add authorization header in rss feed fetching request

packages/api/src/utils/createTask.ts

@@ -572,16 +572,22 @@ export const enqueueRssFeedFetch = async (
   const { GOOGLE_CLOUD_PROJECT } = process.env
   const payload = {
     subscriptionId: rssFeedSubscription.id,
-    userId: rssFeedSubscription.user.id,
     feedUrl: rssFeedSubscription.url,
     lastFetchedAt: rssFeedSubscription.lastFetchedAt,
   }
 
+  const headers = {
+    [OmnivoreAuthorizationHeader]: generateVerificationToken(
+      rssFeedSubscription.user.id
+    ),
+  }
+
   const createdTasks = await createHttpTaskWithToken({
     project: GOOGLE_CLOUD_PROJECT,
     queue: 'omnivore-rss-queue',
     payload,
     taskHandlerUrl: env.queue.rssFeedTaskHandlerUrl,
+    requestHeaders: headers,
   })
 
   if (!createdTasks || !createdTasks[0].name) {

packages/rss-handler/src/index.ts

@@ -98,13 +98,31 @@ export const rssHandler = Sentry.GCPFunction.wrapHttpFunction(
       return res.status(500).send('INTERNAL_SERVER_ERROR')
     }
 
+    const token = req.header('Omnivore-Authorization')
+    if (!token) {
+      console.error('Missing authorization header')
+      return res.status(401).send('UNAUTHORIZED')
+    }
+
     try {
+      let userId: string
+
+      try {
+        const decoded = jwt.verify(token, process.env.JWT_SECRET) as {
+          uid: string
+        }
+        userId = decoded.uid
+      } catch (e) {
+        console.error('Authorization error', e)
+        return res.status(401).send('UNAUTHORIZED')
+      }
+
       if (!isRssFeedRequest(req.body)) {
         console.error('Invalid request body', req.body)
         return res.status(400).send('INVALID_REQUEST_BODY')
       }
 
-      const { userId, feedUrl, subscriptionId, lastFetchedAt } = req.body
+      const { feedUrl, subscriptionId, lastFetchedAt } = req.body
       console.log('Processing feed', feedUrl, lastFetchedAt)
 
       // fetch feed