rokwire · jsafoan · Jul 6, 2021 · Jul 23, 2021 · Jul 23, 2021 · Aug 13, 2021
@@ -617,6 +617,7 @@ type Storage interface {
 	InsertUser(user *model.User, authCred *model.AuthCred) (*model.User, error)
 	UpdateUser(user *model.User, newOrgData *map[string]interface{}) (*model.User, error)
 	DeleteUser(id string) error
+	FindFirebaseAdminCreds(clientID string) (*model.FirebaseAdminCreds, error)
 
 	FindCredentials(orgID string, appID string, authType string, userID string) (*model.AuthCred, error)
 

@@ -1,8 +1,14 @@
 package auth
 
 import (
+	"context"
+	"encoding/json"
+	"strings"
+
 	"core-building-block/core/model"
 
+	firebase "firebase.google.com/go/v4"
+	"firebase.google.com/go/v4/auth"
 	"github.com/rokmetro/logging-library/errors"
 	"github.com/rokmetro/logging-library/logs"
 	"github.com/rokmetro/logging-library/logutils"
@@ -18,9 +24,124 @@ type firebaseAuthImpl struct {
 	authType string
 }
 
+const (
+	typeCred logutils.MessageDataType = "creds"
+)
+
 func (a *firebaseAuthImpl) check(creds string, orgID string, appID string, params string, l *logs.Log) (*model.UserAuth, error) {
-	//TODO: Implement
-	return nil, errors.New(logutils.Unimplemented)
+	config, err := a.getFirebaseAdminCreds(orgID)
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionGet, logutils.TypeString, nil, err)
+	}
+
+	firebaseApp, err := firebase.NewApp(context.Background(), config)
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionInitialize, typeCred, nil, err)
+	}
+
+	// Access auth service from the firebase app
+	firebaseAuth, err := firebaseApp.Auth(context.Background())
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionInitialize, typeCred, nil, err)
+	}
+
+	//Validate the Firebase token
+	token, err := firebaseAuth.VerifyIDToken(context.Background(), creds)
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionValidate, logutils.TypeToken, &logutils.FieldArgs{"token": token}, err)
+	}
+	user, err := firebaseAuth.GetUser(context.Background(), token.Claims["user_id"].(string))
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionGet, typeCred, nil, err)
+	}
+	claims := &model.UserAuth{UserID: token.Claims["user_id"].(string)}
+	if user.UserInfo.PhoneNumber != "" {
+		claims.Phone = user.UserInfo.PhoneNumber
+	}
+	if user.UserInfo.Email != "" {
+		claims.Email = user.UserInfo.Email
+	}
+	if user.UserInfo.DisplayName != "" {
+		displayName := strings.Split(user.UserInfo.DisplayName, " ")
+		if len(displayName) > 1 {
+			claims.FirstName = displayName[0]
+			claims.LastName = displayName[1]
+		}
+	}
+	var expiry int64 = 0
+	claims.Exp = &expiry
+	return claims, nil
+}
+
+//Create a firebase user with given email and password
+func (a *firebaseAuthImpl) createEmailUser(email string, password string, orgID string) (string, error) {
+	firebaseAuth, err := a.getFirebaseAuthClient(orgID)
+	if err != nil {
+		return "", errors.WrapErrorAction(logutils.ActionGet, typeCred, nil, err)
+	}
+
+	params := (&auth.UserToCreate{}).
+		Email(email).
+		EmailVerified(false).
+		Password(password).
+		Disabled(false)
+
+	userRecord, err := firebaseAuth.CreateUser(context.Background(), params)
+	if err != nil {
+		return "", errors.WrapErrorAction(logutils.ActionCreate, typeCred, nil, err)
+	}
+	return userRecord.UID, nil
+}
+
+//Get a firebase user by a given email
+func (a *firebaseAuthImpl) getEmailUser(email string, orgID string) (string, error) {
+	firebaseAuth, err := a.getFirebaseAuthClient(orgID)
+	if err != nil {
+		return "", errors.WrapErrorAction(logutils.ActionGet, typeCred, nil, err)
+	}
+
+	userRecord, err := firebaseAuth.GetUserByEmail(context.Background(), email)
+	if err != nil {
+		return "", errors.WrapErrorAction(logutils.ActionGet, typeCred, nil, err)
+	}
+	return userRecord.UID, nil
+}
+
+func (a *firebaseAuthImpl) getFirebaseAdminCreds(orgID string) (*firebase.Config, error) {
+	config := &firebase.Config{}
+	creds, err := a.auth.storage.FindFirebaseAdminCreds(orgID)
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal([]byte(creds.FirebaseCreds), config); err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionUnmarshal, typeCred, nil, err)
+	}
+	// os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", "./service-account-file.json")
+	// err = ioutil.WriteFile("./service-account-file.json", []byte(creds.FirebaseCreds), 0644)
+	// if err != nil {
+	// 	return errors.WrapErrorAction(logutils.ActionUpdate, typeCred, nil, err)
+
+	// }
+	return config, nil
+}
+
+func (a *firebaseAuthImpl) getFirebaseAuthClient(orgID string) (*auth.Client, error) {
+	config, err := a.getFirebaseAdminCreds(orgID)
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionGet, logutils.TypeString, nil, err)
+	}
+
+	firebaseApp, err := firebase.NewApp(context.Background(), config)
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionInitialize, typeCred, nil, err)
+	}
+
+	// Access auth service from the firebase app
+	firebaseAuth, err := firebaseApp.Auth(context.Background())
+	if err != nil {
+		return nil, errors.WrapErrorAction(logutils.ActionInitialize, typeCred, nil, err)
+	}
+	return firebaseAuth, nil
 }
 
