search

LeafyCode / express-firebase-auth

Firebase authentication middleware for Express.
MIT License
13 stars 8 forks source link

Is there a quick way to allow all images? #6

Open caviles opened 6 years ago

caviles commented 6 years ago

I've added an ignore path. Please feel free to add this you lib if you like. I also added one for a static base path (ie images, js, etc). Nice library!

//a fork of https://github.com/LeafyCode/express-firebase-auth/issues/6 //Cesar: //1/13/17 //added updates for ignoredPaths && ignoredBasePath const createFirebaseAuth = ({ ignoredUrls, ignoredPaths, //fork change - ca ignoredBasePath,//fork change - ca serviceAccount, firebase, checkEmailVerified = false, checkEmailVerifiedIgnoredUrls }) => { if (!serviceAccount && !firebase) { / eslint-disable no-console / console.log( '' ); console.log( 'Please provide the Firebase serviceAccount object or an initialized firebasee app!' ); console.log( '' ); / eslint-enable no-console / }

// If the user has passed an initialized firebase app, use that
// or initialize one using the serviceAccount object.
const firebaseAdmin = firebase || require.main.require('firebase-admin');
if (!firebase) {
  firebaseAdmin.initializeApp({
    credential: firebaseAdmin.credential.cert(serviceAccount),
    databaseURL: `https://${process.env.FIREBASE_DATABASE_NAME}.firebaseio.com`
  });
}

return (req, res, next) => {
  if ((ignoredUrls && ignoredUrls.includes(req.originalUrl)) ||
      //fork change - ca  
      (ignoredPaths &&  ignoredPaths.includes(req.originalUrl.substring(0, req.originalUrl.lastIndexOf("/")))) ||
      //fork change - ca
      (ignoredBasePath &&   req.originalUrl.indexOf(ignoredBasePath) !== -1)
    ) {
    next(); // If the url is in `ignoredUrls`, skip the autherization.
  } else {
    const authorizationHeader = req.header('Authorization');

    // Send an error if the autherization header is missing
    if (!authorizationHeader) {
      res.status(401);
      return res.send({ error: 'Missing autherization header!' });
    }

    const idToken = authorizationHeader.split(' ').pop();

    // Authenticate user
    firebaseAdmin
      .auth()
      .verifyIdToken(idToken)
      .then((user) => {
        // If checkEmailVerified is true, deny the request if the user's email is not verified
        // Skip if the url is in checkEmailVerifiedIgnoredUrls
        if (
          checkEmailVerified &&
          (checkEmailVerifiedIgnoredUrls &&
            !checkEmailVerifiedIgnoredUrls.includes(req.originalUrl)) &&
          !user.email_verified
        ) {
          res.status(401);
          return res.send({ error: 'You are not autherized!' });
        }

        res.locals.user = user; // Set the user object to locals
        return next();
      })
      .catch((error) => {
        res.status(401);
        res.send({ error: 'You are not autherized!' });

        next(error);
      });
  }
};

};

module.exports = { createFirebaseAuth };

THPubs commented 6 years ago

Hi @caviles . To do this, without using ignoredPaths and ignoredBasePath, we can use something like ignoredExtensions? What do you think?

You can always fork and add features to the library. When done, simply make a pull request 😄

caviles commented 6 years ago

@THPubs I like ignoredExtensions. I'll change it and do a pull request.

Thank you!

THPubs commented 6 years ago

@caviles Great!