firebase-users-admin is a backend app featuring CRUD API endpoints for managing Firebase Authentication users using the firebase-admin SDK for NodeJS.
A basic web app client in the /client directory will show basic API usage and demonstration.
- Requirements
- Installation
- Usage
- Available Scripts - server
- Installation and Usage Using Docker
- Pre-built Server Docker Image (App)
- Pre-built Server Docker Image (Client + Server) Development
- Deploy with GitHub Actions
- References
- Windows 10, MacOS, Linux
- NodeJS v14.18.3 or higher
- Firebase Project [link]
- Pricing Plan: Spark plan or higher
- with the Email/Password Provider enabled in the Firebase Console's Authentication -> Sign-in method -> Sign-in providers options.
- with Firebase (Web) Application enabled in the Firebase Console's Project Settings -> Your Apps
- Service account credentials JSON file
- Firebase-admin v10.0.2
- Firebase Authentication (using Email/Password Provider)
- React 18.1.0 (CRA) on client app
-
Clone this repository.
git clone https://github.com/ciatph/firebase-users-admin.git
-
Install dependencies.
cd server npm install
-
Set up the environment variables. Create a
.env
file inside the /server directory with reference to the.env.example
file. Encode your own Firebase project settings on the following variables:Variable Name Description FIREBASE_SERVICE_ACC The project's private key file contents, condensed into one line and minus all whitespace characters.
The service account JSON file is generated from the Firebase project's Project Settings page, on Project Settings -> Service accounts -> Generate new private keyFIREBASE_PRIVATE_KEY The private_key
entry from the service account JSON file.
NOTE: Take note to make sure that the value starts and ends with a double-quote on WINDOWS OS localhost. Some systems may or may not require the double-quotes (i.e., Ubuntu running on heroku).
ALLOWED_ORIGINS IP/domain origins in comma-separated values that are allowed to access the API if ALLOW_CORS=1
. Includehttp://localhost:3000
by default to allow CORS access to the/client
app.EMAIL_WHITELIST Comma-separated email addresses linked to Firebase Auth UserRecords that are not allowed to be deleted or updated (write-protected)
Default value is[email protected]
ALLOW_CORS Allow Cross-Origin Resource Sharing (CORS) on the API endpoints.
Default value is1
, allowing access to domains listed inALLOWED_ORIGINS
. Setting to0
will make all endpoints accept requests from all domains, including Postman.ALLOW_AUTH Restrict access to the POST
,PATCH
andDELETE
API endpoints by allowing signed-in Firebase user Bearer Authorization (Firebase token) checking.
Retrieve the signed-in Firebase token by signing in a user using the Firebase Web JS SDKsignInWithEmailAndPassword()
method, then retrieve the latest token value usinggetIdTokenResult()
.
Default value is1
. Setting to0
will disable Bearer Authorization checking on the listed API endpoints.CHOKIDAR_USEPOLLING Enables hot reload on nodemon
running inside Docker containers on a Windows host. Set it to true if running Docker Desktop with WSL2 on a Windows OS.CHOKIDAR_INTERVAL Chokidar polling interval. Set it along with CHOKIDAR_USEPOLLING=true
if running Docker Desktop with WSL2 on a Windows OS. The default value is1000
.
-
Install dependencies.
cd client npm install
-
Replace the
/client/config/firebase.config.js
file with your own Firebase project's web SDK setup configuration file.- You can find this file in a Firebase project's Project Settings -> General -> Web apps (Add an app if needed) -> SDK setup and configuration
- The
firebase.config.js
settings must match with theFIREBASE_SERVICE_ACC
environment variable defined on server - step # 3.
-
Create a
/client/.env
file from the/client/.env.example
file.- Replace the
REACT_APP_BASE_URL
variable with an appropriate value. - Replace the
REACT_APP_FIREBASE_*
set of variables with your own Firebase project configuration that matches the server variables:FIREBASE_SERVICE_ACC
andFIREBASE_PRIVATE_KEY
. These variables, using default values from this repository's Firebase project will not work with your server Firebase variables.
Variable Name Description REACT_APP_BASE_URL Domain on which the CRUD API is running.
Default value ishttp://localhost:3001/api
on localhost. See the server set-up instructions for more information.REACT_APP_FIREBASE_API_KEY Firebase web API key from the Firebase Project Settings configuration file. REACT_APP_FIREBASE_AUTHDOMAIN Firebase web auth domain key from the Firebase Project Settings configuration file. REACT_APP_FIREBASE_PROJECT_ID Firebase web project ID from the Firebase Project Settings configuration file. REACT_APP_FIREBASE_STORAGE_BUCKET Firebase web storage bucket key from the Firebase Project Settings configuration file. REACT_APP_FIREBASE_MESSAGING_SENDER_ID Firebase web messaging sender ID from the Firebase Project Settings configuration file. REACT_APP_FIREBASE_APP_ID Firebase web web app key from the Firebase Project Settings configuration file. REACT_APP_FIREBASE_MEASUREMENT_ID Firebase web measurement ID from the Firebase Project Settings configuration file. WATCHPACK_POLLING Enables hot reload on React apps running inside Docker containers on a Windows host. Set it to true
if running Docker Desktop with WSL2 on a Windows OS. - Replace the
-
Run the app in development mode.
