-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: user data server routes #41
Merged
AasmundN
merged 32 commits into
dev
from
feat/27-authentication-user-data-server-routes
Aug 18, 2023
Merged
feat: user data server routes #41
AasmundN
merged 32 commits into
dev
from
feat/27-authentication-user-data-server-routes
Aug 18, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Errors are automatically caught by Nuxt.
AasmundN
commented
Aug 14, 2023
- Populating pinia store server side removes the need for some of the old code.
- Add user middleware to fetch user data from db. - Update other parts of the code accordingly.
- POST events must return something nuxt/nuxt#15293
- By adding the scope query paramater an admin can get all users. This will fetch and merge user data from firebase auth and the db.
AasmundN
commented
Aug 16, 2023
Bissas
reviewed
Aug 17, 2023
ipeglin
approved these changes
Aug 17, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
user
server middleware. Fetches the users data from the db and merges it with the decodedToken on the h3 event context. The user generated user object is placed on the event context.auth.server.ts
to populateauthStore
on initial server render. Runs after theauth
anduser
server middlewares and only on the initial server render. The plugin has access to both the event context and the nuxtApp instance, which means it can populate the Pinia store. The globalauth
route middleware has been updated accordingly.db
export fromfirebase
util.hasAccessLevel
server util to check a users accessLevel.API endoints
POST /api/user
endpoint creates or updates a user in the firebase realtime database. A user object in the database has the following format.The user entries use the firebase token subject scope
decodedToken.sub
as their object keys. The currently available accessLevels are'admin'
. A default user has no accesslevel array defined. The updated field holds the date of the last time the user object was updated. The endpoint accepts a request body of the following format.These specify how the data of the user with uid
sub
is to be updated. Only admins can update other users than their own.GET /api/user/
endpoint returns the users data object, stored on the event context (seeuser
middleware). If the query paramterscope
is present and has the value'all'
, all users will be fetched. Only admins can fetch all users.DELETE /api/user/
endpoint deletes the users data from the database. Thesub
field of the request body specifies which user to remove. Only admins can remove other users than their own.Further work
This PR only adds the endpoints to modify the data in the database. The firebase auth composable needs to be updated to use these endpoints, as well as update the users in firebase auth accordingly.
Resources