14-React Firebase Authorization with Roles

rwieruch · rwieruch · commit 6188752284ed · 2018-11-23T12:02:32.000+08:00
diff --git a/src/components/Account/index.js b/src/components/Account/index.js
@@ -1,9 +1,8 @@
 import React from 'react';
 
-import { AuthUserContext } from '../Session';
+import { AuthUserContext, withAuthorization } from '../Session';
 import { PasswordForgetForm } from '../PasswordForget';
 import PasswordChangeForm from '../PasswordChange';
-import { withAuthorization } from '../Session';
 
 const AccountPage = () => (
   <AuthUserContext.Consumer>
@@ -17,6 +16,6 @@ const AccountPage = () => (
   </AuthUserContext.Consumer>
 );
 
-const authCondition = authUser => !!authUser;
+const condition = authUser => !!authUser;
 
-export default withAuthorization(authCondition)(AccountPage);
+export default withAuthorization(condition)(AccountPage);
diff --git a/src/components/Admin/index.js b/src/components/Admin/index.js
@@ -1,6 +1,9 @@
 import React, { Component } from 'react';
+import { compose } from 'recompose';
 
 import { withFirebase } from '../Firebase';
+import { withAuthorization } from '../Session';
+import * as ROLES from '../../constants/roles';
 
 class AdminPage extends Component {
   constructor(props) {
@@ -40,6 +43,9 @@ class AdminPage extends Component {
     return (
       <div>
         <h1>Admin</h1>
+        <p>
+          The Admin Page is accessible by every signed in admin user.
+        </p>
 
         {loading && <div>Loading ...</div>}
 
@@ -67,4 +73,10 @@ const UserList = ({ users }) => (
   </ul>
 );
 
-export default withFirebase(AdminPage);
+const condition = authUser =>
+  authUser && authUser.roles.includes(ROLES.ADMIN);
+
+export default compose(
+  withAuthorization(condition),
+  withFirebase,
+)(AdminPage);
diff --git a/src/components/Firebase/firebase.js b/src/components/Firebase/firebase.js
@@ -34,6 +34,35 @@ class Firebase {
   doPasswordUpdate = password =>
     this.auth.currentUser.updatePassword(password);
 
+  // *** Merge Auth and DB User API *** //
+
+  onAuthUserListener = (next, fallback) =>
+    this.auth.onAuthStateChanged(authUser => {
+      if (authUser) {
+        this.user(authUser.uid)
+          .once('value')
+          .then(snapshot => {
+            const dbUser = snapshot.val();
+
+            // default empty roles
+            if (!dbUser.roles) {
+              dbUser.roles = [];
+            }
+
+            // merge auth and db user
+            authUser = {
+              uid: authUser.uid,
+              email: authUser.email,
+              ...dbUser,
+            };
+
+            next(authUser);
+          });
+      } else {
+        fallback();
+      }
+    });
+
   // *** User API ***
 
   user = uid => this.db.ref(`users/${uid}`);
diff --git a/src/components/Navigation/index.js b/src/components/Navigation/index.js
@@ -1,22 +1,24 @@
 import React from 'react';
 import { Link } from 'react-router-dom';
 
+import { AuthUserContext } from '../Session';
 import SignOutButton from '../SignOut';
 import * as ROUTES from '../../constants/routes';
-
-import { AuthUserContext } from '../Session';
+import * as ROLES from '../../constants/roles';
 
 const Navigation = () => (
-  <div>
-    <AuthUserContext.Consumer>
-      {authUser =>
-        authUser ? <NavigationAuth /> : <NavigationNonAuth />
-      }
-    </AuthUserContext.Consumer>
-  </div>
+  <AuthUserContext.Consumer>
+    {authUser =>
+      authUser ? (
+        <NavigationAuth authUser={authUser} />
+      ) : (
+        <NavigationNonAuth />
+      )
+    }
+  </AuthUserContext.Consumer>
 );
 
