matej/dztps-iskalnik-urejevalnik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
matej
2025-09-01 22:12:29 +02:00
parent b1873f9c1d
commit 02a54f61c0
5598 changed files with 903558 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
server/node_modules/firebase-admin/lib/app-check/app-check-api-client-internal.d.ts generated vendored Normal file
View File

@@ -0,0 +1,32 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { PrefixedFirebaseError } from '../utils/error';
export declare const APP_CHECK_ERROR_CODE_MAPPING: {
[key: string]: AppCheckErrorCode;
};
export type AppCheckErrorCode = 'aborted' | 'invalid-argument' | 'invalid-credential' | 'internal-error' | 'permission-denied' | 'unauthenticated' | 'not-found' | 'app-check-token-expired' | 'unknown-error';
/**
* Firebase App Check error code structure. This extends PrefixedFirebaseError.
*
* @param code - The error code.
* @param message - The error message.
* @constructor
*/
export declare class FirebaseAppCheckError extends PrefixedFirebaseError {
constructor(code: AppCheckErrorCode, message: string);
}

214
server/node_modules/firebase-admin/lib/app-check/app-check-api-client-internal.js generated vendored Normal file
View File

@@ -0,0 +1,214 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseAppCheckError = exports.APP_CHECK_ERROR_CODE_MAPPING = exports.AppCheckApiClient = void 0;
const api_request_1 = require("../utils/api-request");
const error_1 = require("../utils/error");
const utils = require("../utils/index");
const validator = require("../utils/validator");
// App Check backend constants
const FIREBASE_APP_CHECK_V1_API_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1/projects/{projectId}/apps/{appId}:exchangeCustomToken';
const ONE_TIME_USE_TOKEN_VERIFICATION_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1beta/projects/{projectId}:verifyAppCheckToken';
const FIREBASE_APP_CHECK_CONFIG_HEADERS = {
'X-Firebase-Client': `fire-admin-node/${utils.getSdkVersion()}`
};
/**
* Class that facilitates sending requests to the Firebase App Check backend API.
*
* @internal
*/
class AppCheckApiClient {
constructor(app) {
this.app = app;
if (!validator.isNonNullObject(app) || !('options' in app)) {
throw new FirebaseAppCheckError('invalid-argument', 'First argument passed to admin.appCheck() must be a valid Firebase app instance.');
}
this.httpClient = new api_request_1.AuthorizedHttpClient(app);
}
/**
* Exchange a signed custom token to App Check token
*
* @param customToken - The custom token to be exchanged.
* @param appId - The mobile App ID.
* @returns A promise that fulfills with a `AppCheckToken`.
*/
exchangeToken(customToken, appId) {
if (!validator.isNonEmptyString(appId)) {
throw new FirebaseAppCheckError('invalid-argument', '`appId` must be a non-empty string.');
}
if (!validator.isNonEmptyString(customToken)) {
throw new FirebaseAppCheckError('invalid-argument', '`customToken` must be a non-empty string.');
}
return this.getUrl(appId)
.then((url) => {
const request = {
method: 'POST',
url,
headers: FIREBASE_APP_CHECK_CONFIG_HEADERS,
data: { customToken }
};
return this.httpClient.send(request);
})
.then((resp) => {
return this.toAppCheckToken(resp);
})
.catch((err) => {
throw this.toFirebaseError(err);
});
}
verifyReplayProtection(token) {
if (!validator.isNonEmptyString(token)) {
throw new FirebaseAppCheckError('invalid-argument', '`token` must be a non-empty string.');
}
return this.getVerifyTokenUrl()
.then((url) => {
const request = {
method: 'POST',
url,
headers: FIREBASE_APP_CHECK_CONFIG_HEADERS,
data: { app_check_token: token }
};
return this.httpClient.send(request);
})
.then((resp) => {
if (typeof resp.data.alreadyConsumed !== 'undefined'
&& !validator.isBoolean(resp.data?.alreadyConsumed)) {
throw new FirebaseAppCheckError('invalid-argument', '`alreadyConsumed` must be a boolean value.');
