ishpreet95 · ishpreet95 · Oct 2, 2025 · Oct 2, 2025
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -18,8 +18,6 @@
     "express-session": "^1.17.3",
     "firebase-admin": "^11.9.0",
     "jsonwebtoken": "^9.0.1",
-    "nodemon": "^2.0.22",
-    "passport": "^0.6.0",
-    "passport-google-oauth20": "^2.0.0"
+    "nodemon": "^2.0.22"
   }
 }
diff --git a/backend/src/api/config/express.js b/backend/src/api/config/express.js
@@ -1,7 +1,6 @@
 const express = require("express");
 const cors = require("cors");
 const session = require("express-session");
-const passport = require("passport");
 require("dotenv").config();
 const routes = require("../routes/index");
 const app = express();
@@ -28,9 +27,6 @@ app.use(
     },
   })
 );
-app.use(passport.initialize());
-app.use(passport.session());
-
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 // app.use(express.static("public"));

diff --git a/backend/src/api/passport/google-oauth.js b/backend/src/api/passport/google-oauth.js
diff --git a/backend/src/api/routes/auth.route.js b/backend/src/api/routes/auth.route.js
@@ -1,74 +1,73 @@
-// const app = require("../config/express");
-
-const strat = require("../passport/google-oauth");
-const passport = require("passport");
-const jwt = require("jsonwebtoken");
+const admin = require("firebase-admin");
 const db = require("../firebase/config");
 require("dotenv").config();
 
 const router = require("express").Router();
 
-//sets user in session
-passport.serializeUser(function (user, done) {
-  process.nextTick(function () {
-    //setting user.sub as user_id in session
-    const decodedToken = jwt.decode(user.id_token);
-    const user_id = decodedToken.sub;
-    return done(null, user_id);
-  });
-});
+// Middleware to verify Firebase ID token
+const verifyFirebaseToken = async (req, res, next) => {
+  const authHeader = req.headers.authorization;
 
-//dont know what it does
-passport.deserializeUser(function (user, done) {
-  process.nextTick(function () {
-    return done(null, user);
-  });
-});
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    return res.status(401).json({ error: "Unauthorized: No token provided" });
+  }
 
-//where the frontend calls for google authentication
-router.route("/google").get(
-  //here email parameter is necessary, passport can't identify unique user without email
-  strat.authenticate("google", { scope: ["profile", "email"] })
-);
+  const idToken = authHeader.split("Bearer ")[1];
 
-//getting user_id from session
-router.route("/user").get((req, res) => {
-  // console.log(req.session);
-  if (req.user === undefined) {
-    return res.status(401).send("user not logged in");
-    // res.redirect(`${process.env.CLIENT_URL}/sign-up`);
-  } else {
-    return res.send(req.user);
+  try {
+    const decodedToken = await admin.auth().verifyIdToken(idToken);
+    req.user = decodedToken;
+    next();
+  } catch (error) {
+    console.error("Error verifying token:", error);
+    return res.status(401).json({ error: "Unauthorized: Invalid token" });
   }
-});
+};
+
+// Verify token and get/create user
+router.route("/verify").post(verifyFirebaseToken, async (req, res) => {
+  try {
+    const { uid, email, name, picture, email_verified } = req.user;
 
