feat: add logs

Author: posva

packages/nuxt/src/logging.ts

@@ -0,0 +1,10 @@
+export type LogType = 'debug' | 'info' | 'warn' | 'error' | 'trace'
+
+// TODO: allow disabling logs with some env variables
+
+export function log(type: LogType, ...args: any[]): void
+export function log(...args: any[]): void
+export function log(typeOrLog?: unknown, ...args: any[]): void {
+  const type = typeof typeOrLog === 'string' ? (typeOrLog as LogType) : 'log'
+  console[type]('[VueFire]:', ...args)
+}

packages/nuxt/src/module.ts

@@ -19,6 +19,7 @@ import type {
 import { markRaw } from 'vue'
 import type { NuxtVueFireAppCheckOptions } from './runtime/app-check'
 import { addMissingAlias } from './firebaseAliases'
+import { log } from './logging'
 
 export interface VueFireNuxtModuleOptions {
   /**
@@ -161,8 +162,9 @@ const VueFire: NuxtModule<VueFireNuxtModuleOptions> =
       // TODO: if options.admin
       if (options.admin || nuxt.options.ssr) {
         if (!nuxt.options.ssr) {
-          console.warn(
-            '[VueFire]: The "admin" option is only used during SSR. You should reenable ssr to use it.'
+          log(
+            'warn',
+            'The "admin" option is only used during SSR. You should reenable ssr to use it.'
           )
         }
         // TODO: check env variables are present

packages/nuxt/src/runtime/admin/plugin-auth-user.server.ts

@@ -5,6 +5,7 @@ import { getCookie } from 'h3'
 // FirebaseError is an interface here but is a class in firebase/app
 import type { FirebaseError } from 'firebase-admin'
 import { AUTH_COOKIE_NAME } from '../auth/api.session'
+import { log } from '../../logging'
 import { defineNuxtPlugin, useRequestEvent } from '#app'
 
 /**
@@ -15,6 +16,8 @@ export default defineNuxtPlugin(async (nuxtApp) => {
   const token = getCookie(event, AUTH_COOKIE_NAME)
   let user: UserRecord | undefined
 
+  log(`Getting user from "${AUTH_COOKIE_NAME}"`, token)
+
   if (token) {
     const adminApp = nuxtApp.$firebaseAdminApp as AdminApp
     const adminAuth = getAdminAuth(adminApp)
@@ -29,10 +32,10 @@ export default defineNuxtPlugin(async (nuxtApp) => {
       if (isFirebaseError(err) && err.code === 'auth/id-token-expired') {
         // Other errors to be handled: auth/argument-error
         // the error is fine, the user is not logged in
-        console.log('[VueFire]: Token expired -', err)
+        log('Token expired -', err)
       } else {
         // ignore the error and consider the user as not logged in
-        console.error('[VueFire]: Unknown Error -', err)
+        log('error', 'Unknown Error -', err)
       }
     }
   }

packages/nuxt/src/runtime/admin/plugin.server.ts

@@ -7,6 +7,7 @@ import {
   // renamed because there seems to be a global Credential type in vscode
   Credential as FirebaseAdminCredential,
 } from 'firebase-admin/app'
+import { log } from '../../logging'
 import { defineNuxtPlugin, useAppConfig } from '#app'
 
 export default defineNuxtPlugin((nuxtApp) => {
@@ -28,13 +29,13 @@ export default defineNuxtPlugin((nuxtApp) => {
     } = process.env
 
     if (FIREBASE_CONFIG || FUNCTION_NAME) {
-      console.log('[VueFire]: using FIREBASE_CONFIG env variable')
+      log('using FIREBASE_CONFIG env variable')
       initializeApp()
     } else {
       let credential: FirebaseAdminCredential
       // This version should work in Firebase Functions and other providers while applicationDefault() only works on
       if (FIREBASE_PRIVATE_KEY) {
-        console.log('[VueFire]: using FIREBASE_PRIVATE_KEY env variable')
+        log('using FIREBASE_PRIVATE_KEY env variable')
         credential = cert({
           projectId: FIREBASE_PROJECT_ID,
           clientEmail: FIREBASE_CLIENT_EMAIL,

packages/nuxt/src/runtime/app/plugin.server.ts

@@ -2,6 +2,7 @@ import { deleteApp, FirebaseApp, initializeApp } from 'firebase/app'
 import { User } from 'firebase/auth'
 import LRU from 'lru-cache'
 import { UserSymbol } from '../admin/plugin-auth-user.server'
+import { log } from '../../logging'
 import { defineNuxtPlugin, useAppConfig } from '#app'
 
