UNPKG

firebase-auth-middleware-lite

Version:

Minimal Firebase ID token verification middleware for Node and Express

115 lines (74 loc) โ€ข 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# Firebase Auth Middleware Lite A minimal and framework-agnostic Firebase ID token verification middleware for Node.js. Works with Express, but does not depend on it. --- ## โœจ Features - ๐Ÿ” Verifies Firebase ID tokens - ๐Ÿ’ฅ Uses `res.writeHead` + `res.end` (no Express dependency) - ๐Ÿง  Attaches `claims` and `token` to `res.locals` for downstream usage - ๐Ÿงฉ Plug-and-play with Express, Bun, Node HTTP, etc. --- ## ๐Ÿ“ฆ Installation ```bash npm install firebase-auth-middleware-lite ``` > Make sure you also install `firebase-admin` and `@google-cloud/firestore` (required by Firebase types): ```bash npm install firebase-admin @google-cloud/firestore ``` --- ## ๐Ÿงช Usage ### 1. Initialize Firebase ```ts import { initFirebase } from "firebase-auth-middleware-lite"; import serviceAccount from "./firebase-key.json"; initFirebase(serviceAccount); ``` ### 2. Use the middleware ```ts import express from "express"; import { authMiddleware } from "firebase-auth-middleware-lite"; const app = express(); app.use(authMiddleware()); app.get("/protected", (req, res) => { res.json({ uid: res.locals.claims.uid }); }); ``` --- ## ๐Ÿ” Advanced Usage You can pass a callback to the middleware if you want to run custom logic when a user is verified: ```ts const withDatabaseUser = async ({ claims, ctx, token, res }) => { console.log("Authenticated user id:", claims.uid); // get user information like permissions or roles for authorization const user = await getUserFromDB(claims.uid); ctx.user = user // attach user to locals // return something to stop the flow if (!user) return res.status(403).json({ error: "Forbidden" }); // if nothing is returned, middleware will add claims and token // to res.locals and continue; }; app.use(authMiddleware(withDatabaseUser)); ``` --- ## ๐Ÿ”„ Token Expiration Handling If a token is expired, the middleware will return an error. You will have to refresh the token using the frontend firebase SDK: - Set the HTTP header `x-firebase-token-refresh: true` - Return a `401 Unauthorized` response --- ## ๐Ÿ“š Types ```ts type AuthContext = { // not exported claims: DecodedIdToken; // from firebase-admin token: string; }; type AuthCBParams = { claims: DecodedIdToken; // from firebase-admin ctx: Record<string, any>; token: string; res: Response; }; ``` --- ## ๐Ÿ›ก License MIT โ€” use it, hack it, improve it.