-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfunctions-getConfig.example.js
More file actions
86 lines (75 loc) · 3.19 KB
/
functions-getConfig.example.js
File metadata and controls
86 lines (75 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
// functions/getConfig.js
const functions = require('firebase-functions');
const cors = require('cors')({ origin: true });
/**
* Cloud Function segura que devuelve credenciales de Firebase
* Solo devuelve credenciales a requests válidos desde el dominio autorizado
*/
exports.getFirebaseConfig = functions.https.onRequest((req, res) => {
cors(req, res, () => {
// Validar origen
const origin = req.headers.origin;
const allowedOrigins = [
'https://iching-librodemutaciones.web.app',
'https://iching-librodemutaciones.firebaseapp.com',
'http://localhost:3000',
'http://localhost:8080'
];
if (!allowedOrigins.includes(origin)) {
return res.status(403).json({
error: 'Acceso denegado - origen no autorizado',
origin: origin
});
}
// Validar User-Agent (prevenir bots)
const userAgent = req.headers['user-agent'] || '';
if (userAgent.includes('curl') || userAgent.includes('wget')) {
return res.status(403).json({
error: 'Acceso denegado - cliente no autorizado'
});
}
// Credenciales de Firebase (desde variables de entorno o hardcodeadas)
const firebaseConfig = {
apiKey: process.env.FIREBASE_API_KEY || 'YOUR_API_KEY',
authDomain: process.env.FIREBASE_AUTH_DOMAIN || 'YOUR_AUTH_DOMAIN',
projectId: process.env.FIREBASE_PROJECT_ID || 'YOUR_PROJECT_ID',
storageBucket: process.env.FIREBASE_STORAGE_BUCKET || 'YOUR_STORAGE_BUCKET',
messagingSenderId: process.env.FIREBASE_MESSAGING_SENDER_ID || 'YOUR_MESSAGING_SENDER_ID',
appId: process.env.FIREBASE_APP_ID || 'YOUR_APP_ID',
measurementId: process.env.FIREBASE_MEASUREMENT_ID || 'YOUR_MEASUREMENT_ID'
};
// Agregar CORS headers
res.set('Access-Control-Allow-Origin', origin);
res.set('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.set('Access-Control-Allow-Headers', 'Content-Type');
res.set('Cache-Control', 'public, max-age=3600'); // Cache por 1 hora
res.json(firebaseConfig);
});
});
/**
* Alternativa: Cloud Function que requiere autenticación
* Solo devuelve credenciales si el usuario está autenticado
*/
exports.getFirebaseConfigSecure = functions.https.onCall(async (data, context) => {
// Verificar que el usuario está autenticado
if (!context.auth) {
throw new functions.https.HttpsError(
'unauthenticated',
'El usuario debe estar autenticado para acceder a esta función'
);
}
// Opcional: verificar que el usuario tiene permisos específicos
// const customClaims = context.auth.token;
// if (!customClaims.iching_app_user) {
// throw new functions.https.HttpsError('permission-denied', 'No tienes acceso');
// }
return {
apiKey: process.env.FIREBASE_API_KEY || 'YOUR_API_KEY',
authDomain: process.env.FIREBASE_AUTH_DOMAIN || 'YOUR_AUTH_DOMAIN',
projectId: process.env.FIREBASE_PROJECT_ID || 'YOUR_PROJECT_ID',
storageBucket: process.env.FIREBASE_STORAGE_BUCKET || 'YOUR_STORAGE_BUCKET',
messagingSenderId: process.env.FIREBASE_MESSAGING_SENDER_ID || 'YOUR_MESSAGING_SENDER_ID',
appId: process.env.FIREBASE_APP_ID || 'YOUR_APP_ID',
measurementId: process.env.FIREBASE_MEASUREMENT_ID || 'YOUR_MEASUREMENT_ID'
};
});