient.signInWithGoogleOAuth(idToken);
       // googleUser.idToken refers to the Firebase Auth access token for the user
       const token = {
         accessToken: googleUser.idToken,
@@ -272,6 +272,24 @@ class AuthService implements IAuthService {
       throw error;
     }
   }
+
+  async isAuthorizedReviewer(accessToken: string, applicantRecordId: string): Promise<boolean> {
+    try {
+      const decodedToken: firebaseAdmin.auth.DecodedIdToken =
+        await firebaseAdmin.auth().verifyIdToken(accessToken, true);
+      const userId = await this.userService.getUserIdByAuthId(
+        decodedToken.uid,
+      );
+
+      const record = await ReviewedApplicantRecord.findOne({
+        where: { applicantRecordId, userId },
+      });
+
+      return !!record;
+    } catch (error) {
+      return false;
+    }
+  }
 }
 
 export default AuthService;

backend/typescript/services/interfaces/authService.ts

@@ -90,6 +90,14 @@ interface IAuthService {
    * @returns true if email sent successfully
    */
   sendSignInLink(email: string): Promise<boolean>;
+
+  /**
+   * Checks whether a user is an authorized reviewer for a specific applicant record.
+   * @param accessToken user's access token
+   * @param applicantRecordId applicant record to be accessed
+   * @returns true if the user is authorized to access the applicant record
+   */
+  isAuthorizedReviewer(accessToken: string, applicantRecordId: string): Promise<boolean>;
 }
 
 export default IAuthService;