}
return resp.data.alreadyConsumed || false;
})
.catch((err) => {
throw this.toFirebaseError(err);
});
}
getUrl(appId) {
return this.getProjectId()
.then((projectId) => {
const urlParams = {
projectId,
appId,
};
const baseUrl = utils.formatString(FIREBASE_APP_CHECK_V1_API_URL_FORMAT, urlParams);
return utils.formatString(baseUrl);
});
}
getVerifyTokenUrl() {
return this.getProjectId()
.then((projectId) => {
const urlParams = {
projectId
};
const baseUrl = utils.formatString(ONE_TIME_USE_TOKEN_VERIFICATION_URL_FORMAT, urlParams);
return utils.formatString(baseUrl);
});
}
getProjectId() {
if (this.projectId) {
return Promise.resolve(this.projectId);
}
return utils.findProjectId(this.app)
.then((projectId) => {
if (!validator.isNonEmptyString(projectId)) {
throw new FirebaseAppCheckError('unknown-error', 'Failed to determine project ID. Initialize the '
+ 'SDK with service account credentials or set project ID as an app option. '
+ 'Alternatively, set the GOOGLE_CLOUD_PROJECT environment variable.');
}
this.projectId = projectId;
return projectId;
});
}
toFirebaseError(err) {
if (err instanceof error_1.PrefixedFirebaseError) {
return err;
}
const response = err.response;
if (!response.isJson()) {
return new FirebaseAppCheckError('unknown-error', `Unexpected response with status: ${response.status} and body: ${response.text}`);
}
const error = response.data.error || {};
let code = 'unknown-error';
if (error.status && error.status in exports.APP_CHECK_ERROR_CODE_MAPPING) {
code = exports.APP_CHECK_ERROR_CODE_MAPPING[error.status];
}
const message = error.message || `Unknown server error: ${response.text}`;
return new FirebaseAppCheckError(code, message);
}
/**
* Creates an AppCheckToken from the API response.
*
* @param resp - API response object.
* @returns An AppCheckToken instance.
*/
toAppCheckToken(resp) {
const token = resp.data.token;
// `ttl` is a string with the suffix "s" preceded by the number of seconds,
// with nanoseconds expressed as fractional seconds.
const ttlMillis = this.stringToMilliseconds(resp.data.ttl);
return {
token,
ttlMillis
};
}
/**
* Converts a duration string with the suffix `s` to milliseconds.
*
* @param duration - The duration as a string with the suffix "s" preceded by the
* number of seconds, with fractional seconds. For example, 3 seconds with 0 nanoseconds
* is expressed as "3s", while 3 seconds and 1 nanosecond is expressed as "3.000000001s",
* and 3 seconds and 1 microsecond is expressed as "3.000001s".
*
* @returns The duration in milliseconds.
*/
stringToMilliseconds(duration) {
if (!validator.isNonEmptyString(duration) || !duration.endsWith('s')) {
throw new FirebaseAppCheckError('invalid-argument', '`ttl` must be a valid duration string with the suffix `s`.');
}
const seconds = duration.slice(0, -1);
return Math.floor(Number(seconds) * 1000);
}
}
exports.AppCheckApiClient = AppCheckApiClient;
exports.APP_CHECK_ERROR_CODE_MAPPING = {
ABORTED: 'aborted',
INVALID_ARGUMENT: 'invalid-argument',
INVALID_CREDENTIAL: 'invalid-credential',
INTERNAL: 'internal-error',
PERMISSION_DENIED: 'permission-denied',
UNAUTHENTICATED: 'unauthenticated',
NOT_FOUND: 'not-found',
UNKNOWN: 'unknown-error',
};
/**
* Firebase App Check error code structure. This extends PrefixedFirebaseError.
*
* @param code - The error code.
* @param message - The error message.
* @constructor
*/
class FirebaseAppCheckError extends error_1.PrefixedFirebaseError {
constructor(code, message) {
super('app-check', code, message);
/* tslint:disable:max-line-length */
// Set the prototype explicitly. See the following link for more details:
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
/* tslint:enable:max-line-length */
this.__proto__ = FirebaseAppCheckError.prototype;
}
}
exports.FirebaseAppCheckError = FirebaseAppCheckError;

