refactor authentication and demo-mode to use middleware

[gcschmit]

Currently, every admin and setup endpoint checks for authentication. It would be cleaner if authentication was checked once with a middleware approach and all endpoints wouldn't have to worry about it. Similarly, demo-mode is checked throughout admin and scouting endpoints and that could be done in a single place using middleware.

[Allybe]

When you say "authentication" you mean having it check for the admin password once and that'd generate a token to be used across other endpoints, right? Could also mean using something like Google OAuth.

[Allybe]

And in that case we could use something like Passport.js which has token based authentication.

[gcschmit]

Good question; I didn't make this issue very clear. I think the access code-based authentication is fine, at least for now. While it isn't very secure, it guards against non-malicious mistakes. What I was trying to capture is that most of the routes in the admin and scouting endpoints check for authentication. For example:

router.get("/scouters", (req, res) => {
  if (!DEMO) {
    if (req.headers.authorization === config.secrets.ACCESS_CODE) {
      res.json(ScoutingSync.getScouters());
    } else {
      res.json({ error: "Not Authorized" });
    }
  } else {
    res.json(ScoutingSync.getScouters());
  }
});

Rather than duplicating the code to perform this check in each route, a middleware approach can be used instead. For example, something like this:

router.use((req, res, next) => {
  if (!ScoutingSync.initialized) {
    res.status(503).send("Scouting Sync not initialized yet!");
  }  else if (req.headers.authorization !== config.secrets.ACCESS_CODE && !req.path.startsWith("/auth")) {
   res.json({ error: "Not Authorized" });
}
else {
    next();
  }
});

Demo-mode could be handled in a similar fashion.