honojs-middleware/packages/firebase-auth/src/index.ts

import type { KeyStorer, FirebaseIdToken } from 'firebase-auth-cloudflare-workers'
import { Auth, WorkersKVStoreSingle } from 'firebase-auth-cloudflare-workers'
import type { Context, MiddlewareHandler } from 'hono'
import { HTTPException } from 'hono/http-exception'

export type VerifyFirebaseAuthEnv = {
  PUBLIC_JWK_CACHE_KEY?: string | undefined
  PUBLIC_JWK_CACHE_KV?: KVNamespace | undefined
  FIREBASE_AUTH_EMULATOR_HOST: string | undefined
}

export interface VerifyFirebaseAuthConfig {
  projectId: string
  authorizationHeaderKey?: string
  keyStore?: KeyStorer
  keyStoreInitializer?: (c: Context) => KeyStorer
  disableErrorLog?: boolean
  firebaseEmulatorHost?: string
}

const defaultKVStoreJWKCacheKey = 'verify-firebase-auth-cached-public-key'
const defaultKeyStoreInitializer = (c: Context<{ Bindings: VerifyFirebaseAuthEnv }>): KeyStorer => {
  if (c.env.PUBLIC_JWK_CACHE_KV === undefined) {
    const res = new Response('Not Implemented', {
      status: 501,
    })
    throw new HTTPException(501, { res })
  }
  return WorkersKVStoreSingle.getOrInitialize(
    c.env.PUBLIC_JWK_CACHE_KEY ?? defaultKVStoreJWKCacheKey,
    c.env.PUBLIC_JWK_CACHE_KV
  )
}

export const verifyFirebaseAuth = (userConfig: VerifyFirebaseAuthConfig): MiddlewareHandler => {
  const config = {
    projectId: userConfig.projectId,
    AuthorizationHeaderKey: userConfig.authorizationHeaderKey ?? 'Authorization',
    KeyStore: userConfig.keyStore,
    keyStoreInitializer: userConfig.keyStoreInitializer ?? defaultKeyStoreInitializer,
    disableErrorLog: userConfig.disableErrorLog,
    firebaseEmulatorHost: userConfig.firebaseEmulatorHost,
  }

  return async (c, next) => {
    const authorization = c.req.raw.headers.get(config.AuthorizationHeaderKey)
    if (authorization === null) {
      const res = new Response('Bad Request', {
        status: 400,
      })
      throw new HTTPException(400, { res })
    }
    const jwt = authorization.replace(/Bearer\s+/i, '')
    const auth = Auth.getOrInitialize(
      config.projectId,
      config.KeyStore ?? config.keyStoreInitializer(c)
    )

    try {
      const idToken = await auth.verifyIdToken(jwt, {
        FIREBASE_AUTH_EMULATOR_HOST:
          config.firebaseEmulatorHost ?? c.env.FIREBASE_AUTH_EMULATOR_HOST,
      })
      setFirebaseToken(c, idToken)
    } catch (err) {
      if (!userConfig.disableErrorLog) {
        console.error({
          message: 'failed to verify the requested firebase token',
          err,
        })
      }

      const res = new Response('Unauthorized', {
        status: 401,
      })
      throw new HTTPException(401, { res })
    }
    await next()
  }
}

const idTokenContextKey = 'firebase-auth-cloudflare-id-token-key'

const setFirebaseToken = (c: Context, idToken: FirebaseIdToken) => c.set(idTokenContextKey, idToken)

export const getFirebaseToken = (c: Context): FirebaseIdToken | null => {
  const idToken = c.get(idTokenContextKey)
  if (!idToken) {
    return null
  }
  return idToken
}
feat(firebase-auth): support Hono v3 (#60) * feat(firebase-auth): support Hono v3 * add changeset 2023-03-06 19:24:49 +08:00			`import type { KeyStorer, FirebaseIdToken } from 'firebase-auth-cloudflare-workers'`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`import { Auth, WorkersKVStoreSingle } from 'firebase-auth-cloudflare-workers'`
			`import type { Context, MiddlewareHandler } from 'hono'`
fix(firebase-auth): throw HTTPException instead of reponse null (#191) * fix(firebase-auth): throw HTTPException instead of reponse null * added changeset 2023-10-05 21:42:21 +08:00			`import { HTTPException } from 'hono/http-exception'`
Initial commit 2022-07-23 22:56:20 +08:00
feat(firebase-auth): support Hono v3 (#60) * feat(firebase-auth): support Hono v3 * add changeset 2023-03-06 19:24:49 +08:00			`export type VerifyFirebaseAuthEnv = {`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`PUBLIC_JWK_CACHE_KEY?: string \| undefined`
			`PUBLIC_JWK_CACHE_KV?: KVNamespace \| undefined`
feat(firebase-auth): support Hono v3 (#60) * feat(firebase-auth): support Hono v3 * add changeset 2023-03-06 19:24:49 +08:00			`FIREBASE_AUTH_EMULATOR_HOST: string \| undefined`
Initial commit 2022-07-23 22:56:20 +08:00			`}`
initial commit 2022-07-28 13:58:54 +08:00
			`export interface VerifyFirebaseAuthConfig {`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`projectId: string`
			`authorizationHeaderKey?: string`
			`keyStore?: KeyStorer`
			`keyStoreInitializer?: (c: Context) => KeyStorer`
			`disableErrorLog?: boolean`
			`firebaseEmulatorHost?: string`
initial commit 2022-07-28 13:58:54 +08:00			`}`

setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`const defaultKVStoreJWKCacheKey = 'verify-firebase-auth-cached-public-key'`
fixed firebase-auth for #247 (#248) * chore: npx yarn-deduplicate && yarn install * chore(firebase-auth): Update package deps and test * chore(firebase-auth): update hono version * fix(firebase-auth): responds 501 when PUBLIC_JWK_CACHE_KV is undefined in defaultKeyStoreInitializer function 2023-11-12 08:50:13 +08:00			`const defaultKeyStoreInitializer = (c: Context<{ Bindings: VerifyFirebaseAuthEnv }>): KeyStorer => {`
			`if (c.env.PUBLIC_JWK_CACHE_KV === undefined) {`
			`const res = new Response('Not Implemented', {`
			`status: 501,`
			`})`
			`throw new HTTPException(501, { res })`
			`}`
initial commit 2022-07-28 13:58:54 +08:00			`return WorkersKVStoreSingle.getOrInitialize(`
			`c.env.PUBLIC_JWK_CACHE_KEY ?? defaultKVStoreJWKCacheKey,`
			`c.env.PUBLIC_JWK_CACHE_KV`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`)`
			`}`

			`export const verifyFirebaseAuth = (userConfig: VerifyFirebaseAuthConfig): MiddlewareHandler => {`
initial commit 2022-07-28 13:58:54 +08:00			`const config = {`
			`projectId: userConfig.projectId,`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`AuthorizationHeaderKey: userConfig.authorizationHeaderKey ?? 'Authorization',`
initial commit 2022-07-28 13:58:54 +08:00			`KeyStore: userConfig.keyStore,`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`keyStoreInitializer: userConfig.keyStoreInitializer ?? defaultKeyStoreInitializer,`
initial commit 2022-07-28 13:58:54 +08:00			`disableErrorLog: userConfig.disableErrorLog,`
fixed to support service worker syntax 2022-07-29 22:03:09 +08:00			`firebaseEmulatorHost: userConfig.firebaseEmulatorHost,`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`}`
initial commit 2022-07-28 13:58:54 +08:00
			`return async (c, next) => {`
fix(firebase-auth): retrive header values for v4 (#393) 2024-02-15 18:02:01 +08:00			`const authorization = c.req.raw.headers.get(config.AuthorizationHeaderKey)`
initial commit 2022-07-28 13:58:54 +08:00			`if (authorization === null) {`
fix(firebase-auth): throw HTTPException for bad request (#194) 2023-10-06 15:48:22 +08:00			`const res = new Response('Bad Request', {`
initial commit 2022-07-28 13:58:54 +08:00			`status: 400,`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`})`
fix(firebase-auth): throw HTTPException for bad request (#194) 2023-10-06 15:48:22 +08:00			`throw new HTTPException(400, { res })`
initial commit 2022-07-28 13:58:54 +08:00			`}`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`const jwt = authorization.replace(/Bearer\s+/i, '')`
initial commit 2022-07-28 13:58:54 +08:00			`const auth = Auth.getOrInitialize(`
			`config.projectId,`
			`config.KeyStore ?? config.keyStoreInitializer(c)`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`)`
initial commit 2022-07-28 13:58:54 +08:00
			`try {`
fixed to support service worker syntax 2022-07-29 22:03:09 +08:00			`const idToken = await auth.verifyIdToken(jwt, {`
			`FIREBASE_AUTH_EMULATOR_HOST:`
			`config.firebaseEmulatorHost ?? c.env.FIREBASE_AUTH_EMULATOR_HOST,`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`})`
			`setFirebaseToken(c, idToken)`
initial commit 2022-07-28 13:58:54 +08:00			`} catch (err) {`
			`if (!userConfig.disableErrorLog) {`
			`console.error({`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`message: 'failed to verify the requested firebase token',`
initial commit 2022-07-28 13:58:54 +08:00			`err,`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`})`
initial commit 2022-07-28 13:58:54 +08:00			`}`
fix(firebase-auth): throw HTTPException instead of reponse null (#191) * fix(firebase-auth): throw HTTPException instead of reponse null * added changeset 2023-10-05 21:42:21 +08:00
			`const res = new Response('Unauthorized', {`
initial commit 2022-07-28 13:58:54 +08:00			`status: 401,`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`})`
fix(firebase-auth): throw HTTPException instead of reponse null (#191) * fix(firebase-auth): throw HTTPException instead of reponse null * added changeset 2023-10-05 21:42:21 +08:00			`throw new HTTPException(401, { res })`
initial commit 2022-07-28 13:58:54 +08:00			`}`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`await next()`
			`}`
			`}`
initial commit 2022-07-28 13:58:54 +08:00
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`const idTokenContextKey = 'firebase-auth-cloudflare-id-token-key'`
initial commit 2022-07-28 13:58:54 +08:00
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`const setFirebaseToken = (c: Context, idToken: FirebaseIdToken) => c.set(idTokenContextKey, idToken)`
initial commit 2022-07-28 13:58:54 +08:00
			`export const getFirebaseToken = (c: Context): FirebaseIdToken \| null => {`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`const idToken = c.get(idTokenContextKey)`
chore: add lint rule and format (#367) * chore: add lint rule and format * fix ci * add typescript * yarn install * add `@cloudflare/workers-types` 2024-01-29 21:53:43 +08:00			`if (!idToken) {`
			`return null`
			`}`
setup Firebase Auth middleware 2023-02-04 19:20:42 +08:00			`return idToken`
			`}`