UNPKG

firebase-auth-middleware-lite

Version:

Minimal Firebase ID token verification middleware for Node and Express

60 lines (59 loc) 2.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.authMiddleware = exports.initFirebase = void 0; const firebase_admin_1 = __importDefault(require("firebase-admin")); // INIT const initFirebase = (key) => { if (!firebase_admin_1.default.apps.length) { firebase_admin_1.default.initializeApp({ credential: firebase_admin_1.default.credential.cert(key), }); } }; exports.initFirebase = initFirebase; const authMiddleware = (cb = () => { }) => async (req, res, next) => { const authHeader = req.headers["authorization"] || ""; const token = authHeader.split(" ")[1]; if (!token) { res.writeHead(403, { "Content-Type": "application/json" }); res.end(JSON.stringify({ error: "Unauthorized" })); return; } try { const claims = await firebase_admin_1.default.auth().verifyIdToken(token); if (!claims) { res.writeHead(403, { "Content-Type": "application/json" }); res.end(JSON.stringify({ error: "Unauthorized" })); return; } const shouldReturn = await cb({ claims, ctx: res.locals ?? {}, token, res, }); if (shouldReturn) { return; } res.locals = res.locals || {}; res.locals.claims = claims; res.locals.token = token; next(); } catch (error) { if (error.code === "auth/id-token-expired") { res.writeHead(401, { "Content-Type": "application/json", "x-firebase-token-refresh": "true", }); res.end(JSON.stringify({ error: "Token expired. Please refresh your token." })); return; } res.writeHead(403, { "Content-Type": "application/json" }); res.end(JSON.stringify({ error: "Unauthorized" })); } }; exports.authMiddleware = authMiddleware;