-//result of google authentication and storing in db
-router.route("/google/callback").get(
-  strat.authenticate("google", {
-    failureRedirect: "/auth/google",
-  }),
-  async (req, res) => {
-    //On successful authentication
-    const decodedToken = jwt.decode(req.user.id_token);
-    const user = {
-      email: decodedToken.email,
-      name: decodedToken.name,
-      picture: decodedToken.picture,
-      created_at: decodedToken.iat,
-      email_verified: decodedToken.email_verified,
-    };
-    const userDoc = db.collection("users").doc(decodedToken.sub);
+    const userDoc = db.collection("users").doc(uid);
     const doc = await userDoc.get();
+
     if (!doc.exists) {
-      console.log("User does not exist, new profile created");
-      await userDoc.set(user);
+      const newUser = {
+        email,
+        name,
+        picture,
+        email_verified,
+        created_at: admin.firestore.FieldValue.serverTimestamp(),
+      };
+      await userDoc.set(newUser);
+      return res.status(201).json({ uid, ...newUser });
     } else {
-      // console.log("User exists: ", doc.data());
+      return res.status(200).json({ uid, ...doc.data() });
+    }
+  } catch (error) {
+    console.error("Error creating/fetching user:", error);
+    return res.status(500).json({ error: "Internal server error" });
+  }
+});
+
+// Get current user (protected route)
+router.route("/user").get(verifyFirebaseToken, async (req, res) => {
+  try {
+    const { uid } = req.user;
+    const userDoc = db.collection("users").doc(uid);
+    const doc = await userDoc.get();
+
+    if (!doc.exists) {
+      return res.status(404).json({ error: "User not found" });
     }
-    // Redirects home.
-    res.redirect(`${process.env.CLIENT_URL}`);
+
+    return res.status(200).json({ uid, ...doc.data() });
+  } catch (error) {
+    console.error("Error fetching user:", error);
+    return res.status(500).json({ error: "Internal server error" });
   }
-);
+});
 
 router.route("/health-check").get((req, res) => {
   res.sendStatus(200);

diff --git a/backend/src/api/routes/todos.route.js b/backend/src/api/routes/todos.route.js
@@ -1,44 +1,61 @@
+const admin = require("firebase-admin");
 const db = require("../firebase/config");
 require("dotenv").config();
 
 const router = require("express").Router();
 
+// Middleware to verify Firebase ID token
+const verifyFirebaseToken = async (req, res, next) => {
+  const authHeader = req.headers.authorization;
+
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    return res.status(401).json({ error: "Unauthorized: No token provided" });
+  }
+
+  const idToken = authHeader.split("Bearer ")[1];
+
+  try {
+    const decodedToken = await admin.auth().verifyIdToken(idToken);
+    req.user = decodedToken.uid; // Set user to Firebase UID
+    next();
+  } catch (error) {
+    console.error("Error verifying token:", error);
+    return res.status(401).json({ error: "Unauthorized: Invalid token" });
+  }
+};
+
+// Apply middleware to all routes
+router.use(verifyFirebaseToken);
+
 router.route("/").get(async (req, res) => {
-  // console.log(req.user);
   const todosRef = db
     .collection("users")
-    .doc(`${req.user}`)
-    // .doc("110677755243261039315")
+    .doc(req.user)
     .collection("todos");
   const snapshot = await todosRef.get();
   let allTodos = [];
   snapshot.forEach((doc) => {
     allTodos.push(doc.data());
   });
-  // console.log(allTodos);
   res.status(200).send(allTodos);
 });
 
 router.route("/todo").post(async (request, response) => {
   const newTodo = request.body.newTodo;
   const statusDoc = db
     .collection("users")
-    .doc(`${request.user}`)
+    .doc(request.user)
     .collection("todos")
     .doc(newTodo.id);
-  // //putting auto generated id in newTodo
-  // newTodo.id = statusDoc.id;
-  // console.log(newTodo);
   const res = await statusDoc.set(newTodo);
   response.status(200).send("Todo added");
 });
 
 router.route("/todo").put(async (request, response) => {
-  // console.log(request.body);
   const data = request.body.data;
   const statusDoc = db
     .collection("users")
-    .doc(`${request.user}`)
+    .doc(request.user)
     .collection("todos")
     .doc(data.id);
 
@@ -53,10 +70,9 @@ router.route("/todo").put(async (request, response) => {
 
 router.route("/todo/:id").delete(async (request, response) => {
   const id = request.params.id;
-  // console.log(id);
   const statusDoc = db
     .collection("users")
-    .doc(`${request.user}`)
+    .doc(request.user)
     .collection("todos")
     .doc(id);
   try {