npm start
-
Launch the client app in:
http://localhost:3000
- Navigate to the
/server
directory. - Create a default Firebase Auth user.
npm run seed
- Generate the API documentation.
npm run gen:docs
- Run the app:
- (development mode)
npm run dev
- (production mode)
npm start
- (development mode)
- Read the API documentation and usage examples guide of available CRUD API endpoints on:
http://localhost:3001/docs
- Try to log-in to the
/client
app using the default superadmin seeded user from step no. 2:username: [email protected] password: 123456789
- Use the CRUD API endpoints to create/update/delete or view Firebase Auth users using Postman, curl, or other http clients.
- Try signing in these users to the
/client
app. -
NOTE: Comment out the
cors
options lineapp.use(cors(corsOptions))
on /server/src/index.js when testing on Postman and other http clients other than the/client
app.
- Try signing in these users to the
The npm scripts listed below are available under the /server directory.
Run the express app (API only) in production mode. You'll need to npm run gen:docs
if you haven't done so already, if you'd also like to view the API documentation usage in production mode.
Run the express app (API only) in development mode.
Builds the API documentation. The static website documentation files are put in the /src/public/docs
directory, and made available on http://localhost:3001/docs
.
Creates an initial superadmin Firebase Authentication user with the credentials:
email: [email protected]
displayname: Super Admin
password: 123456789
account_level: 1
Copies the built /client
website from /client/build
to the server's root directory.
- It requires to build the client app first, after following its set-up instructions:
cd client npm run build
- The built client app will be viewable on
http://localhost:3001
if the server is running.
We can use Docker to run dockerized client and server apps for local development. The following methods require Docker and Docker compose correctly installed and set up on your development machine.
The following dependencies are used to build and run the image. Please feel feel free to use other versions as needed.
- Ubuntu 20.04 (Host)
- Docker version 20.10.17, build 100c701
- Docker Compose version v2.6.0
- Set-up the environment variables and firebase configuration file for the /client app.
- Create the
.env
file under the /client directory as advised on Installation - client # 3.
- Create the
- Set-up the environment variables for the /server app.
- Create the
.env
file under the /server directory as advised on Installation - server # 3.
- Create the
- Build the client and server docker services for localhost development.
docker-compose -f docker-compose-dev.yml build
-
INFO: Building the images for localhost development takes a while, around ~7min+.
- Create and start the client and server containers.
docker-compose -f docker-compose-dev.yml up
- Run a script in the container to create the default
[email protected]
account, if it does not yet exist in the Firestore database.docker exec -it server-prod npm run seed
- Launch the dockerized (dev) client app on
http://localhost:3000
- Launch the dockerized (dev) server app's API documentation on
http://localhost:3001/docs
- Edit source the codes in
/client/src
or/server/src
as needed. Verify that hot reload is working on both the client and server apps. - Stop and remove containers, networks, images and volumes:
docker-compose -f docker-compose-dev.yml down
The following docker-compose commands build small client
and server
images targeted for creating optimized dockerized apps running on self-managed production servers. An Nginx service serves the frontend client
on port 3000
. The server
, running on a separate Nodejs (pm2) service, is also served by the client's Nginx service in a reverse proxy on port 3001
. Hot reload is not available when editing source codes from /client/src
or /server/src
.
- Install and set up the required client and server environment variables as with the required variables on Docker for Localhost Development.
- Build the client and server docker services for production deployment.
docker-compose -f docker-compose-prod.yml build
- Create and start the containers.
docker-compose -f docker-compose-prod.yml up
- Run a script in the container to create the default
[email protected]
account, if it does not yet exist in the Firestore database.docker exec -it server-prod npm run seed
- Launch the dockerized (prod) client app on
http://localhost:3000
- Launch the dockerized (prod) server app's API documentation on
http://localhost:3001/docs
- Stop and remove containers, networks, images and volumes:
docker-compose -f docker-compose-prod.yml down
The following docker-compose commands build a small server
image targeted for creating an optimized dockerized Express app running on self-managed production servers. The frontend client
is served in an a static directory using the Express static middleware.
- Install and set up the required client and server environment variables as with the required variables on Docker for Localhost Development.
-
INFO: This build method requires CORS checking dissabled, since the client and server will run on the same port (3001).
- Disable CORS by setting
ALLOW_CORS=0
in the .env file to avoidSame Origin
errors.
- Disable CORS by setting
-
- Build the client and server docker services for production deployment.
docker-compose -f docker-compose-app.yml build
- Create and start the containers.
docker-compose -f docker-compose-app.yml up
- Run a script in the container to create the default
[email protected]
account, if it does not yet exist in the Firestore database.docker exec -it firebase-users-admin-app npm run seed
- Launch the dockerized (prod) client + server app on
http://localhost:3000
- Launch the dockerized (prod) client + server app API documentation on
http://localhost:3001/docs
- Stop and remove containers, networks, images and volumes:
docker-compose -f docker-compose-app.yml down
The server
component of firebase-users-admin is available as a stand-alone docker image on Docker Hub with customizable environment variables (.env file).