 // TODO: allow customizing
@@ -31,18 +32,20 @@ export default defineNuxtPlugin((nuxtApp) => {
 
   let firebaseApp: FirebaseApp
 
+  log('initializing app with', appConfig.firebaseConfig)
   if (uid) {
     if (!appCache.has(uid)) {
       const randomId = Math.random().toString(36).slice(2)
       const appName = `auth:${user.uid}:${randomId}`
 
-      console.log('✅ creating new app', appName)
+      log('✅ creating new app', appName)
 
       appCache.set(uid, initializeApp(appConfig.firebaseConfig, appName))
     }
     firebaseApp = appCache.get(uid)!
   } else {
     // anonymous session, just create a new app
+    log('anonymous session')
     firebaseApp = initializeApp(appConfig.firebaseConfig)
   }
 

packages/nuxt/src/runtime/auth/api.session-verification.ts

@@ -0,0 +1,70 @@
+import { getApp } from 'firebase-admin/app'
+import { getAuth as getAdminAuth } from 'firebase-admin/auth'
+import {
+  readBody,
+  setCookie,
+  assertMethod,
+  defineEventHandler,
+  deleteCookie,
+  sendRedirect,
+} from 'h3'
+import { log } from '../../logging'
+import { AUTH_COOKIE_MAX_AGE, AUTH_COOKIE_NAME } from './api.session'
+
+// This version is used at https://github.com/FirebaseExtended/firebase-framework-tools/blob/e69f5bdd44695274ad88dbb4e21aac778ba60cc8/src/firebase-aware.ts#L39 but doesn't work locally. Should it maybe be used in production only? Seems unlikely.
+
+/**
+ * Setups an API endpoint to be used by the client to mint a cookie based auth session.
+ */
+export default defineEventHandler(async (event) => {
+  assertMethod(event, 'POST')
+  const { token } = await readBody(event)
+
+  log('minting a session cookie')
+  const adminApp = getApp()
+  const adminAuth = getAdminAuth(adminApp)
+
+  log('read idToken from Authorization header', token)
+  const verifiedIdToken = token ? await adminAuth.verifyIdToken(token) : null
+
+  if (verifiedIdToken) {
+    if (
+      new Date().getTime() / 1_000 - verifiedIdToken.auth_time >
+      ID_TOKEN_MAX_AGE
+    ) {
+      event.node.res.statusCode = 301
+      return ''
+    } else {
+      const cookie = await adminAuth
+        .createSessionCookie(token!, { expiresIn: AUTH_COOKIE_MAX_AGE })
+        .catch((e: any) => {
+          log('error', 'Error minting the cookie -', e.message)
+        })
+      if (cookie) {
+        log('minted a session cookie', cookie)
+        setCookie(event, AUTH_COOKIE_NAME, cookie, {
+          maxAge: AUTH_COOKIE_MAX_AGE,
+          secure: true,
+          httpOnly: true,
+          path: '/',
+          sameSite: 'lax',
+        })
+        event.node.res.statusCode = 201
+        return ''
+      } else {
+        log('failed to mint a session cookie')
+        event.node.res.statusCode = 401
+        return ''
+      }
+    }
+  } else {
+    log('deleting the session cookie')
+    deleteCookie(event, AUTH_COOKIE_NAME)
+    event.node.res.statusCode = 204
+  }
+
+  // empty response
+  return ''
+})
+
+export const ID_TOKEN_MAX_AGE = 5 * 60