129
server/node_modules/firebase-admin/lib/app-check/app-check-api.d.ts generated vendored Normal file
View File

@@ -0,0 +1,129 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Interface representing an App Check token.
*/
export interface AppCheckToken {
/**
* The Firebase App Check token.
*/
token: string;
/**
* The time-to-live duration of the token in milliseconds.
*/
ttlMillis: number;
}
/**
* Interface representing App Check token options.
*/
export interface AppCheckTokenOptions {
/**
* The length of time, in milliseconds, for which the App Check token will
* be valid. This value must be between 30 minutes and 7 days, inclusive.
*/
ttlMillis?: number;
}
/**
* Interface representing options for the {@link AppCheck.verifyToken} method.
*/
export interface VerifyAppCheckTokenOptions {
/**
* To use the replay protection feature, set this to `true`. The {@link AppCheck.verifyToken}
* method will mark the token as consumed after verifying it.
*
* Tokens that are found to be already consumed will be marked as such in the response.
*
* Tokens are only considered to be consumed if it is sent to App Check backend by calling the
* {@link AppCheck.verifyToken} method with this field set to `true`; other uses of the token
* do not consume it.
*
* This replay protection feature requires an additional network call to the App Check backend
* and forces your clients to obtain a fresh attestation from your chosen attestation providers.
* This can therefore negatively impact performance and can potentially deplete your attestation
* providers' quotas faster. We recommend that you use this feature only for protecting
* low volume, security critical, or expensive operations.
*/
consume?: boolean;
}
/**
* Interface representing a decoded Firebase App Check token, returned from the
* {@link AppCheck.verifyToken} method.
*/
export interface DecodedAppCheckToken {
/**
* The issuer identifier for the issuer of the response.
* This value is a URL with the format
* `https://firebaseappcheck.googleapis.com/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
* same project number specified in the {@link DecodedAppCheckToken.aud | aud} property.
*/
iss: string;
/**
* The Firebase App ID corresponding to the app the token belonged to.
* As a convenience, this value is copied over to the {@link DecodedAppCheckToken.app_id | app_id} property.
*/
sub: string;
/**
* The audience for which this token is intended.
* This value is a JSON array of two strings, the first is the project number of your
* Firebase project, and the second is the project ID of the same project.
*/
aud: string[];
/**
* The App Check token's expiration time, in seconds since the Unix epoch. That is, the
* time at which this App Check token expires and should no longer be considered valid.
*/
exp: number;
/**
* The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
* time at which this App Check token was issued and should start to be considered
* valid.
*/
iat: number;
/**
* The App ID corresponding to the App the App Check token belonged to.
* This value is not actually one of the JWT token claims. It is added as a
* convenience, and is set as the value of the {@link DecodedAppCheckToken.sub | sub} property.
*/
app_id: string;
[key: string]: any;
}
/**
* Interface representing a verified App Check token response.
*/
export interface VerifyAppCheckTokenResponse {
/**
* The App ID corresponding to the App the App Check token belonged to.
*/
appId: string;
/**
* The decoded Firebase App Check token.
*/
token: DecodedAppCheckToken;
/**
* Indicates weather this token was already consumed.
* If this is the first time {@link AppCheck.verifyToken} method has seen this token,
* this field will contain the value `false`. The given token will then be
* marked as `already_consumed` for all future invocations of this {@link AppCheck.verifyToken}
* method for this token.
*
* When this field is `true`, the caller is attempting to reuse a previously consumed token.
* You should take precautions against such a caller; for example, you can take actions such as
* rejecting the request or ask the caller to pass additional layers of security checks.
*/
alreadyConsumed?: boolean;
}

19
server/node_modules/firebase-admin/lib/app-check/app-check-api.js generated vendored Normal file
View File

@@ -0,0 +1,19 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

72
server/node_modules/firebase-admin/lib/app-check/app-check-namespace.d.ts generated vendored Normal file
View File

@@ -0,0 +1,72 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { App } from '../app';
import { AppCheckToken as TAppCheckToken, AppCheckTokenOptions as TAppCheckTokenOptions, DecodedAppCheckToken as TDecodedAppCheckToken, VerifyAppCheckTokenOptions as TVerifyAppCheckTokenOptions, VerifyAppCheckTokenResponse as TVerifyAppCheckTokenResponse } from './app-check-api';
import { AppCheck as TAppCheck } from './app-check';
/**
* Gets the {@link firebase-admin.app-check#AppCheck} service for the default app or a given app.
*
* `admin.appCheck()` can be called with no arguments to access the default
* app's `AppCheck` service or as `admin.appCheck(app)` to access the
* `AppCheck` service associated with a specific app.
*
* @example
* ```javascript
* // Get the `AppCheck` service for the default app
* var defaultAppCheck = admin.appCheck();
* ```
*
* @example
* ```javascript
* // Get the `AppCheck` service for a given app
* var otherAppCheck = admin.appCheck(otherApp);
* ```
*
* @param app - Optional app for which to return the `AppCheck` service.
* If not provided, the default `AppCheck` service is returned.
*
* @returns The default `AppCheck` service if no
* app is provided, or the `AppCheck` service associated with the provided
* app.
*/
export declare function appCheck(app?: App): appCheck.AppCheck;
export declare namespace appCheck {
/**
* Type alias to {@link firebase-admin.app-check#AppCheck}.
*/
type AppCheck = TAppCheck;
/**
* Type alias to {@link firebase-admin.app-check#AppCheckToken}.
*/
type AppCheckToken = TAppCheckToken;
/**
* Type alias to {@link firebase-admin.app-check#DecodedAppCheckToken}.
*/
type DecodedAppCheckToken = TDecodedAppCheckToken;
/**
* Type alias to {@link firebase-admin.app-check#VerifyAppCheckTokenResponse}.
*/
type VerifyAppCheckTokenResponse = TVerifyAppCheckTokenResponse;
/**
* Type alias to {@link firebase-admin.app-check#AppCheckTokenOptions}.
*/
type AppCheckTokenOptions = TAppCheckTokenOptions;
/**
* Type alias to {@link firebase-admin.app-check#VerifyAppCheckTokenOptions}.
*/
type VerifyAppCheckTokenOptions = TVerifyAppCheckTokenOptions;
}

18
server/node_modules/firebase-admin/lib/app-check/app-check-namespace.js generated vendored Normal file
View File

@@ -0,0 +1,18 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

51
server/node_modules/firebase-admin/lib/app-check/app-check.d.ts generated vendored Normal file
View File

@@ -0,0 +1,51 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { App } from '../app';
import { AppCheckToken, AppCheckTokenOptions, VerifyAppCheckTokenOptions, VerifyAppCheckTokenResponse } from './app-check-api';
/**
* The Firebase `AppCheck` service interface.
*/
export declare class AppCheck {
readonly app: App;
private readonly client;
private readonly tokenGenerator;
private readonly appCheckTokenVerifier;
/**
* Creates a new {@link AppCheckToken} that can be sent
* back to a client.
*
* @param appId - The app ID to use as the JWT app_id.
* @param options - Optional options object when creating a new App Check Token.
*
* @returns A promise that fulfills with a `AppCheckToken`.
*/
createToken(appId: string, options?: AppCheckTokenOptions): Promise<AppCheckToken>;
/**
* Verifies a Firebase App Check token (JWT). If the token is valid, the promise is
* fulfilled with the token's decoded claims; otherwise, the promise is
* rejected.
*
* @param appCheckToken - The App Check token to verify.
* @param options - Optional {@link VerifyAppCheckTokenOptions} object when verifying an App Check Token.
*
* @returns A promise fulfilled with the token's decoded claims
* if the App Check token is valid; otherwise, a rejected promise.
*/
verifyToken(appCheckToken: string, options?: VerifyAppCheckTokenOptions): Promise<VerifyAppCheckTokenResponse>;
private validateVerifyAppCheckTokenOptions;
}

