forked from vercel/next.js
-
Notifications
You must be signed in to change notification settings - Fork 2
/
login.js
37 lines (33 loc) · 1.38 KB
/
login.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import commonMiddleware from '../../utils/middleware/commonMiddleware'
import { verifyIdToken } from '../../utils/auth/firebaseAdmin'
const handler = (req, res) => {
if (!req.body) {
return res.status(400)
}
const { token } = req.body
// Here, we decode the user's Firebase token and store it in a cookie. Use
// express-session (or similar) to store the session data server-side.
// An alternative approach is to use Firebase's `createSessionCookie`. See:
// https://firebase.google.com/docs/auth/admin/manage-cookies
// Firebase docs:
// "This is a low overhead operation. The public certificates are initially
// queried and cached until they expire. Session cookie verification can be
// done with the cached public certificates without any additional network
// requests."
// However, in a serverless environment, we shouldn't rely on caching, so
// it's possible Firebase's `verifySessionCookie` will make frequent network
// requests in a serverless context.
return verifyIdToken(token)
.then((decodedToken) => {
req.session.decodedToken = decodedToken
req.session.token = token
return decodedToken
})
.then((decodedToken) => {
return res.status(200).json({ status: true, decodedToken })
})
.catch((error) => {
return res.status(500).json({ error })
})
}
export default commonMiddleware(handler)