-const NavigationAuth = () => (
+const NavigationAuth = ({ authUser }) => (
   <ul>
     <li>
       <Link to={ROUTES.LANDING}>Landing</Link>
@@ -27,9 +29,11 @@ const NavigationAuth = () => (
     <li>
       <Link to={ROUTES.ACCOUNT}>Account</Link>
     </li>
-    <li>
-      <Link to={ROUTES.ADMIN}>Admin</Link>
-    </li>
+    {authUser.roles.includes(ROLES.ADMIN) && (
+      <li>
+        <Link to={ROUTES.ADMIN}>Admin</Link>
+      </li>
+    )}
     <li>
       <SignOutButton />
     </li>
diff --git a/src/components/Session/withAuthentication.js b/src/components/Session/withAuthentication.js
@@ -14,11 +14,12 @@ const withAuthentication = Component => {
     }
 
     componentDidMount() {
-      this.listener = this.props.firebase.auth.onAuthStateChanged(
+      this.listener = this.props.firebase.onAuthUserListener(
         authUser => {
-          authUser
-            ? this.setState({ authUser })
-            : this.setState({ authUser: null });
+          this.setState({ authUser });
+        },
+        () => {
+          this.setState({ authUser: null });
         },
       );
     }
diff --git a/src/components/Session/withAuthorization.js b/src/components/Session/withAuthorization.js
@@ -9,12 +9,13 @@ import * as ROUTES from '../../constants/routes';
 const withAuthorization = condition => Component => {
   class WithAuthorization extends React.Component {
     componentDidMount() {
-      this.listener = this.props.firebase.auth.onAuthStateChanged(
+      this.listener = this.props.firebase.onAuthUserListener(
         authUser => {
           if (!condition(authUser)) {
             this.props.history.push(ROUTES.SIGN_IN);
           }
         },
+        () => this.props.history.push(ROUTES.SIGN_IN),
       );
     }
 
diff --git a/src/components/SignUp/index.js b/src/components/SignUp/index.js
@@ -3,6 +3,7 @@ import { Link, withRouter } from 'react-router-dom';
 
 import { withFirebase } from '../Firebase';
 import * as ROUTES from '../../constants/routes';
+import * as ROLES from '../../constants/roles';
 
 const SignUpPage = () => (
   <div>
@@ -16,6 +17,7 @@ const INITIAL_STATE = {
   email: '',
   passwordOne: '',
   passwordTwo: '',
+  isAdmin: false,
   error: null,
 };
 
@@ -27,7 +29,12 @@ class SignUpFormBase extends Component {
   }
 
   onSubmit = event => {
-    const { username, email, passwordOne } = this.state;
+    const { username, email, passwordOne, isAdmin } = this.state;
+    const roles = [];
+
+    if (isAdmin) {
+      roles.push(ROLES.ADMIN);
+    }
 
     this.props.firebase
       .doCreateUserWithEmailAndPassword(email, passwordOne)
@@ -38,6 +45,7 @@ class SignUpFormBase extends Component {
           .set({
             username,
             email,
+            roles,
           })
           .then(() => {
             this.setState({ ...INITIAL_STATE });
@@ -58,12 +66,17 @@ class SignUpFormBase extends Component {
     this.setState({ [event.target.name]: event.target.value });
   };
 
+  onChangeCheckbox = event => {
+    this.setState({ [event.target.name]: event.target.checked });
+  };
+
   render() {
     const {
       username,
       email,
       passwordOne,
       passwordTwo,
+      isAdmin,
       error,
     } = this.state;
 
@@ -103,6 +116,15 @@ class SignUpFormBase extends Component {
           type="password"
           placeholder="Confirm Password"
         />
+        <label>
+          Admin:
+          <input
+            name="isAdmin"
+            type="checkbox"
+            checked={isAdmin}
+            onChange={this.onChangeCheckbox}
+          />
+        </label>
         <button disabled={isInvalid} type="submit">
           Sign Up
         </button>
diff --git a/src/constants/roles.js b/src/constants/roles.js
@@ -0,0 +1 @@
+export const ADMIN = 'ADMIN';

Original file line number	Diff line number	Diff line change
`@@ -9,12 +9,13 @@ import * as ROUTES from '../../constants/routes';`
`9`	`9`	`const withAuthorization = condition => Component => {`
`10`	`10`	`class WithAuthorization extends React.Component {`
`11`	`11`	`componentDidMount() {`
`12`		`- this.listener = this.props.firebase.auth.onAuthStateChanged(`
	`12`	`+ this.listener = this.props.firebase.onAuthUserListener(`
`13`	`13`	`authUser => {`
`14`	`14`	`if (!condition(authUser)) {`
`15`	`15`	`this.props.history.push(ROUTES.SIGN_IN);`
`16`	`16`	`}`
`17`	`17`	`},`
	`18`	`+ () => this.props.history.push(ROUTES.SIGN_IN),`
`18`	`19`	`);`
`19`	`20`	`}`
`20`	`21`