Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

connect-session-firebase

Package Overview
Dependencies
Maintainers
1
Versions
29
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

connect-session-firebase

Firebase session store for Connect/Express

  • 5.11.0
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

Connect Session Firebase

Travis Codecov Greenkeeper badge

connect-session-firebase is a Connect/Express compatible session store backed by the Firebase SDK.

Installation

firebase-admin must be added as a peer dependency, or you're gonna have a bad time. connect-session-firebase expects a matching major.minor version of Firebase.

$ npm install firebase-admin connect-session-firebase --save

Options

  • database A pre-initialized Firebase Database app instance.
  • sessions (optional) A child reference string for session storage. (defaults to "sessions")
  • reapInterval (optional) How often expired sessions should be cleaned up (defaults to 21600000) (6 hours in milliseconds)
  • reapCallback (optional) A callback function to execute whenever a session clean up occurs

Usage

Initialize firebase-admin database and pass the instance to FirebaseStore. Connecting to the database requires a credential cert via a JSON file from the Firebase IAM & Admin Console.

const connect = require('connect');
const FirebaseStore = require('connect-session-firebase')(connect);
const firebase = require('firebase-admin');
const ref = firebase.initializeApp({
  credential: firebase.credential.cert('path/to/serviceAccountCredentials.json'),
  databaseURL: 'https://databaseName.firebaseio.com'
});

connect()
  .use(connect.cookieParser())
  .use(connect.session({
    store: new FirebaseStore({
      database: ref.database()
    }),
    secret: 'keyboard cat'
  }));
  • Express

    NOTE: In Express 4 express-session must be passed to the function connect-session-firebase exports in order to extend express-session.Store:

const express = require('express');
const session = require('express-session');
const FirebaseStore = require('connect-session-firebase')(session);
const firebase = require('firebase-admin');
const ref = firebase.initializeApp({
  credential: firebase.credential.cert('path/to/serviceAccountCredentials.json'),
  databaseURL: 'https://databaseName.firebaseio.com'
});

express()
  .use(session({
    store: new FirebaseStore({
      database: ref.database()
    }),
    secret: 'keyboard cat'
    resave: true,
    saveUninitialized: true
  }));

Security

If you use a publicly available Firebase Database, please set proper rules:

{
  "rules": {
    ".read": "false",
    ".write": "false",
    "sessions": {
      ".read": "false",
      ".write": "false"
    },
    "some_public_data": {
      ".read": "true",
      ".write": "auth !== null"
    }
  }
}

Learn more about Firebase rules: https://firebase.google.com/docs/database/security/

Tests

To run tests against connect-session-firebase you will need your own Firebase Database app available.

Checkout the repo locally and create two files in the project root:

  • .env
  • serviceAccountCredentials.json

With the content:

.env

FIREBASE_SERVICE_ACCOUNT=./serviceAccountCredentials.json
FIREBASE_DATABASE_URL=https://[databaseName].firebaseio.com

serviceAccountCredentials.json

{
  "type": "service_account",
  "project_id": "",
  "private_key_id": "",
  "private_key": "",
  "client_email": "",
  "client_id": "",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": ""
}

Install the dev dependencies:

$ npm install

Run the tests:

$ npm test

License

connect-session-firebase is licensed under the MIT license.

FAQs

Package last updated on 28 Mar 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc