Add authenticated-json-api sample. (firebase#3)

Author: danasilver

authenticated-json-api/README.md

@@ -0,0 +1,40 @@
+# Authenticated JSON API
+
+This sample shows how to authenticate access to a JSON API to only allow
+access to data for a specific Firebase user.
+
+Only users who pass a valid Firebase ID token as a Bearer token in the
+`Authorization` header of the HTTP request are authorized to use the API.
+
+This sample comes with a web-based API explorer UI whose code is in the [public](public) directory.
+It lets you sign in to Firebase with your Google account, and create messages whose sentiments are
+detected by the [Cloud Natural Language API](https://cloud.google.com/natural-language/).
+
+## Setting up the sample
+
+ 1. Create a Firebase Project using the [Firebase Console](https://console.firebase.google.com).
+ 1. Enable the **Google** Provider in the **Auth** section.
+ 1. Enable Billing on your project (to connect to the Natural Language API) by switching to the Blaze or Flame plan.
+ 1. Clone or download this repo and open the `authenticated-json-api` directory.
+ 1. You must have the Firebase CLI installed. If you don't have it install it with `npm install -g firebase-tools` and then configure it with `firebase login`.
+ 1. Configure the CLI locally by using `firebase use --add` and select your project in the list.
+ 1. Install dependencies locally by running: `cd functions; npm install; cd -`
+ 1. Enable the Google Cloud Natural Language API: https://console.cloud.google.com/apis/api/language.googleapis.com/overview?project=_
+
+## Deploy and test
+
+This sample comes with a web-based UI for testing the function. To test it out:
+
+ 1. Deploy your project using `firebase deploy`
+ 1. Open the app using `firebase open hosting:site`, this will open a browser.
+ 1. Sign in to the web app in the browser using Google Sign-In
+ 1. Create messages and explore them using the List and Detail sections.
+ 1. Sign out. You should no longer be able to access the API.
+
+## Contributing
+
+We'd love that you contribute to the project. Before doing so please read our [Contributor guide](../CONTRIBUTING.md).
+
+## License
+
+© Google, 2017. Licensed under an [Apache-2](../LICENSE) license.

authenticated-json-api/database.rules.json

@@ -0,0 +1,13 @@
+{
+  "rules": {
+    "users": {
+      "$uid": {
+        ".read": "auth.uid === $uid",
+        ".write": "auth.uid === $uid",
+        "messages": {
+          ".indexOn": ["category"]
+        }
+      }
+    }
+  }
+}

authenticated-json-api/firebase.json

@@ -0,0 +1,11 @@
+{
+  "hosting": {
+    "public": "public",
+    "rewrites": [
+      { "source": "/api/**", "function": "api" }
+    ]
+  },
+  "database": {
+    "rules": "database.rules.json"
+  }
+}