101
server/node_modules/firebase-admin/lib/app-check/app-check.js generated vendored Normal file
View File

@@ -0,0 +1,101 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.AppCheck = void 0;
const validator = require("../utils/validator");
const app_check_api_client_internal_1 = require("./app-check-api-client-internal");
const token_generator_1 = require("./token-generator");
const token_verifier_1 = require("./token-verifier");
const crypto_signer_1 = require("../utils/crypto-signer");
/**
* The Firebase `AppCheck` service interface.
*/
class AppCheck {
/**
* @param app - The app for this AppCheck service.
* @constructor
* @internal
*/
constructor(app) {
this.app = app;
this.client = new app_check_api_client_internal_1.AppCheckApiClient(app);
try {
this.tokenGenerator = new token_generator_1.AppCheckTokenGenerator((0, crypto_signer_1.cryptoSignerFromApp)(app));
}
catch (err) {
throw (0, token_generator_1.appCheckErrorFromCryptoSignerError)(err);
}
this.appCheckTokenVerifier = new token_verifier_1.AppCheckTokenVerifier(app);
}
/**
* Creates a new {@link AppCheckToken} that can be sent
* back to a client.
*
* @param appId - The app ID to use as the JWT app_id.
* @param options - Optional options object when creating a new App Check Token.
*
* @returns A promise that fulfills with a `AppCheckToken`.
*/
createToken(appId, options) {
return this.tokenGenerator.createCustomToken(appId, options)
.then((customToken) => {
return this.client.exchangeToken(customToken, appId);
});
}
/**
* Verifies a Firebase App Check token (JWT). If the token is valid, the promise is
* fulfilled with the token's decoded claims; otherwise, the promise is
* rejected.
*
* @param appCheckToken - The App Check token to verify.
* @param options - Optional {@link VerifyAppCheckTokenOptions} object when verifying an App Check Token.
*
* @returns A promise fulfilled with the token's decoded claims
* if the App Check token is valid; otherwise, a rejected promise.
*/
verifyToken(appCheckToken, options) {
this.validateVerifyAppCheckTokenOptions(options);
return this.appCheckTokenVerifier.verifyToken(appCheckToken)
.then((decodedToken) => {
if (options?.consume) {
return this.client.verifyReplayProtection(appCheckToken)
.then((alreadyConsumed) => {
return {
alreadyConsumed,
appId: decodedToken.app_id,
token: decodedToken,
};
});
}
return {
appId: decodedToken.app_id,
token: decodedToken,
};
});
}
validateVerifyAppCheckTokenOptions(options) {
if (typeof options === 'undefined') {
return;
}
if (!validator.isNonNullObject(options)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'VerifyAppCheckTokenOptions must be a non-null object.');
}
}
}
exports.AppCheck = AppCheck;

53
server/node_modules/firebase-admin/lib/app-check/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,53 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Firebase App Check.
*
* @packageDocumentation
*/
import { App } from '../app';
import { AppCheck } from './app-check';
export { AppCheckToken, AppCheckTokenOptions, DecodedAppCheckToken, VerifyAppCheckTokenOptions, VerifyAppCheckTokenResponse, } from './app-check-api';
export { AppCheck } from './app-check';
/**
* Gets the {@link AppCheck} service for the default app or a given app.
*
* `getAppCheck()` can be called with no arguments to access the default
* app's `AppCheck` service or as `getAppCheck(app)` to access the
* `AppCheck` service associated with a specific app.
*
* @example
* ```javascript
* // Get the `AppCheck` service for the default app
* const defaultAppCheck = getAppCheck();
* ```
*
* @example
* ```javascript
* // Get the `AppCheck` service for a given app
* const otherAppCheck = getAppCheck(otherApp);
* ```
*
* @param app - Optional app for which to return the `AppCheck` service.
* If not provided, the default `AppCheck` service is returned.
*
* @returns The default `AppCheck` service if no
* app is provided, or the `AppCheck` service associated with the provided
* app.
*/
export declare function getAppCheck(app?: App): AppCheck;

