Authentication System Documentation

Table of Contents

• Authentication System Documentation
  • Table of Contents
  • System Overview
  • Core Components
    • Firebase Configuration
    • Authentication Flow
  • Implementation Details
    • Middleware Setup
    • User Management
  • Environment Configuration
  • Security Considerations
  • Protected Routes
  • Production Deployment

---

System Overview

Our authentication system integrates Firebase Authentication with custom backend services to provide secure user management. Key features include:

• Firebase-based JWT token authentication
• Automatic user profile creation
• Session management with access/refresh tokens
• Role-based access control integration

---

Core Components

Firebase Configuration

Backend Setup:

// firebase-key.json
{
  "type": "service_account",
  "project_id": "your-project-id",
  "private_key": "your-private-key",
  "client_email": "firebase-adminsdk@your-project.iam.gserviceaccount.com"
}

Frontend Setup (.env):

VITE_FIREBASE_API_KEY=your-api-key
VITE_FIREBASE_AUTH_DOMAIN=your-project.firebaseapp.com
VITE_FIREBASE_PROJECT_ID=your-project-id

Security Notice

• Never commit service account credentials to version control
• Store secrets in environment variables
• Rotate keys regularly

Authentication Flow

1. Client-side Firebase authentication
2. JWT token verification in backend middleware
3. User profile synchronization
4. Session management with dual tokens

---

Implementation Details

Middleware Setup

Token Verification:

authMiddleware.authProvider = async (req, res, next) => {
  const idToken = req.headers.authorization?.split("Bearer ")[1];
  try {
    const decodedIdToken = await firebaseApp.auth().verifyIdToken(idToken);
    req.user = await authService.getUserFromFirebaseID(decodedIdToken.uid);
    next();
  } catch (error) {
    handleAuthError(res, error);
  }
};

User Management

Profile Creation:

authService.createUser = async ({ email, firebaseID }) => {
  return prisma.tblUsers.create({
    data: {
      email,
      firebaseID,
      isActive: true,
      lastLogin: new Date()
    }
  });
};

---

Environment Configuration

Essential Variables:

# Network Security
CORS_WHITELIST="http://localhost:3000,https://prod-domain.com"

---

Security Considerations

1. Token Security

   • 15-minute access token lifetime
   • 100-hour refresh token rotation
   • HTTP-only cookies for token storage

2. Firebase Best Practices

   • Enable multi-factor authentication
   • Implement password complexity policies
   • Regular security rule audits

3. CORS Configuration

app.use(cors({
  origin: process.env.CORS_WHITELIST.split(','),
  methods: ['GET', 'POST', 'PUT', 'DELETE']
}));

---

Protected Routes

Route Protection Example:

router.get("/", authMiddleware.authProvider, authController.getUserInfo);

router.get(
  "/config/:tenantID",
  authMiddleware.authProvider,
  authController.getUserConfig
);

router.post(
  "/config/:tenantID",
  authMiddleware.authProvider,
  authController.updateUserConfig
);

Error Handling:

Error Code	Description
401 Unauthorized	Missing or invalid token
403 Forbidden	Insufficient permissions
429 Too Many Requests	Rate limit exceeded

---

Production Deployment

Docker Configuration:

docker run -p 8090:8090 \
  -e FIREBASE_PROJECT_ID="$PROD_FIREBASE_ID" \
  -e CORS_WHITELIST="https://prod-domain.com" \
  backend-image

Security Checklist:

• Enable HTTPS with HSTS headers
• Configure Firebase Security Rules
• Set up monitoring for auth attempts
• Implement rate limiting

---

This documentation maintains consistency with the authorization system structure while highlighting authentication-specific implementations and security considerations.