Implemented secret email whitelist for Appstore testing.

Author: AndrewG828

.env_template

@@ -9,3 +9,5 @@ PORT=
 IMAGE_UPLOAD_URL=
 UPLOAD_BUCKET_NAME=
 UPLOAD_SIZE_LIMIT=
+# Comma-separated full email addresses allowed in addition to @cornell.edu (case-insensitive)
+EMAIL_WHITELIST=

src/api/middlewares/FirebaseAuth.ts

@@ -7,6 +7,7 @@ import {
 import { firebaseAdmin } from "../../firebase";
 import { getManager } from "typeorm";
 import { UserModel } from "../../models/UserModel";
+import { isAllowedLoginEmail } from "../../utils/allowlistedEmail";
 
 export const FirebaseCurrentUserChecker = async (
   action: Action,
@@ -25,9 +26,10 @@ export const FirebaseCurrentUserChecker = async (
     const decodedToken = await firebaseAdmin.auth().verifyIdToken(token);
     const userId = decodedToken.uid;
     const email = decodedToken.email;
-    // Enforce Cornell email domain restriction
-    if (email && !email.endsWith("@cornell.edu")) {
-      throw new ForbiddenError("Only Cornell email addresses are allowed");
+    if (!isAllowedLoginEmail(email)) {
+      throw new ForbiddenError(
+        "Only Cornell email addresses or allowlisted emails are allowed",
+      );
     }
     // Fetch and return the user from the database
     const user = await getManager().findOne(UserModel, {

src/app.ts

@@ -26,6 +26,7 @@ import resellConnection from './utils/DB';
 import { ReportService } from './services/ReportService';
 import { reportToString } from './utils/Requests';
 import { startTransactionConfirmationCron } from './cron/transactionCron';
+import { isAllowedLoginEmail } from './utils/allowlistedEmail';
 
 // Setup dependency injection containers
 routingUseContainer(Container);
@@ -56,13 +57,14 @@ async function main() {
       try {
         // Verify the token using Firebase Admin SDK
         const decodedToken = await admin.auth().verifyIdToken(token);
-        // Check if the email is a Cornell email
         const email = decodedToken.email;
         const userId = decodedToken.uid;
         action.request.email = email;
         action.request.firebaseUid = userId;
-        if (!email || !email.endsWith("@cornell.edu")) {
-          throw new ForbiddenError("Only Cornell email addresses are allowed");
+        if (!isAllowedLoginEmail(email)) {
+          throw new ForbiddenError(
+            "Only Cornell email addresses or allowlisted emails are allowed",
+          );
         }
         // Find or create user in your database using Firebase UID
         const manager = getManager();

src/utils/allowlistedEmail.ts

@@ -0,0 +1,36 @@
+const CORNELL_SUFFIX = "@cornell.edu";
+
+function normalizeEmail(email: string): string {
+  return email.trim().toLowerCase();
+}
+
+/** Full addresses from EMAIL_WHITELIST (comma-separated), lowercased. */
+export function getEmailWhitelist(): Set<string> {
+  const raw = process.env.EMAIL_WHITELIST ?? "";
+  const set = new Set<string>();
+  for (const part of raw.split(",")) {
+    const normalized = normalizeEmail(part);
+    if (normalized.length > 0) {
+      set.add(normalized);
+    }
+  }
+  return set;
+}
+
+/**
+ * True if the Firebase user email may use the API: @cornell.edu or listed in EMAIL_WHITELIST.
+ * When true, `email` is a non-empty string.
+ */
+export function isAllowedLoginEmail(
+  email: string | undefined,
+  whitelist: Set<string> = getEmailWhitelist(),
+): email is string {
+  if (!email) {
+    return false;
+  }
+  const e = normalizeEmail(email);
+  if (e.endsWith(CORNELL_SUFFIX)) {
+    return true;
+  }
+  return whitelist.has(e);
+}