Secure Authentication.
Firebase Auth backend with session cookies and a protected SQL database. Here is what happens when you sign in:
- You sign in. The browser fetches an ID token from the provider and exchanges it at POST /auth/session.
- A session cookie is set. The backend verifies the token and issues a secure __session cookie.
- You submit a post. The browser calls POST /api/posts with the cookie. The backend verifies the session, validates database credentials, and stores it in PostgreSQL.
- Public feed is readable. The public reads the feed from GET /api/posts without needing any cookies.
Note: Locally, these sign-in buttons route to the Firebase Emulator picker (no actual credentials required).
UID:
Add to the global feed
Global Feed
This entire deployment architecture is configured by a single file fetched live:
loading…
Deploying this definition provisions:
- Firebase Auth service configuration (Google and GitHub enabled)
- PostgreSQL database posts on a Cloud SQL instance
- Cloud Run runner app (holds DB client and Auth access)
- Runner service account mapped with least-privilege SQL client access
- Database migrations execution task run automatically at stage 4 of deploy
- Firebase Hosting rewrite routing `/auth/**` and `/api/**` endpoints to the runner
See the example README for the full resources and IAM ledger.