This package provides a simple and minimalistic Firebase authentication middleware designed for Express.js applications. It validates Firebase JWTs issued on the frontend, ensuring that backend services are secure and requests are authenticated. This is great for developers looking to implement Firebase authentication outside of Google Cloud environments. The goal is to be able to write custom Node.js logic without compromising on security. Whether you're developing a small project or a large-scale application, use-firebase-auth
simplifies the integration of Firebase Auth with your server-side logic.
npm install use-firebase-auth
// or
yarn add use-firebase-auth
Once npm installed the module, you need to set up a bit on the frontend and backend.
import useFirebaseAuth, {
type SessionedRequest,
type UserSession
} from "use-firebase-auth"
// Middleware that uses the auth:
app.use(
useFirebaseAuth({
firebaseApp
})
)
// Firebase Admin:
import * as firebase from 'firebase-admin'
import credentials from "./firebase.json"
// Express and middleware:
import express from "express"
import useFirebaseAuth, {
type SessionedRequest,
type UserSession
} from "use-firebase-auth"
const app = express()
const firebaseApp = firebase.initializeApp({
credential: firebase.credential.cert(credentials),
databaseURL: "/* Your database url */"
})
// Middleware that uses the auth:
app.use(
useFirebaseAuth({
firebaseApp
})
)
// Sample route
app.all('/hello', (request, response) => {
const sessionedRequest = request as SessionedRequest
// You can get the typed results like so:
const authorized: boolean = sessionedRequest.authorized
const user: UserSession = sessionedRequest.user
console.log({ authorized, user })
response.send('Hello World')
})
// Start the server
app.listen(3001, () => {
console.log('Server is running on port 3001')
})
It's important that you use the authorization header when sending requests your backend node server from your frontend like so:
// Initialize your app like normal:
const app = initializeApp({ /* Credentials */ })
const auth = getAuth(app)
// Each request, just include a Bearer token with the currentUser's token:
const token = await auth.currentUser?.getIdToken()
const request = fetch('http://localhost:3001/hello', {
headers: {
'Authorization': 'Bearer ' + token
},
})
When using use-firebase-auth
, it's important to follow security best practices to protect your applications:
- Secure Your Firebase Credentials: Keep your Firebase credentials file secure and never expose it in your version control or to the frontend.
- Use HTTPS: Ensure that your backend and frontend communicate over HTTPS to protect the integrity and privacy of the authentication tokens being transmitted.
Contributions are welcome! If you would like to contribute to this project, please follow these steps:
- Fork the repository.
- Create a new branch:
git checkout -b feature/your-feature-name
- Use
yarn run install
to download dependencies - You'll need a test firebase project. Visit the firebase console and create a test project. Ensure auth is enabled on the project, and use signing in with username/password.
- Create some firebase credentials for web, and add the credentials to test/index.html on line 33
- Create some firebase admin SDK credentials and add the credentials to test/firebase.ts
- Use
yarn run dev
to start a test express.js server for developing in, andyarn run serve-test
to start a sample frontend for testing a auth connection to. - Build the new changes, with
yarn run build
- Before committing, ensure you remove your own credentials that you added for development.
- Make your changes and commit them:
git commit -m 'Add your feature'
- Push to the branch:
git push origin feature/your-feature-name
- Open a pull request.
This project is licensed under the MIT License.