secures api routes using Firebase; add create users route

2026-06-06 00:36:39 +00:00 · 2020-04-23 18:17:47 +02:00 · 2020-04-23 18:17:47 +02:00 · e36d7fc43a
commit e36d7fc43a
parent 9e26eff3c8
7 changed files with 1311 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,5 @@
 **/node_modules
-**keys**
+**/config
 npm-debug.log
 .DS_Store
 /*.env
--- a/middlewares/auth/index.js
+++ b/middlewares/auth/index.js
@ -0,0 +1,29 @@
 import admin from "../../services/auth/index.js";
 const getAuthToken = (req, res, next) => {
  if (
    req.headers.authorization &&
    req.headers.authorization.split(" ")[0] === "Bearer"
  ) {
    req.authToken = req.headers.authorization.split(" ")[1];
  } else {
    req.authToken = null;
  }
  next();
 };
 const authenticationChecker = (req, res, next) => {
  getAuthToken(req, res, async () => {
    try {
      const { authToken } = req;
      const userInfo = await admin.auth().verifyIdToken(authToken);
      req.authId = userInfo.uid;
      return next();
    } catch (e) {
      return res
        .status(401)
        .json({ error: "You are not authorized to make this request." });
    }
  });
 };
 export default authenticationChecker;
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -4,8 +4,8 @@
  "description": "",
  "main": "server.js",
  "scripts": {
-    "start": "node --experimental-modules server.js",
+    "start": "node --experimental-modules --experimental-json-modules server.js",
-    "server": "nodemon server.js",
+    "server": "nodemon --experimental-json-modules server.js",
    "client": "npm start --prefix client",
    "client-install": "npm install --prefix client",
    "dev": "concurrently \"npm run server\" \"npm run client\"",
@ -22,6 +22,7 @@
    "@babel/preset-env": "^7.9.5",
    "concurrently": "^5.1.0",
    "express": "^4.17.1",
    "firebase-admin": "^8.11.0",
    "helmet": "^3.22.0",
    "moment": "^2.24.0",
    "mongoose": "^5.9.10",
--- a/routes/api/users.js
+++ b/routes/api/users.js
@ -0,0 +1,27 @@
 import express from "express";
 import admin from "../../services/auth/index.js";
 const router = express.Router();
 router.post("/", async (req, res) => {
  const {
    email,
    firstName,
    lastName,
    password,
    phoneNumber,
    photoUrl,
  } = req.body;
  const user = await admin.auth().createUser({
    email,
    phoneNumber,
    password,
    displayName: `${firstName} ${lastName}`,
    photoUrl,
  });
  return res.json(user);
 });
 export default router;
--- a/server.js
+++ b/server.js
@ -4,6 +4,8 @@ import path from "path";
 import moment from "moment";
 import helmet from "helmet";
 import items from "./routes/api/items.js";
 import users from "./routes/api/users.js";
 import authenticationChecker from "./middlewares/auth/index.js";
 const app = express();
@ -13,7 +15,6 @@ const PORT = process.env.PORT || 5000;
 const db =
  process.env.MONGO_URI ||
  "mongodb+srv://ruidy:Xyxoo971+mongodb@projectscluster-xcfet.mongodb.net/test?retryWrites=true&w=majority";
 // connection to database
 mongoose
  .connect(db, { useNewUrlParser: true, useUnifiedTopology: true })
@ -22,10 +23,12 @@ mongoose
 // some security
 app.use(helmet());
 app.use(authenticationChecker);
 // bodyparser middleware
 app.use(express.json());
 // Register routes
 app.use("/api/items/", items);
 app.use("/api/users/", users);
 // Serve static assets in production
 if (process.env.NODE_ENV === "production") {
--- a/services/auth/index.js
+++ b/services/auth/index.js
@ -0,0 +1,9 @@
 import admin from "firebase-admin";
 import serviceAccount from "../../config/service_account.json";
 admin.initializeApp({
  credential: admin.default.credential.cert(serviceAccount),
  databaseURL: "https://devprojects-4749c.firebaseio.com",
 });
 export default admin;