The server also serves the pre-built client
website from a static directory using the express.static()
middleware, following the build instructions from Option #2 - Client and Server Bundled in (1) Image and Service.
Warning
While the pre-built Docker image runs both client and server apps, the client only works for this code repository at ciatph/firebase-users-admin, since it uses the repository's specific Firebase config settings during client (React) build.
- Pull the (production) /server Docker image from Docker Hub.
- Find the latest version tag from https://hub.docker.com/r/ciatphdev/firebase-users-app, i.e.,
v1.1.6
docker pull ciatphdev/firebase-users-app:v1.1.6
- Find the latest version tag from https://hub.docker.com/r/ciatphdev/firebase-users-app, i.e.,
- Create a
.env
file.- Read Installation - server #3 for more information.
- Replace the variables accordingly in the
.env
file. SetALLOW_CORS=0
to allowSame Origin
requests. Read Option #2 - Client and Server Bundled in (1) Image and Service for more information.ALLOWED_ORIGINS=http://localhost,http://localhost:3000,http://mywebsite.com,http://yourwebsite.com FIREBASE_SERVICE_ACC=YOUR-FIREBASE-PROJ-SERVICE-ACCOUNT-JSON-CREDENTIALS-ONE-LINER-NO-SPACES FIREBASE_PRIVATE_KEY=PRIVATE-KEY-FROM-FIREBASE-SERVICE-ACCOUNT-JSON-WITH-DOUBLE-QUOTES [email protected] ALLOW_CORS=0 ALLOW_AUTH=1
- Run the image.
docker run -it --rm \ --env-file .env \ -p 3001:3001 \ ciatphdev/firebase-users-admin-app:v1.1.6
- Run a script in the container to create the default
[email protected]
account, if it does not yet exist in the Firestore database.docker exec -it firebase-users-admin-app npm run seed
- Launch the server API documentation on
http://localhost:3001/docs
- Launch the client website on
http://localhost:3001
.- Login using the superadmin account create on step # 4.
username: [email protected] password: 123456789
- Test the API routes by creating new accounts, editing or deleting existing accounts.
- The signed-in user's Firebase Auth token is available on the Home page (http://localhost:3001/)
- Login using the superadmin account create on step # 4.
This project also deploys the latest client and server development Docker images to Docker Hub on the creation of new Release/Tags. Pre-built Docker images for local development are available on Docker Hub at:
https://hub.docker.com/r/ciatphdev/firebase-users-admin
-
Pull the pre-built development Docker images using any of the two (2) options:
- Navigate to the gsites-components root project directory, then run:
docker compose -f docker-compose.dev.yml pull
- Open a terminal and run:
docker pull ciatphdev/firebase-users-admin:client docker pull ciatphdev/firebase-users-admin:server
- Navigate to the gsites-components root project directory, then run:
-
Follow the instructions in the README files inside the /client and /server directories for more information on configuring and using the client and server apps.
-
Run the development images using any of the two (2) options (requires a
.env
file input parameter):- Run with Docker compose:
docker compose -f docker-compose.dev.yml up
- Run with Docker:
docker run -it --rm --env-file .env -p 3000:3000 ciatphdev/firebase-users-admin:client docker run -it --rm --env-file .env -p 3001:3001 ciatphdev/firebase-users-admin:server
- Run with Docker compose:
Deployment with GitHub Actions to live environments and Docker Hub is optional. Supply the following GitHub Secrets and GitHUb Variables if there is a need to deploy and push the client and server apps to live environments.
[!INFO] Live server deployment to a new cloud hosting provider is currently under construction. Previous versions used to deploy it in a free-tier Heroku server.
- Firebase project
- with Authentication (Email/Password) activated
- with Firebase Hosting activated (Refer to the
/client/.firebaserc
file for more information about the project structure)
- Docker Hub account
-
Create the following GitHub Secrets:
client.env
variablesREACT_APP_BASE_URL REACT_APP_FIREBASE_API_KEY REACT_APP_FIREBASE_AUTHDOMAIN REACT_APP_FIREBASE_PROJECT_ID REACT_APP_FIREBASE_STORAGE_BUCKET REACT_APP_FIREBASE_MESSAGING_SENDER_ID REACT_APP_FIREBASE_APP_ID REACT_APP_FIREBASE_MEASUREMENT_ID
Docker Hub Account
GitHub Secret Description DOCKERHUB_USERNAME Docker Hub username DOCKERHUB_TOKEN Deploy token for the Docker Hub account GitHub Variable Description DOCKERHUB_USERNAME Docker Hub username -
Create Release/Tag from the
master
branch to trigger deployment to the production environment:- Deploy front end (React) to Firebase Hosting
- Build and push Docker images to Docker Hub
-
Inspect the contents of the
.github/workflows/release.yml
for reference.
[1] - docker compose commands
@ciatph 20220406