refactor: move Firebase implementation to adapters/firebase, drop pexels interface
- Create internal/adapters/firebase/auth.go with Auth, noopAuth, NewAuthOrNoop (renamed from FirebaseAuth, noopTokenVerifier, NewFirebaseAuthOrNoop) - Reduce internal/auth/firebase.go to TokenVerifier interface only - Remove PhotoSearcher interface from adapters/pexels (belongs to consumers) - Update wire.go and wire_gen.go to use firebase.NewAuthOrNoop Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
dbastrikin
88
backend/internal/adapters/firebase/auth.go
Normal file
88
backend/internal/adapters/firebase/auth.go
Normal file
@@ -0,0 +1,88 @@
|
||||
package firebase
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"os"
|
||||
|
||||
firebasesdk "firebase.google.com/go/v4"
|
||||
firebaseAuth "firebase.google.com/go/v4/auth"
|
||||
"google.golang.org/api/option"
|
||||
|
||||
"github.com/food-ai/backend/internal/auth"
|
||||
)
|
||||
|
||||
// Auth is the Firebase-backed implementation of auth.TokenVerifier.
|
||||
type Auth struct {
|
||||
client *firebaseAuth.Client
|
||||
}
|
||||
|
||||
// noopAuth is used in local development when Firebase credentials are not available.
|
||||
// It rejects all tokens with a clear error message.
|
||||
type noopAuth struct{}
|
||||
|
||||
func (noopAuthInstance *noopAuth) VerifyToken(_ context.Context, _ string) (uid, email, name, avatarURL string, verifyError error) {
|
||||
return "", "", "", "", fmt.Errorf("Firebase auth is not configured (running in noop mode)")
|
||||
}
|
||||
|
||||
// NewAuthOrNoop tries to initialize Firebase auth from the credentials file.
|
||||
// If the file is missing, empty, or not a valid service account, it logs a warning
|
||||
// and returns a noop verifier that rejects all tokens.
|
||||
func NewAuthOrNoop(credentialsFile string) (auth.TokenVerifier, error) {
|
||||
data, readError := os.ReadFile(credentialsFile)
|
||||
if readError != nil || len(data) == 0 {
|
||||
slog.Warn("firebase credentials not found, running without Firebase auth", "file", credentialsFile)
|
||||
return &noopAuth{}, nil
|
||||
}
|
||||
|
||||
var creds map[string]interface{}
|
||||
if unmarshalError := json.Unmarshal(data, &creds); unmarshalError != nil || creds["type"] == nil {
|
||||
slog.Warn("firebase credentials invalid, running without Firebase auth", "file", credentialsFile)
|
||||
return &noopAuth{}, nil
|
||||
}
|
||||
|
||||
firebaseAuth, newAuthError := newAuth(credentialsFile)
|
||||
if newAuthError != nil {
|
||||
return nil, newAuthError
|
||||
}
|
||||
return firebaseAuth, nil
|
||||
}
|
||||
|
||||
func newAuth(credentialsFile string) (*Auth, error) {
|
||||
opt := option.WithCredentialsFile(credentialsFile)
|
||||
app, appError := firebasesdk.NewApp(context.Background(), nil, opt)
|
||||
if appError != nil {
|
||||
return nil, appError
|
||||
}
|
||||
|
||||
client, clientError := app.Auth(context.Background())
|
||||
if clientError != nil {
|
||||
return nil, clientError
|
||||
}
|
||||
|
||||
return &Auth{client: client}, nil
|
||||
}
|
||||
|
||||
// VerifyToken verifies the given Firebase ID token and returns the user's claims.
|
||||
func (firebaseAuthInstance *Auth) VerifyToken(requestContext context.Context, idToken string) (uid, email, name, avatarURL string, verifyError error) {
|
||||
token, verifyError := firebaseAuthInstance.client.VerifyIDToken(requestContext, idToken)
|
||||
if verifyError != nil {
|
||||
return "", "", "", "", verifyError
|
||||
}
|
||||
|
||||
uid = token.UID
|
||||
|
||||
if value, ok := token.Claims["email"].(string); ok {
|
||||
email = value
|
||||
}
|
||||
if value, ok := token.Claims["name"].(string); ok {
|
||||
name = value
|
||||
}
|
||||
if value, ok := token.Claims["picture"].(string); ok {
|
||||
avatarURL = value
|
||||
}
|
||||
|
||||
return uid, email, name, avatarURL, nil
|
||||
}
|
||||
Reference in New Issue
Block a user