I don't know if this will work out, or is it the right thing to do.
I have created an angularjs application and used firebase to provide my application a "backend", or to contain any data that my application needs.
Also I do not want to bother myself when dealing with authentication, and FirebaseSimpleLogin is just awesome tool for the job.
I could do:
resolve : {
'isAuthenticated': isLoggedIn
}
in my routes so I would be able to prevent them from moving to secured routes. So there is no problem, I already have an authenticated user.
The problem is, i only used firebase to save user data and for auth, and nothing else.
Now I want to do some server tasks in my server, but I want only authenticated users to do that.
How would I determine that the user is authenticated in firebase?
Is this what firebase token generator for.
Or should I just, create an authentication system using nodejs?
Check out the queue pattern. Have the user write items to the queue, have the server respond to them.
The really great part of using Firebase as the API/middle-man is that the worker (i.e. server) does not need to worry about if the client has authenticated. Security rules take care of this.
Just write a rule to only allow logged-in users to write into the queue:
{
"rules": {
"queue": {
"in": {
// I can only write if logged in
".write": "auth !== null",
"user_id": {
// I can only write to the queue as myself, this tells the server which
// out/ queue the user will be listening on
".validate": "auth.uid === newData.val()"
}
},
"out": {
"$userid": {
// I can only listen to my out queue
".read": "auth.uid === $userid"
}
}
}
}
}
Now the user simply writes a record to in/ using push(), then listens on out/ until the server replies.
The server reads records out of the in/ queue, processes them, and writes them back to the out/user_id path.
No RESTful protocols, no express servers, no headaches.