security: support secure env-based firebase admin configurations and ignore sensitive keys in git
This commit is contained in:
Hamza-Ayed
@@ -16,26 +16,54 @@ const app = express();
|
||||
const server = http.createServer(app);
|
||||
const wss = new WebSocketServer({ server });
|
||||
|
||||
// ─── Firebase Admin SDK Configuration (Optional Background Pushes) ─────────
|
||||
// Load environment variables from .env file
|
||||
require('dotenv').config();
|
||||
|
||||
// ─── Firebase Admin SDK Configuration (Highly Secure Background Pushes) ─────
|
||||
const admin = require('firebase-admin');
|
||||
const path = require('path');
|
||||
const fs = require('fs');
|
||||
|
||||
let firebaseApp = null;
|
||||
const serviceAccountPath = path.join(__dirname, 'serviceAccountKey.json');
|
||||
|
||||
if (fs.existsSync(serviceAccountPath)) {
|
||||
try {
|
||||
const serviceAccount = require(serviceAccountPath);
|
||||
// Support three secure options:
|
||||
// 1. Raw JSON string in environment variable (FIREBASE_SERVICE_ACCOUNT)
|
||||
// 2. Custom secure file path in environment variable (FIREBASE_SERVICE_ACCOUNT_PATH)
|
||||
// 3. Fallback local file ignored by Git (serviceAccountKey.json)
|
||||
const envServiceAccount = process.env.FIREBASE_SERVICE_ACCOUNT;
|
||||
const envServiceAccountPath = process.env.FIREBASE_SERVICE_ACCOUNT_PATH;
|
||||
const localServiceAccountPath = path.join(__dirname, 'serviceAccountKey.json');
|
||||
|
||||
try {
|
||||
if (envServiceAccount) {
|
||||
let serviceAccount;
|
||||
if (envServiceAccount.trim().startsWith('{')) {
|
||||
serviceAccount = JSON.parse(envServiceAccount);
|
||||
console.log('[FCM] Initializing Firebase Admin SDK via direct env JSON string...');
|
||||
} else {
|
||||
serviceAccount = require(envServiceAccount);
|
||||
console.log(`[FCM] Initializing Firebase Admin SDK via custom path from env: ${envServiceAccount}`);
|
||||
}
|
||||
firebaseApp = admin.initializeApp({
|
||||
credential: admin.credential.cert(serviceAccount)
|
||||
});
|
||||
console.log('[FCM] Firebase Admin SDK initialized successfully using serviceAccountKey.json');
|
||||
} catch (err) {
|
||||
console.error('[FCM ERROR] Failed to initialize Firebase Admin SDK:', err.message);
|
||||
} else if (envServiceAccountPath && fs.existsSync(envServiceAccountPath)) {
|
||||
console.log(`[FCM] Initializing Firebase Admin SDK via secure custom path: ${envServiceAccountPath}`);
|
||||
const serviceAccount = require(envServiceAccountPath);
|
||||
firebaseApp = admin.initializeApp({
|
||||
credential: admin.credential.cert(serviceAccount)
|
||||
});
|
||||
} else if (fs.existsSync(localServiceAccountPath)) {
|
||||
console.log('[FCM] Initializing Firebase Admin SDK via fallback local serviceAccountKey.json...');
|
||||
const serviceAccount = require(localServiceAccountPath);
|
||||
firebaseApp = admin.initializeApp({
|
||||
credential: admin.credential.cert(serviceAccount)
|
||||
});
|
||||
} else {
|
||||
console.warn('[FCM WARNING] No Firebase Service Account found in environment or local files. Background push notifications will be disabled.');
|
||||
}
|
||||
} else {
|
||||
console.warn('[FCM WARNING] serviceAccountKey.json not found in server directory. Background push notifications will be disabled.');
|
||||
} catch (err) {
|
||||
console.error('[FCM ERROR] Failed to initialize Firebase Admin SDK:', err.message);
|
||||
}
|
||||
|
||||
async function sendPushNotification(chatId, senderName, body) {
|
||||
|
||||
Reference in New Issue
Block a user