63
server/node_modules/firebase-admin/lib/app-check/index.js generated vendored Normal file
View File

@@ -0,0 +1,63 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.AppCheck = void 0;
exports.getAppCheck = getAppCheck;
/**
* Firebase App Check.
*
* @packageDocumentation
*/
const app_1 = require("../app");
const app_check_1 = require("./app-check");
var app_check_2 = require("./app-check");
Object.defineProperty(exports, "AppCheck", { enumerable: true, get: function () { return app_check_2.AppCheck; } });
/**
* Gets the {@link AppCheck} service for the default app or a given app.
*
* `getAppCheck()` can be called with no arguments to access the default
* app's `AppCheck` service or as `getAppCheck(app)` to access the
* `AppCheck` service associated with a specific app.
*
* @example
* ```javascript
* // Get the `AppCheck` service for the default app
* const defaultAppCheck = getAppCheck();
* ```
*
* @example
* ```javascript
* // Get the `AppCheck` service for a given app
* const otherAppCheck = getAppCheck(otherApp);
* ```
*
* @param app - Optional app for which to return the `AppCheck` service.
* If not provided, the default `AppCheck` service is returned.
*
* @returns The default `AppCheck` service if no
* app is provided, or the `AppCheck` service associated with the provided
* app.
*/
function getAppCheck(app) {
if (typeof app === 'undefined') {
app = (0, app_1.getApp)();
}
const firebaseApp = app;
return firebaseApp.getOrInitService('appCheck', (app) => new app_check_1.AppCheck(app));
}

25
server/node_modules/firebase-admin/lib/app-check/token-generator.d.ts generated vendored Normal file
View File

@@ -0,0 +1,25 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Creates a new `FirebaseAppCheckError` by extracting the error code, message and other relevant
* details from a `CryptoSignerError`.
*
* @param err - The Error to convert into a `FirebaseAppCheckError` error
* @returns A Firebase App Check error that can be returned to the user.
*/
export declare function appCheckErrorFromCryptoSignerError(err: Error): Error;

154
server/node_modules/firebase-admin/lib/app-check/token-generator.js generated vendored Normal file
View File

