Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firebase auth branch #11

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Firebase auth branch #11

wants to merge 22 commits into from
+1,728 −197

Conversation

emma-x1
Copy link
Collaborator

@emma-x1 emma-x1 commented Nov 22, 2024

Notion ticket link

Ticket Name

Implementation description

Steps to test

What should reviewers focus on?

Checklist

  • My PR name is descriptive and in imperative tense
  • My commit messages are descriptive and in imperative tense. My commits are atomic and trivial commits are squashed or fixup'd into non-trivial commits
  • I have run the appropriate linter(s)
  • I have requested a review from the PL, as well as other devs who have background knowledge on this PR or who will be building on top of this PR

Sorry, something went wrong.

emma-x1 and others added 22 commits October 16, 2024 18:11
@emma-x1
initialized firebase
bf152e5
@mmiqball
add dependencies
26d7eb9
@mmiqball
add pdyantic user models
c3e2868
@mmiqball
add Firebase authentication initialization
06456a2
@mmiqball
implement user creation endpoint
f6975c1
@mmiqball
add user creation unit test
ce34aa5 
lint

lint
@mmiqball
separate user service initialization in user routes
751de85
@mmiqball
simplify firebase initialization
494a7b1
@mmiqball
load env before code executes
663260d
@mmiqball
construct firebase service account key path from pwd
de58f13
@mmiqball
add google SSO signup functionality
36edc43
@mmiqball
minor pr comments fixes
6a2851b
@mmiqball
remove unusued test, add todo comment
Loading
Loading status checks…
43228b6
@mmiqball
lint
Loading
Loading status checks…
1c2482b
@emma-x1
middlwares
72a0680
@mmiqball
fix incorrect import path
Loading
Loading status checks…
70c1e17
@mmiqball
rough drafts for auth service, router, schemas (to be fixed)
da41302
@emma-x1
added middlewares
e8c6675
@emma-x1
middlwares
28b1853
@emma-x1
added middlewares
7d57ec4
@emma-x1
worked on auth middleware
7d762ff
@emma-x1
Merge branch 'firebase-auth-branch' of https://github.com/uwblueprint…
e9022ec 
…/llsc into firebase-auth-branch
@mslwang mslwang requested a review from mmiqball November 30, 2024 23:50
mmiqball
mmiqball reviewed Dec 1, 2024
View reviewed changes
backend/app/middlewares/authmiddleware.py
def role_based_access_control(allowed_roles: List[str]):
def middleware_decorator(endpoint: Callable):
async def wrapper(request: Request, *args, **kwargs):
roles = getattr(request.state, "user_roles", [])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's much much safer to get a user's roles from firebase or the db ourselves using the methods in the auth service, instead of sending it in the request

imagine someone malicious adding in roles to their requests that they don't have access to, which would let them access other roles that they haven't been assigned to in the db

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmiqball mmiqball

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@emma-x1 @mmiqball