Secure Authentication.

Firebase Auth backend with session cookies and a protected SQL database. Here is what happens when you sign in:

  1. You sign in. The browser fetches an ID token from the provider and exchanges it at POST /auth/session.
  2. A session cookie is set. The backend verifies the token and issues a secure __session cookie.
  3. You submit a post. The browser calls POST /api/posts with the cookie. The backend verifies the session, validates database credentials, and stores it in PostgreSQL.
  4. Public feed is readable. The public reads the feed from GET /api/posts without needing any cookies.

Global Feed

This entire deployment architecture is configured by a single file fetched live:

loading…

Deploying this definition provisions:

  • Firebase Auth service configuration (Google and GitHub enabled)
  • PostgreSQL database posts on a Cloud SQL instance
  • Cloud Run runner app (holds DB client and Auth access)
  • Runner service account mapped with least-privilege SQL client access
  • Database migrations execution task run automatically at stage 4 of deploy
  • Firebase Hosting rewrite routing `/auth/**` and `/api/**` endpoints to the runner

See the example README for the full resources and IAM ledger.