Skip to content

benxgao/firebase-api-sample

BranchesTags

Repository files navigation

Firebase API Sample

This open-source project demonstrates how to manage a Firebase project as an API provider, with a focus on secure JWT validation using Firebase Authentication. It is intended as a reference for building secure, scalable backend APIs with Firebase Functions, protected by Firebase Auth.

Features

  • Firebase Functions as API: Exposes RESTful endpoints using Express and Firebase Cloud Functions.
  • JWT Validation: Uses Firebase Authentication to validate JWTs for protected API routes.
  • Secret Management: Demonstrates secure use of API keys and secrets via Google Cloud Secret Manager.
  • Middleware: Includes reusable middleware for authentication and logging.
  • Local Development Support: Easily run and test APIs locally using Firebase Emulators.

Project Structure

  • /functions: Source code for Cloud Functions (API endpoints, middleware, services).
  • /public: Static assets for Firebase Hosting (optional).
  • /docs: Documentation and setup notes.

Getting Started

  1. Clone the repository

    git clone https://github.com/YOUR_USERNAME/firebase-api-sample.git
cd firebase-api-sample

  2. Install dependencies

    cd functions
npm install

  3. Set up Firebase project

    • Create a Firebase project in the Firebase Console.
    • Update your .env or use Firebase CLI to set project ID.

  4. Local Development

    • Start the Firebase emulators for local API testing:

      npm run serve

    • Or, use the full emulator suite:

      firebase emulators:start

  5. Deploy to Firebase

    firebase deploy --only functions

Basic Commands

Command Description
npm run lint Lint the codebase
npm run build Compile TypeScript to JavaScript
npm run serve Build and start local emulator for functions
firebase emulators:start Start all Firebase emulators
firebase deploy --only functions Deploy only Cloud Functions

Authentication & JWT Validation

  • Protected endpoints require a valid Firebase ID token in the Authorization header:
    Authorization: Bearer <ID_TOKEN>
  • Middleware verifies the token and attaches the decoded user info to the request.

Secret Management

  • API keys and sensitive values should be stored in Google Cloud Secret Manager.
  • See /docs/commands.md for commands to grant secret access.

References

This project is intended for demonstration and educational purposes.

About

A sample of firebase functions

Topics

firebase firebase-apphosting

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages