Is there a quick way to allow all images?

[caviles]

No description provided.

[caviles]

I've added an ignore path. Please feel free to add this you lib if you like. I also added one for a static base path (ie images, js, etc). Nice library!

//a fork of #6
//Cesar:
//1/13/17
//added updates for ignoredPaths && ignoredBasePath
const createFirebaseAuth = ({
ignoredUrls,
ignoredPaths, //fork change - ca
ignoredBasePath,//fork change - ca
serviceAccount,
firebase,
checkEmailVerified = false,
checkEmailVerifiedIgnoredUrls
}) => {
if (!serviceAccount && !firebase) {
/* eslint-disable no-console /
console.log(
''
);
console.log(
'Please provide the Firebase serviceAccount object or an initialized firebasee app!'
);
console.log(
''
);
/ eslint-enable no-console */
}

// If the user has passed an initialized firebase app, use that
// or initialize one using the serviceAccount object.
const firebaseAdmin = firebase || require.main.require('firebase-admin');
if (!firebase) {
  firebaseAdmin.initializeApp({
    credential: firebaseAdmin.credential.cert(serviceAccount),
    databaseURL: `https://${process.env.FIREBASE_DATABASE_NAME}.firebaseio.com`
  });
}

return (req, res, next) => {
  if ((ignoredUrls && ignoredUrls.includes(req.originalUrl)) ||
      //fork change - ca  
      (ignoredPaths &&  ignoredPaths.includes(req.originalUrl.substring(0, req.originalUrl.lastIndexOf("/")))) ||
      //fork change - ca
      (ignoredBasePath &&   req.originalUrl.indexOf(ignoredBasePath) !== -1)
    ) {
    next(); // If the url is in `ignoredUrls`, skip the autherization.
  } else {
    const authorizationHeader = req.header('Authorization');

    // Send an error if the autherization header is missing
    if (!authorizationHeader) {
      res.status(401);
      return res.send({ error: 'Missing autherization header!' });
    }

    const idToken = authorizationHeader.split(' ').pop();

    // Authenticate user
    firebaseAdmin
      .auth()
      .verifyIdToken(idToken)
      .then((user) => {
        // If checkEmailVerified is true, deny the request if the user's email is not verified
        // Skip if the url is in checkEmailVerifiedIgnoredUrls
        if (
          checkEmailVerified &&
          (checkEmailVerifiedIgnoredUrls &&
            !checkEmailVerifiedIgnoredUrls.includes(req.originalUrl)) &&
          !user.email_verified
        ) {
          res.status(401);
          return res.send({ error: 'You are not autherized!' });
        }

        res.locals.user = user; // Set the user object to locals
        return next();
      })
      .catch((error) => {
        res.status(401);
        res.send({ error: 'You are not autherized!' });

        next(error);
      });
  }
};

};

module.exports = {
createFirebaseAuth
};

[THPubs]

Hi @caviles . To do this, without using ignoredPaths and ignoredBasePath, we can use something like ignoredExtensions? What do you think?

You can always fork and add features to the library. When done, simply make a pull request 😄

[caviles]

@THPubs I like ignoredExtensions. I'll change it and do a pull request.

Thank you!

[THPubs]

@caviles Great!