Skip to content

whitecloakph/nestjs-passport-firebase

Repository files navigation

Nest Logo

Passport - Firebase Auth Module for NestJS

Latest Version License Total Downloads

Installation

Install the following peer dependencies:

npm install passport @nestjs/passport passport-jwt jwks-rsa
npm install --save-dev @types/passport-jwt

Install the package

npm install @whitecloak/nestjs-passport-firebase

Usage

Setup FirebaseAuthModule

Import the FirebaseAuthModule into the root module (the AppModule, defined in the app.module.ts file).

import {Module} from '@nestjs/common';
import {FirebaseAuthModule} from '@whitecloak/nestjs-passport-firebase';

@Module({
    imports: [
        FirebaseAuthModule.register({
            audience: '<PROJECT_ID>',
            issuer: 'https://securetoken.google.com/<PROJECT_ID>',
        }),
    ],
})
export class AppModule {
}

The value of audience is a string equal to your Firebase project ID, the unique identifier for your Firebase project. For the issuer it should be set to https://securetoken.google.com/<PROJECT_ID>. You can also store this config to the environment variable.

FirebaseAuthModule.register({
    audience: process.env.FIREBASE_AUDIENCE,
    issuer: proccess.env.FIREBASE_ISSUER,
})

Protect your APIs

Use FirebaseAuthGuard to protect your routes.

import {Controller, Get, UseGuards} from '@nestjs/common';
import {AppService} from './app.service';
import {FirebaseAuthGuard} from '@whitecloak/nestjs-passport-firebase';

@Controller()
export class AppController {
    constructor(private readonly appService: AppService) {
    }

    @Get()
    @UseGuards(FirebaseAuthGuard)
    getHello(): string {
        return this.appService.getHello();
    }
}

If you are using GraphQL, you need to extend the FirebaseAuthGuard and override the getRequest() method. Read more here.

import {ExecutionContext, Injectable} from '@nestjs/common';
import {GqlExecutionContext} from '@nestjs/graphql';
import {FirebaseAuthGuard} from '@whitecloak/nestjs-passport-firebase';

@Injectable()
export class GqlAuthGuard extends FirebaseAuthGuard {
    getRequest(context: ExecutionContext) {
        const ctx = GqlExecutionContext.create(context);
        return ctx.getContext().req;
    }
}

You can now protect your queries and mutations by using the GqlAuthGuard.

import {Query, Resolver} from '@nestjs/graphql';
import {UseGuards} from '@nestjs/common';
import {GqlAuthGuard} from './guards/gql-auth.guard';

@Resolver()
export class VersionsResolver {
    constructor(private readonly appService: AppService) {
    }

    @Query(() => String)
    @UseGuards(GqlAuthGuard)
    getHello(): string {
        return this.appService.getHello();
    }
}

Customizing Firebase Strategy validate Method

Sometimes you need to tweak the behavior of the validate method to fit into your project requirements. You can do it by creating a custom strategy and extending the FirebaseStrategy to override the validate method.

import {DecodedIdToken, FirebaseStrategy} from '@whitecloak/nestjs-passport-firebase';
import {Repository} from 'typeorm';
import {Injectable} from '@nestjs/common';
import {InjectRepository} from '@nestjs/typeorm';
import {User} from '@entities/user.entity';

@Injectable()
export class FirebaseCustomStrategy extends FirebaseStrategy {
    constructor(
        @InjectRepository(User) private userRepository: Repository<User>,
    ) {
        super({
            audience: process.env.FIREBASE_AUDIENCE,
            issuer: proccess.env.FIREBASE_ISSUER,
        });
    }

    async validate(payload: DecodedIdToken): Promise<User> {
        // Do the custom behavior here.

        return this.userRepository.findOne({email: payload.email});
    }
}

Then add the FirebaseCustomStrategy to the providers list of the module and don't forget to import its dependencies

import {Module} from '@nestjs/common';
import {User} from '@entities/user.entity';
import {TypeOrmModule} from '@nestjs/typeorm';
import {FirebaseAuthModule} from '@whitecloak/nestjs-passport-firebase';
import {FirebaseCustomStrategt} from '@modules/auth/strategy/firebase-custom.strategy';

@Module({
    imports: [
        TypeormModule.forFeature([User]),
        FirebaseAuthModule.register({
            audience: '<PROJECT_ID>',
            issuer: 'https://securetoken.google.com/<PROJECT_ID>',
        }),
    ],
    providers: [FirebaseCustomStrategy]
})
export class AppModule {
}

Change Log

See Changelog for more information.

Contributing

Contributions welcome! See Contributing.

Author

Jimuel Palaca

License

Licensed under the MIT License - see the LICENSE file for details.