search

firecmsco / firecms

Awesome Firebase/Firestore-based CMS. The missing admin panel for your Firebase project!
https://firecms.co
Other
1.14k stars 184 forks source link

Requests to my server return a 403 since the update to 3.0.0 #612

Closed VCSJacob closed 8 months ago

VCSJacob commented 8 months ago

The update to 3.0.0 causes the AUTH request headers to be sent as a FireCMS authenticated user and not the Firebase authenticated user in the app where my server and a few other client-side apps make requests.

 // CMS
  const auth = getAuth();
// User Object 
  const user = auth.currentUser;

    const fetchRequest = async (e) => {  
    e.preventDefault();
// This token that is grabbed from the firebase user is not from the correct firebase app since the update to 3.0.0
    const token = user && (await user.getIdToken());
    await fetch(
      "http://localhost:5001/genericEndpointName",
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          Authorization: `Bearer ${token}`,
        },
        body: JSON.stringify({ ID: accountNum, Key: accessKey }),
      }
    )
      .then((res) => {
        res.json();
      })
      .catch((error) => {
        alert(error);
      });
  };

  // Middle-ware on express server that checks token
  // decodes firebase jwt provided by firebase auth, stops un-authenticated API request
async function decodeIDToken(req, res, next) {
  if (req.headers?.authorization?.startsWith("Bearer ")) {
    const idToken = req.headers.authorization.split("Bearer ")[1];
    try {
      const decodedToken = await admin.auth().verifyIdToken(idToken);
      req["currentUser"] = decodedToken;
    } catch (err) {
      console.error("Error decoding token:", err);
      res.sendStatus(403);
    }
  }
  next();
}

app.use(decodeIDToken);
fgatti675 commented 8 months ago

Hi @VCSJacob thank you for reporting. This is caused by the default Firebase instance now pointing to our own project. I will look into how to change it to the client one

fgatti675 commented 8 months ago

This should be fixed in the latest version :)

VCSJacob commented 8 months ago

This created a new error, I cannot sign into the CMS now at all, the sign-in with google button does not work when clicked nothing happens at all. This is without defining the backendApiHost.

When I add the backendApiHost prop to the FireCMSApp the CMS just hangs with a spinner that says, "backend loading". And I am never asked to sign in.

import React from "react"
import { FireCMSApp } from "firecms";
import appConfig from "./index";

function App() {
    return <FireCMSApp
        projectId={"vcs-reads-dev2"}
        appConfig={appConfig}
        backendApiHost={"http://10.0.2.2:5001/vcs-reads-dev2/us-central1/app"}
    />;
}

export default App

I even tried to create a new project and start over, still not able to sign in.

Also, "FireCMS3App" gives this error App.tsx:2 Uncaught SyntaxError: The requested module '/node_modules/.vite/deps/firecms.js?v=d22f7215' does not provide an export named 'FireCMS3App' (at App.tsx:2:10)

There are issues with the default configuration provided.

fgatti675 commented 8 months ago

Sorry about that, it was an error on our side. Fixed in the latest version. The backendApiHost prop should be left empty. It is the url that connects to our backend.