Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (function() {
- // Initialize Firebase
- var config = {
- //...
- };
- firebase.initializeApp(config);
- // no local persistence because of the httpOnly flag
- firebase.auth().setPersistence(firebase.auth.Auth.Persistence.NONE);
- const emailField = document.getElementById("email");
- const passwordField = document.getElementById("password");
- const loginButton = document.getElementById("loginButton");
- loginButton.addEventListener("click", e => {
- const email = emailField.value;
- const password = passwordField.value;
- const signInPromise = firebase.auth().signInWithEmailAndPassword(email, password);
- signInPromise.catch(e => {
- console.log("Login Error: " + e.message);
- })
- return signInPromise.then(() => {
- console.log("Signed in + " + firebase.auth().currentUser.uid);
- return firebase.auth().currentUser.getIdToken().then(idToken => {
- // Session login endpoint is queried and the session cookie is set.
- // CSRF protection should be taken into account.
- // ...
- // const csrfToken = getCookie('csrfToken')
- console.log("User ID Token: " + idToken);
- return sendToken(idToken);
- //return postIdTokenToSessionLogin('/sessionLogin', idToken, csrfToken);
- });
- })
- });
- firebase.auth().onAuthStateChanged(user => {
- if (user) {
- document.getElementById('loginSuccess').innerHTML = `Signed in as ${user.uid}`;
- document.getElementById('loginError').innerHTML = "";
- } else {
- document.getElementById('loginSuccess').innerHTML = "";
- document.getElementById('loginError').innerHTML = `Not signed in`;
- }
- });
- })();
- function sendToken(idToken) {
- console.log("Posting " + idToken);
- var xhr = new XMLHttpRequest();
- var params = `token=${idToken}`;
- xhr.open('POST', "/admin/login", true);
- xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
- return new Promise(function(resolve, reject) {
- xhr.onreadystatechange = function() {//Call a function when the state changes.
- if (xhr.readyState == 4 && xhr.status == 200) {
- resolve();
- } else if (xhr.readyState == 4 && xhr.status != 200) {
- reject("Invalid http return status");
- }
- }
- return xhr.send(params);
- });
- }
- adminApp.post("/login", (request, response) => {
- console.log("Got login post request");
- if (request.body.token) {
- const idToken = request.body.token.toString();
- console.log("idToken = " + idToken);
- // Set session expiration to 5 days.
- const expiresIn = 60 * 60 * 24 * 5 * 1000;
- return adminFirebase.auth().createSessionCookie(idToken, {expiresIn}).then((sessionCookie) => {
- const options = {maxAge: expiresIn, httpOnly: true, secure: true};
- response.cookie('session', sessionCookie, options);
- response.end(JSON.stringify({status: 'success'}));
- }, error => {
- response.status(401).send('UNAUTHORIZED REQUEST!');
- });
- }
- return response.status(400).send("MISSING TOKEN");
- });
- const validateLogin = function (req, res, next) {
- const sessionCookie = req.cookies.session || '';
- console.log(JSON.stringify(req.headers));
- console.log("Verifying " + sessionCookie);
- return adminFirebase.auth().verifySessionCookie(sessionCookie, true).then((decodedClaims) => {
- console.log("decoded claims: " + decodedClaims);
- next();
- }).catch(error => {
- res.redirect('/admin/login');
- });
- };
- adminApp.get("/secret/", validateLogin, (request, response) => {
- return response.send("This is secret!");
- });
Add Comment
Please, Sign In to add comment
