Firebase Auth integration for HTTP functions. (#3)

* Test Firebase Auth.

* Update path inside git.

* Successful auth request.

* Refactor FirebaseAuthValidator.

* Test with updated auth validator.

* Update init.

* Use env variable for project id for local builds.

* Update Http generation strategy.

* Update auth callback.

* Update method name in validator callback.

* Show IdToken in Dartblaze exports.

* Update exports on Dartblaze.

* Update http strategy and dartblaze exports.

* Update IdToken param validity.

* Update gitignore.

* Fix example.

* Dartblaze 0.0.2.

* Prepare dartblaze_builder for new version publishing.

* Update example and use latest packages.

* Update Http functions docs.

Author: dinko7

docs/docs/functions/http-functions.md

@@ -78,6 +78,16 @@ Future<Response> updateTodoLogger(Todo todo, RequestLogger logger) async {
 }
 ```
 
+## Authentication
+
+All `@Http` functions have Firebase Auth integration enabled by default. This means that the function expects `Authorization: Bearer <token>` header when being called from client.
+
+Token is Firebase id token, which you can get on the client by calling `await FirebaseAuth.instance.currentUser.getIdToken()`.
+
+You can disable auth for a function in the header: `@Http(auth: false)`.
+
+
+
 ## :warning: Current Limitations
 
 1. **No Body Validation**: The annotation does not currently support automatic request body validation. Validation must be implemented manually within the handler.

docs/docs/testing.md

@@ -37,7 +37,7 @@ class Todo with _$Todo {
   factory Todo.fromJson(Map<String, dynamic> json) => _$TodoFromJson(json);
 }
 
-@Http()
+@Http(auth:false)
 Future<Response> updateTodo(Todo todo) async {
   firestore.collection('todos').doc(todo.id).update(todo.toJson());
   return Response.ok('Todo updated: ${todo.id}');
@@ -59,4 +59,10 @@ curl -X POST http://localhost:8080/todos \
 As a result, you should see this in your terminal:
 ```bash
 Todo updated: 123
-```
+```
+
+::: tip
+All `@Http` functions have Firebase Auth integration enabled by default. This means that the function expects `Authorization: Bearer <token>` header when being called from client.
+
+Check [authorization](./functions/http-functions.md#authentication) section of Http function to see how to get the token.
+:::

example/.gitignore

@@ -1,6 +1,7 @@
 # https://dart.dev/guides/libraries/private-files
 # Created by `dart pub`
 .dart_tool/
+pubspec.lock
 
 # logs
 firebase-debug.log
@@ -14,6 +15,7 @@ service-account.json
 # Generated files
 /lib/**/*.freezed.dart
 /lib/**/*.g.dart
+bin/server.dart
 
 # Deployment files
 functions.json
@@ -22,3 +24,7 @@ functions.json
 .firebaserc
 firebase.json
 project.json
+
+# IDE files
+.idea/
+.vscode/

example/bin/server.dart

@@ -9,8 +9,17 @@ Future<Response> updateTodo(Todo todo) async {
   return Response.ok('Todo updated: ${todo.id}');
 }
 
+@Http(auth: false)
+Future<Response> updateTodoNoAuth(Todo todo) async {
+  firestore.collection('todos').doc(todo.id).update(todo.toJson());
+  return Response.ok('Todo updated: ${todo.id}');
+}
+
 @Http()
-Future<Response> updateTodoRequest(Request request) async {
+Future<Response> updateTodoRequest(
+  Request request, {
+  required IdToken authToken,
+}) async {
   final todo = await request.body.as(Todo.fromJson);
   firestore.collection('todos').doc(todo.id).update(todo.toJson());
   return Response.ok('Todo updated: ${todo.id}');