authenticated-json-api/functions/index.js

@@ -0,0 +1,126 @@
+/**
+ * Copyright 2017 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict';
+
+const functions = require('firebase-functions');
+const admin = require('firebase-admin');
+const Language = require('@google-cloud/language');
+const express = require('express');
+
+const app = express();
+const language = new Language({projectId: process.env.GCLOUD_PROJECT});
+
+admin.initializeApp(functions.config().firebase);
+
+// Express middleware that validates Firebase ID Tokens passed in the Authorization HTTP header.
+// The Firebase ID token needs to be passed as a Bearer token in the Authorization HTTP header like this:
+// `Authorization: Bearer <Firebase ID Token>`.
+// when decoded successfully, the ID Token content will be added as `req.user`.
+const authenticate = (req, res, next) => {
+  if (!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) {
+    res.status(403).send('Unauthorized');
+    return;
+  }
+  const idToken = req.headers.authorization.split('Bearer ')[1];
+  admin.auth().verifyIdToken(idToken).then(decodedIdToken => {
+    req.user = decodedIdToken;
+    next();
+  }).catch(error => {
+    res.status(403).send('Unauthorized');
+  });
+};
+
+app.use(authenticate);
+
+// POST /api/messages
+// Create a new message, get its sentiment using Google Cloud NLP,
+// and categorize the sentiment before saving.
+app.post('/api/messages', (req, res) => {
+  const message = req.body.message;
+
+  language.detectSentiment(message).then(results => {
+    const category = categorizeScore(results[0].score);
+    const data = {message: message, sentiment: results, category: category};
+    return admin.database().ref(`/users/${req.user.uid}/messages`).push(data);
+  }).then(snapshot => {
+    return snapshot.ref.once('value');
+  }).then(snapshot => {
+    const val = snapshot.val();
+    res.status(201).json({message: val.message, category: val.category});
+  }).catch(error => {
+    console.log('Error detecting sentiment or saving message', error.message);
+    res.sendStatus(500);
+  });
+});
+
+// GET /api/messages?category={category}
+// Get all messages, optionally specifying a category to filter on
+app.get('/api/messages', (req, res) => {
+  const category = req.query.category;
+  let query = admin.database().ref(`/users/${req.user.uid}/messages`);
+
+  if (category && ['positive', 'negative', 'neutral'].indexOf(category) > -1) {
+    // Update the query with the valid category
+    query = query.orderByChild('category').equalTo(category);
+  } else if (category) {
+    return res.status(404).json({errorCode: 404, errorMessage: `category '${category}' not found`});
+  }
+
+  query.once('value').then(snapshot => {
+    var messages = [];
+    snapshot.forEach(childSnapshot => {
+      messages.push({key: childSnapshot.key, message: childSnapshot.val().message});
+    });
+
+    return res.status(200).json(messages);
+  }).catch(error => {
+    console.log('Error getting messages', error.message);
+    res.sendStatus(500);
+  });
+});
+
+// GET /api/message/{messageId}
+// Get details about a message
+app.get('/api/message/:messageId', (req, res) => {
+  const messageId = req.params.messageId;
+  admin.database().ref(`/users/${req.user.uid}/messages/${messageId}`).once('value').then(snapshot => {
+    if (snapshot.val() !== null) {
+      // Cache details in the browser for 5 minutes
+      res.set('Cache-Control', 'private, max-age=300');
+      res.status(200).json(snapshot.val());
+    } else {
+      res.status(404).json({errorCode: 404, errorMessage: `message '${messageId}' not found`});
+    }
+  }).catch(error => {
+    console.log('Error getting message details', messageId, error.message);
+    res.sendStatus(500);
+  });
+});
+
+// Expose the API as a function
+exports.api = functions.https.onRequest(app);
+
+// Helper function to categorize a sentiment score as positive, negative, or neutral
+const categorizeScore = score => {
+  if (score > 0.25) {
+    return 'positive';
+  } else if (score < -0.25) {
+    return 'negative';
+  } else {
+    return 'neutral';
+  }
+}

authenticated-json-api/functions/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "functions",
+  "description": "Cloud Functions for Firebase",
+  "dependencies": {
+    "@google-cloud/language": "^0.10.3",
+    "express": "^4.15.2",
+    "firebase-admin": "~4.1.2",
+    "firebase-functions": "^0.5"
+  },
+  "private": true
+}

