Implemented a simple authentication scheme with Firebase and Iron Session

src/pages/api/exam/[module].ts

@@ -0,0 +1,19 @@
+// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
+import type {NextApiRequest, NextApiResponse} from "next";
+import {app} from "@/firebase";
+import {getFirestore, collection, getDocs} from "firebase/firestore";
+
+const db = getFirestore(app);
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+	const {module} = req.query as {module: string};
+
+	const snapshot = await getDocs(collection(db, module));
+
+	res.status(200).json(
+		snapshot.docs.map((doc) => ({
+			id: doc.id,
+			...doc.data(),
+		})),
+	);
+}

src/pages/api/login.ts

@@ -0,0 +1,38 @@
+import {NextApiRequest, NextApiResponse} from "next";
+import {getAuth, signInWithEmailAndPassword} from "firebase/auth";
+import {app} from "@/firebase";
+import {sessionOptions} from "@/lib/session";
+import {withIronSessionApiRoute} from "iron-session/next";
+import {User} from "@/interfaces/user";
+import {getFirestore, getDoc, doc} from "firebase/firestore";
+
+const auth = getAuth(app);
+const db = getFirestore(app);
+
+export default withIronSessionApiRoute(login, sessionOptions);
+
+async function login(req: NextApiRequest, res: NextApiResponse) {
+	const {email, password} = req.body as {email: string; password: string};
+
+	signInWithEmailAndPassword(auth, email, password)
+		.then(async (userCredentials) => {
+			const userId = userCredentials.user.uid;
+
+			const docUser = await getDoc(doc(db, "users", userId));
+			if (!docUser.exists()) {
+				res.status(401).json({error: 401, message: "User does not exist!"});
+				return;
+			}
+
+			const user = docUser.data() as User;
+
+			req.session.user = user;
+			await req.session.save();
+
+			res.status(200).json({user: {...user, id: userId}});
+		})
+		.catch((error) => {
+			console.log(error);
+			res.status(401).json({error});
+		});
+}

src/pages/api/logout.ts

@@ -0,0 +1,21 @@
+import {NextApiRequest, NextApiResponse} from "next";
+import {getAuth, signOut} from "firebase/auth";
+import {app} from "@/firebase";
+import {sessionOptions} from "@/lib/session";
+import {withIronSessionApiRoute} from "iron-session/next";
+
+const auth = getAuth(app);
+
+export default withIronSessionApiRoute(logout, sessionOptions);
+
+async function logout(req: NextApiRequest, res: NextApiResponse) {
+	signOut(auth)
+		.then(() => {
+			req.session.destroy();
+			res.status(200).json({ok: true});
+		})
+		.catch(() => {
+			req.session.destroy();
+			res.status(500).json({ok: false});
+		});
+}

src/pages/api/user.ts

@@ -0,0 +1,27 @@
+import {app} from "@/firebase";
+import {sessionOptions} from "@/lib/session";
+import {getAuth} from "firebase/auth";
+import {withIronSessionApiRoute} from "iron-session/next";
+import {NextApiRequest, NextApiResponse} from "next";
+
+const auth = getAuth(app);
+export default withIronSessionApiRoute(user, sessionOptions);
+
+async function user(req: NextApiRequest, res: NextApiResponse) {
+	if (req.session.user) {
+		console.log(auth.currentUser);
+		if (!auth.currentUser) {
+			res.status(401).json({ok: false});
+			return;
+		}
+
+		if (req.session.user.id === auth.currentUser.uid) {
+			res.status(401).json({ok: false});
+			return;
+		}
+
+		res.json({user: req.session.user});
+	} else {
+		res.status(401).json({ok: false});
+	}
+}