Is there a way to get the authenticated user in server routes ?

[noook]

Currently, I guess the only way to get the authenticated user is to to read the Òession cookie by and make sure to send it with this method:

const loadUsers = async () => {
  // Make sure to include session cookie in XHR requests
  const headers = useRequestHeaders(['cookie']);
  users.value = await $fetch('/api/admin/users', { headers });
};

and server-side, create a utility like that:

import {
  App, cert, getApps, initializeApp,
} from 'firebase-admin/app';
import { getAuth } from 'firebase-admin/auth';
import { getFirestore } from 'firebase-admin/firestore';

export function useFirebaseServer () {
  let app: App;

  const { serviceAccountFile } = useRuntimeConfig();

  if (getApps().length === 0) {
    app = initializeApp({
      credential: cert(serviceAccountFile),
    });
  } else {
    [app] = getApps();
  }

  return {
    app,
    auth: getAuth(app),
    db: getFirestore(app),
  };
}

import { H3Event } from 'h3';

export async function useCurrentUser (event: H3Event) {
  const { auth } = useFirebaseServer();
  const token = getCookie(event, '__session');
  if (token) {
    try {
      const decodedToken = await auth.verifyIdToken(token);
      return await auth.getUser(decodedToken.uid);
    } catch (err) {
      return null;
    }
  }

  return null;
}

However, this method throws error on the latest version of nuxt-vuefire because the token issuer don't match.

update: it seems it's verifySessionCookie and not verifyIdToken

Is there an easier way (or undocumented) to do so ?

[posva]

Currently there is no easy way to do this. You would need to copy the parts that make this possible in nuxt-vuefire in your server routes. I'm still exploring if there are ways to automatically do this in some routes

[ra-jeev]

Just wasted a whole lot of time on trying to make it work thinking that nuxt-vuefire supports doing this natively, and it is only the dumb me who is not able to make it work. :-)

A single line comment in the session cookie section clarifying this would be awesome.

Edit:
Just opened a PR #1423 for the same thing. Will be great if this can be merged 🙏.