/** Get profile endpoint. */ app.get('/profile', function (req, res) { // Get session cookie. const sessionCookie = req.cookies.session || ''; // Get the session cookie and verify it. In this case, we are verifying if the // Firebase session was revoked, user deleted/disabled, etc. admin.auth().verifySessionCookie(sessionCookie, true /** check if revoked. */) .then(function(decodedClaims) { // Serve content for signed in user. return serveContentForUser('/profile', req, res, decodedClaims); }).catch(function(error) { // Force user to login. res.redirect('/'); }); });
/** User delete endpoint. */ app.get('/delete', function (req, res) { const sessionCookie = req.cookies.session || ''; res.clearCookie('session'); if (sessionCookie) { // Verify user and then delete the user. admin.auth().verifySessionCookie(sessionCookie, true).then(function(decodedClaims) { return admin.auth().deleteUser(decodedClaims.sub); }) .then(function() { // Redirect to login page on success. res.redirect('/'); }) .catch(function() { // Redirect to login page on error. res.redirect('/'); }); } else { // Redirect to login page when no session cookie available. res.redirect('/'); } });
/** * Checks if a user is signed in and if so, redirects to profile page. * @param {string} url The URL to check if signed in. * @return {function} The middleware function to run. */ function checkIfSignedIn(url) { return function(req, res, next) { if (req.url == url) { const sessionCookie = req.cookies.session || ''; // User already logged in. Redirect to profile page. admin.auth().verifySessionCookie(sessionCookie).then(function(decodedClaims) { res.redirect('/profile'); }).catch(function(error) { next(); }); } else { next(); } } }
/** User signout endpoint. */ app.get('/logout', function (req, res) { // Clear cookie. const sessionCookie = req.cookies.session || ''; res.clearCookie('session'); // Revoke session too. Note this will revoke all user sessions. if (sessionCookie) { admin.auth().verifySessionCookie(sessionCookie, true).then(function(decodedClaims) { return admin.auth().revokeRefreshTokens(decodedClaims.sub); }) .then(function() { // Redirect to login page on success. res.redirect('/'); }) .catch(function() { // Redirect to login page on error. res.redirect('/'); }); } else { // Redirect to login page when no session cookie available. res.redirect('/'); } });
/** Get profile endpoint. */ app.get('/profile', function (req, res) { // Get session cookie. const sessionCookie = req.cookies.session || ''; // Get the session cookie and verify it. In this case, we are verifying if the // Firebase session was revoked, user deleted/disabled, etc. admin.auth().verifySessionCookie(sessionCookie, true /** check if revoked. */) .then(function(decodedClaims) { // Serve content for signed in user. return serveContentForUser('/profile', req, res, decodedClaims); }).catch(function(error) { // Force user to login. res.redirect('/'); }); });
/** * Checks if a user is signed in and if so, redirects to profile page. * @param {string} url The URL to check if signed in. * @return {function} The middleware function to run. */ function checkIfSignedIn(url) { return function(req, res, next) { if (req.url == url) { const sessionCookie = req.cookies.session || ''; // User already logged in. Redirect to profile page. admin.auth().verifySessionCookie(sessionCookie).then(function(decodedClaims) { res.redirect('/profile'); }).catch(function(error) { next(); }); } else { next(); } } }
/** User delete endpoint. */ app.get('/delete', function (req, res) { const sessionCookie = req.cookies.session || ''; res.clearCookie('session'); if (sessionCookie) { // Verify user and then delete the user. admin.auth().verifySessionCookie(sessionCookie, true).then(function(decodedClaims) { return admin.auth().deleteUser(decodedClaims.sub); }) .then(function() { // Redirect to login page on success. res.redirect('/'); }) .catch(function() { // Redirect to login page on error. res.redirect('/'); }); } else { // Redirect to login page when no session cookie available. res.redirect('/'); } });
/** User signout endpoint. */ app.get('/logout', function (req, res) { // Clear cookie. const sessionCookie = req.cookies.session || ''; res.clearCookie('session'); // Revoke session too. Note this will revoke all user sessions. if (sessionCookie) { admin.auth().verifySessionCookie(sessionCookie, true).then(function(decodedClaims) { return admin.auth().revokeRefreshTokens(decodedClaims.sub); }) .then(function() { // Redirect to login page on success. res.redirect('/'); }) .catch(function() { // Redirect to login page on error. res.redirect('/'); }); } else { // Redirect to login page when no session cookie available. res.redirect('/'); } });