 func (a *firebaseAuthImpl) refresh(refreshToken string, orgID string, appID string, l *logs.Log) (*model.UserAuth, error) {

@@ -0,0 +1,14 @@
+package model
+
+import "github.com/rokmetro/logging-library/logutils"
+
+const (
+	//TypeGlobalConfig ...
+	TypeFirebaseAdminCred logutils.MessageDataType = "firebase admin creds"
+)
+
+//FirebaseAdminCreds represents the Firebase admin credential structure
+type FirebaseAdminCreds struct {
+	OrgID         string `json:"org_id" bson:"org_id"`
+	FirebaseCreds string `json:"firebase_creds" bson:"firebase_creds"`
+}
@@ -475,6 +475,22 @@ func (sa *Adapter) CreateGlobalConfig(setting string) (*model.GlobalConfig, erro
 	return &globalConfig, nil
 }
 
+//FindFirebaseAdminCreds finds the Firebase cred document from DB by clientID
+func (sa *Adapter) FindFirebaseAdminCreds(orgID string) (*model.FirebaseAdminCreds, error) {
+	filter := bson.D{primitive.E{Key: "org_id", Value: orgID}}
+	var result []*model.FirebaseAdminCreds
+	err := sa.db.firebaseAdminCreds.Find(filter, &result, nil)
+	if err != nil {
+		return nil, err
+	}
+	if result == nil || len(result) == 0 {
+		//not found
+		// log.Info("no Firebase creds found for the given clientID")
+		return nil, errors.WrapErrorAction(logutils.ActionFind, model.TypeFirebaseAdminCred, nil, errors.New("no firebase admin creds found for org_id"))
+	}
+	return result[0], nil
+}
+
 //GetGlobalConfig give config
 func (sa *Adapter) GetGlobalConfig() (*model.GlobalConfig, error) {
 	filter := bson.D{}

