secures api routes using Firebase; add create users route

2026-06-06 00:36:39 +00:00 · 2020-04-23 18:17:47 +02:00 · 2020-04-23 18:17:47 +02:00 · e36d7fc43a
commit e36d7fc43a
parent 9e26eff3c8
7 changed files with 1311 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,5 @@
 **/node_modules
-**keys**
+**/config
 npm-debug.log
 .DS_Store
 /*.env
--- a/middlewares/auth/index.js
+++ b/middlewares/auth/index.js
@ -0,0 +1,29 @@
+import admin from "../../services/auth/index.js";
+
+const getAuthToken = (req, res, next) => {
+  if (
+    req.headers.authorization &&
+    req.headers.authorization.split(" ")[0] === "Bearer"
+  ) {
+    req.authToken = req.headers.authorization.split(" ")[1];
+  } else {
+    req.authToken = null;
+  }
+  next();
+};
+
+const authenticationChecker = (req, res, next) => {
+  getAuthToken(req, res, async () => {
+    try {
+      const { authToken } = req;
+      const userInfo = await admin.auth().verifyIdToken(authToken);
+      req.authId = userInfo.uid;
+      return next();
+    } catch (e) {
+      return res
+        .status(401)
+        .json({ error: "You are not authorized to make this request." });
+    }
+  });
+};
+export default authenticationChecker;
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -4,8 +4,8 @@
  "description": "",
  "main": "server.js",
  "scripts": {
-    "start": "node --experimental-modules server.js",
-    "server": "nodemon server.js",
+    "start": "node --experimental-modules --experimental-json-modules server.js",
+    "server": "nodemon --experimental-json-modules server.js",
    "client": "npm start --prefix client",
    "client-install": "npm install --prefix client",
    "dev": "concurrently \"npm run server\" \"npm run client\"",
@ -22,6 +22,7 @@
    "@babel/preset-env": "^7.9.5",
    "concurrently": "^5.1.0",
    "express": "^4.17.1",
+    "firebase-admin": "^8.11.0",
    "helmet": "^3.22.0",
    "moment": "^2.24.0",
    "mongoose": "^5.9.10",
--- a/routes/api/users.js
+++ b/routes/api/users.js
@ -0,0 +1,27 @@
+import express from "express";
+import admin from "../../services/auth/index.js";
+
+const router = express.Router();
+
+router.post("/", async (req, res) => {
+  const {
+    email,
+    firstName,
+    lastName,
+    password,
+    phoneNumber,
+    photoUrl,
+  } = req.body;
+
+  const user = await admin.auth().createUser({
+    email,
+    phoneNumber,
+    password,
+    displayName: `${firstName} ${lastName}`,
+    photoUrl,
+  });
+
+  return res.json(user);
+});
+
+export default router;
--- a/server.js
+++ b/server.js
@ -4,6 +4,8 @@ import path from "path";
 import moment from "moment";
 import helmet from "helmet";
 import items from "./routes/api/items.js";
+import users from "./routes/api/users.js";
+import authenticationChecker from "./middlewares/auth/index.js";

 const app = express();

@ -13,7 +15,6 @@ const PORT = process.env.PORT || 5000;
 const db =
  process.env.MONGO_URI ||
  "mongodb+srv://ruidy:Xyxoo971+mongodb@projectscluster-xcfet.mongodb.net/test?retryWrites=true&w=majority";
-
 // connection to database
 mongoose
  .connect(db, { useNewUrlParser: true, useUnifiedTopology: true })
@ -22,10 +23,12 @@ mongoose

 // some security
 app.use(helmet());
+app.use(authenticationChecker);
 // bodyparser middleware
 app.use(express.json());
 // Register routes
 app.use("/api/items/", items);
+app.use("/api/users/", users);

 // Serve static assets in production
 if (process.env.NODE_ENV === "production") {
--- a/services/auth/index.js
+++ b/services/auth/index.js
@ -0,0 +1,9 @@
+import admin from "firebase-admin";
+import serviceAccount from "../../config/service_account.json";
+
+admin.initializeApp({
+  credential: admin.default.credential.cert(serviceAccount),
+  databaseURL: "https://devprojects-4749c.firebaseio.com",
+});
+
+export default admin;