authenticated-json-api/public/index.html

@@ -0,0 +1,108 @@
+<!DOCTYPE html>
+<!--
+  Copyright 2017 Google Inc. All rights reserved.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+      https://www.apache.org/licenses/LICENSE-2.0
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License
+-->
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Authenticated JSON API</title>
+
+    <!-- Material Design Lite -->
+    <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
+    <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
+    <link rel="stylesheet" href="https://code.getmdl.io/1.1.3/material.light_blue-pink.min.css">
+
+    <link rel="stylesheet" href="main.css">
+  </head>
+  <body>
+    <header class="mdl-layout__header mdl-color-text--white mdl-color--light-blue-700">
+      <div class="mdl-cell mdl-cell--12-col mdl-cell--12-col-tablet mdl-grid">
+        <div class="mdl-layout__header-row mdl-cell mdl-cell--12-col mdl-cell--12-col-tablet mdl-cell--8-col-desktop">
+          <h3>Authenticated JSON API Demo</h3>
+        </div>
+      </div>
+    </header>
+
+    <div class="mdl-grid">
+      <div class="mdl-cell mdl-cell--2-offset--desktop mdl-cell--4-col mdl-shadow--2dp">
+        <div id="demo-sign-in-card" class="mdl-card">
+          <div class="mdl-card__title mdl-color--light-blue-100">
+            <h2 class="mdl-card__title-text">Sign in with Google</h2>
+          </div>
+          <div class="mdl-card__supporting-text mdl-color-text--grey-600">
+            This web application demonstrates how to expose an authenticated JSON API via Firebase Hosting and
+            Cloud Functions for Firebase.
+          </div>
+          <div class="mdl-card__actions mdl-card--border">
+            <button id="demo-sign-in-button" class="mdl-button mdl-button--raised mdl-js-button mdl-js-ripple-effect">
+              <i class="material-icons">account_circle</i>
+              Sign in with Google
+            </button>
+            <button id="demo-sign-out-button" class="mdl-button mdl-button--raised mdl-js-button mdl-js-ripple-effect">
+              Sign out
+            </button>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <div class="mdl-grid">
+      <div class="mdl-cell">
+        <h4>Explore the API <small>Requires Sign In</small></h4>
+      </div>
+    </div>
+
+    <div class="mdl-grid">
+      <div class="mdl-cell mdl-cell--8-col mdl-shadow--2dp demo-create-message">
+        <h5>New Message</h5>
+        <div class="mdl-textfield mdl-js-textfield">
+          <textarea class="mdl-textfield__input" type="text" rows="1" id="demo-message" ></textarea>
+          <label class="mdl-textfield__label" for="demo-message">Type a message to analyze...</label>
+        </div>
+        <a id="demo-create-message" class="mdl-button mdl-button--raised mdl-js-button mdl-js-ripple-effect">
+          Save and Analyze
+        </a>
+        <span id="demo-create-message-result"></span>
+      </div>
+    </div>
+
+    <div class="mdl-grid">
+      <div class="mdl-cell mdl-cell--4-col mdl-shadow--2dp">
+        <div class="demo-message-list">
+          <h5>List Messages</h5>
+          <button id="message-list-button-all" class="mdl-button mdl-button--raised mdl-js-button mdl-js-ripple-effect message-list-button">All</button>
+          <button class="mdl-button mdl-button--raised mdl-js-button mdl-js-ripple-effect message-list-button">Positive</button>
+          <button class="mdl-button mdl-button--raised mdl-js-button mdl-js-ripple-effect message-list-button">Negative</button>
+          <button class="mdl-button mdl-button--raised mdl-js-button mdl-js-ripple-effect message-list-button">Neutral</button>
+
+          <ul id="demo-message-list" class="mdl-list"></ul>
+        </div>
+      </div>
+
+      <div class="mdl-cell mdl-cell--4-col mdl-shadow--2dp">
+        <div class="demo-message-details">
+          <h5>Message Details</h5>
+          <pre id="demo-message-details"></pre>
+        </div>
+      </div>
+    </div>
+
+    <script src="https://code.getmdl.io/1.1.3/material.min.js"></script>
+    <script src="/__/firebase/3.9.0/firebase-app.js"></script>
+    <script src="/__/firebase/3.9.0/firebase-auth.js"></script>
+    <script src="/__/firebase/3.9.0/firebase-database.js"></script>
+    <script src="/__/firebase/init.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js"></script>
+    <script src="main.js"></script>
+  </body>
+</html>

authenticated-json-api/public/main.css

@@ -0,0 +1,68 @@
+/**
+ * Copyright 2017 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+.mdl-card {
+  width: 100%;
+}
+
+#demo-sign-in-card > .mdl-card__title {
+  height: 125px;
+}
+
+#demo-create-message-result {
+  margin-left: 10px;
+}
+
+.mdl-textfield, .mdl-textfield > textarea {
+  width: 100%;
+  resize: none;
+}
+
+h5 {
+  margin: 20px 5px;
+}
+
+button:not(:first-child) {
+  margin-left: 5px;
+}
+
+li:hover {
+  background-color: rgba(158,158,158,.2);
+  cursor: pointer;
+}
+
+li.selected {
+  background-color: rgba(158,158,158,.4);
+}
+
+.demo-create-message {
+  padding: 10px;
+}
+
+.demo-message-list,
+.demo-message-details {
+  padding-left: 10px;
+}
+
+.demo-message-list > ul {
+  height: 335px;
+  overflow: auto;
+}
+
+.demo-message-details > pre {
+  height: 400px;
+  overflow: auto;
+}