@@ -12,9 +12,10 @@ import (
 )
 
 type database struct {
-	mongoDBAuth  string
-	mongoDBName  string
-	mongoTimeout time.Duration
+	mongoDBAuth     string
+	mongoDBName     string
+	mongoTimeout    time.Duration
+	keysMongoDBName string
 
 	logger *logs.Logger
 
@@ -24,6 +25,7 @@ type database struct {
 	users                    *collectionWrapper
 	devices                  *collectionWrapper
 	credentials              *collectionWrapper
+	firebaseAdminCreds       *collectionWrapper
 	globalConfig             *collectionWrapper
 	globalGroups             *collectionWrapper
 	globalRoles              *collectionWrapper
@@ -88,6 +90,11 @@ func (m *database) start() error {
 		return err
 	}
 
+	firebaseAdminCreds := &collectionWrapper{database: m, coll: db.Collection("firebase_admin_creds")}
+	err = m.applyFirebaseCredsChecks(firebaseAdminCreds)
+	if err != nil {
+		return err
+	}
 	globalGroups := &collectionWrapper{database: m, coll: db.Collection("global_groups")}
 	err = m.applyGlobalGroupsChecks(globalGroups)
 	if err != nil {
@@ -419,6 +426,16 @@ func (m *database) applyGlobalConfigChecks(configs *collectionWrapper) error {
 	return nil
 }
 
+func (m *database) applyFirebaseCredsChecks(firebaseCreds *collectionWrapper) error {
+	// Add client_id index
+	err := firebaseCreds.AddIndex(bson.D{primitive.E{Key: "org_id", Value: 1}}, false)
+	if err != nil {
+		return err
+	}
+	m.logger.Info("FirebaseCreds check passed")
+	return nil
+}
+
 func (m *database) applyOrganizationsChecks(organizations *collectionWrapper) error {
 	m.logger.Info("apply organizations checks.....")
 

@@ -3,26 +3,43 @@ module core-building-block
 go 1.16
 
 require (
+	cloud.google.com/go v0.91.1 // indirect
+	cloud.google.com/go/storage v1.16.0 // indirect
+	firebase.google.com/go/v4 v4.6.0
+	github.com/aws/aws-sdk-go v1.40.22 // indirect
 	github.com/casbin/casbin v1.9.1
+	github.com/casbin/casbin/v2 v2.35.2 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/getkin/kin-openapi v0.66.0
-	github.com/golang-jwt/jwt v3.2.1+incompatible
-	github.com/google/uuid v1.2.0
+	github.com/getkin/kin-openapi v0.72.0
+	github.com/go-openapi/jsonreference v0.19.6 // indirect
+	github.com/go-openapi/swag v0.19.15 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
+	github.com/klauspost/compress v1.13.4 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
-	github.com/rokmetro/auth-library v0.1.14
+	github.com/rokmetro/auth-library v0.1.15
 	github.com/rokmetro/logging-library v0.2.2
-	github.com/stretchr/testify v1.6.1
-	github.com/swaggo/http-swagger v1.0.0
+	github.com/stretchr/testify v1.7.0
+	github.com/swaggo/http-swagger v1.1.1
+	github.com/swaggo/swag v1.7.1 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
 	go.mongodb.org/mongo-driver v1.7.1
-	golang.org/x/crypto v0.0.0-20201217014255-9d1352758620 // indirect
-	golang.org/x/mod v0.4.1 // indirect
-	golang.org/x/oauth2 v0.0.0-20210615190721-d04028783cf1 // indirect
+	golang.org/x/crypto v0.0.0-20210813211128-0a44fdfbc16e // indirect
+	golang.org/x/mod v0.5.0 // indirect
+	golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect
+	golang.org/x/oauth2 v0.0.0-20210810183815-faf39c7919d5 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect
-	golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963 // indirect
+	golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/api v0.54.0 // indirect
+	google.golang.org/genproto v0.0.0-20210813162853-db860fec028c // indirect
+	google.golang.org/grpc v1.40.0 // indirect
 	gopkg.in/go-playground/validator.v9 v9.31.0
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gotest.tools v2.2.0+incompatible
-
 )