Here is a small hack that mimics HTTP Basic authentication using the cloud-based firebase features and a small file rearrangement.
There are 3 steps for this:
- Configure the required cloud feature
- Move the files you want to protect to the "secret" folder
- Update
firebase.json
1. Cloud function
const USERNAME = 'USERNAME' const PASSWORD = 'PASSWORD' const denyAccess = (res) => { res.statusCode = 401; res.setHeader('WWW-Authenticate', 'Basic realm="Authorization Required'); res.end('Unauthorized'); } exports.authorizeAccess = functions.https.onRequest((req, res) => { if (typeof req.headers.authorization !== 'string') { denyAccess(res); return; } const base64Auth = req.headers.authorization.split(' ')[1]; if (typeof base64Auth !== 'string' ) { denyAccess(res); return; } const [user, pass] = Buffer.from(base64Auth, 'base64').toString().split(':'); if (user !== USERNAME || pass !== PASSWORD) { denyAccess(res); return; } const urlObject = url.parse(req.url); urlObject.pathname = `/${PASSWORD}${urlObject.pathname}`; const location = url.format(urlObject); res.writeHead(302, { location }); res.end(); });
2. Moving files to a secret folder
Suppose the folder you set as public in firebase.json looks like this:
. ├── index.html ├── js | ├── main.js | └── main.js.map └── styles.css
then make it look like this:
. └── PASSWORD ├── index.html ├── js | ├── main.js | └── main.js.map └── styles.css
3. firebase.json
{ ... "rewrites": { "source": "/" "function": "authorizeAccess" } ... }
We had to protect the passwords of our source cards in production; we had them there, first of all, so that Sentry would pick him up. Our build scripts will take care of moving the files to the correct folder.
Rajiv ram v
source share