@@ -0,0 +1,154 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.AppCheckTokenGenerator = void 0;
exports.appCheckErrorFromCryptoSignerError = appCheckErrorFromCryptoSignerError;
const validator = require("../utils/validator");
const utils_1 = require("../utils");
const crypto_signer_1 = require("../utils/crypto-signer");
const app_check_api_client_internal_1 = require("./app-check-api-client-internal");
const ONE_MINUTE_IN_SECONDS = 60;
const ONE_MINUTE_IN_MILLIS = ONE_MINUTE_IN_SECONDS * 1000;
const ONE_DAY_IN_MILLIS = 24 * 60 * 60 * 1000;
// Audience to use for Firebase App Check Custom tokens
const FIREBASE_APP_CHECK_AUDIENCE = 'https://firebaseappcheck.googleapis.com/google.firebase.appcheck.v1.TokenExchangeService';
/**
* Class for generating Firebase App Check tokens.
*
* @internal
*/
class AppCheckTokenGenerator {
/**
* The AppCheckTokenGenerator class constructor.
*
* @param signer - The CryptoSigner instance for this token generator.
* @constructor
*/
constructor(signer) {
if (!validator.isNonNullObject(signer)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'INTERNAL ASSERT: Must provide a CryptoSigner to use AppCheckTokenGenerator.');
}
this.signer = signer;
}
/**
* Creates a new custom token that can be exchanged to an App Check token.
*
* @param appId - The Application ID to use for the generated token.
*
* @returns A Promise fulfilled with a custom token signed with a service account key
* that can be exchanged to an App Check token.
*/
createCustomToken(appId, options) {
if (!validator.isNonEmptyString(appId)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', '`appId` must be a non-empty string.');
}
let customOptions = {};
if (typeof options !== 'undefined') {
customOptions = this.validateTokenOptions(options);
}
return this.signer.getAccountId().then((account) => {
const header = {
alg: this.signer.algorithm,
typ: 'JWT',
};
const iat = Math.floor(Date.now() / 1000);
const body = {
iss: account,
sub: account,
app_id: appId,
aud: FIREBASE_APP_CHECK_AUDIENCE,
exp: iat + (ONE_MINUTE_IN_SECONDS * 5),
iat,
...customOptions,
};
const token = `${this.encodeSegment(header)}.${this.encodeSegment(body)}`;
return this.signer.sign(Buffer.from(token))
.then((signature) => {
return `${token}.${this.encodeSegment(signature)}`;
});
}).catch((err) => {
throw appCheckErrorFromCryptoSignerError(err);
});
}
encodeSegment(segment) {
const buffer = (segment instanceof Buffer) ? segment : Buffer.from(JSON.stringify(segment));
return (0, utils_1.toWebSafeBase64)(buffer).replace(/=+$/, '');
}
/**
* Checks if a given `AppCheckTokenOptions` object is valid. If successful, returns an object with
* custom properties.
*
* @param options - An options object to be validated.
* @returns A custom object with ttl converted to protobuf Duration string format.
*/
validateTokenOptions(options) {
if (!validator.isNonNullObject(options)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'AppCheckTokenOptions must be a non-null object.');
}
if (typeof options.ttlMillis !== 'undefined') {
if (!validator.isNumber(options.ttlMillis)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'ttlMillis must be a duration in milliseconds.');
}
// ttlMillis must be between 30 minutes and 7 days (inclusive)
if (options.ttlMillis < (ONE_MINUTE_IN_MILLIS * 30) || options.ttlMillis > (ONE_DAY_IN_MILLIS * 7)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'ttlMillis must be a duration in milliseconds between 30 minutes and 7 days (inclusive).');
}
return { ttl: (0, utils_1.transformMillisecondsToSecondsString)(options.ttlMillis) };
}
return {};
}
}
exports.AppCheckTokenGenerator = AppCheckTokenGenerator;
/**
* Creates a new `FirebaseAppCheckError` by extracting the error code, message and other relevant
* details from a `CryptoSignerError`.
*
* @param err - The Error to convert into a `FirebaseAppCheckError` error
* @returns A Firebase App Check error that can be returned to the user.
*/
function appCheckErrorFromCryptoSignerError(err) {
if (!(err instanceof crypto_signer_1.CryptoSignerError)) {
return err;
}
if (err.code === crypto_signer_1.CryptoSignerErrorCode.SERVER_ERROR && validator.isNonNullObject(err.cause)) {
const httpError = err.cause;
const errorResponse = httpError.response.data;
if (errorResponse?.error) {
const status = errorResponse.error.status;
const description = errorResponse.error.message || JSON.stringify(httpError.response);
let code = 'unknown-error';
if (status && status in app_check_api_client_internal_1.APP_CHECK_ERROR_CODE_MAPPING) {
code = app_check_api_client_internal_1.APP_CHECK_ERROR_CODE_MAPPING[status];
}
return new app_check_api_client_internal_1.FirebaseAppCheckError(code, `Error returned from server while signing a custom token: ${description}`);
}
return new app_check_api_client_internal_1.FirebaseAppCheckError('internal-error', 'Error returned from server: ' + JSON.stringify(errorResponse) + '.');
}
return new app_check_api_client_internal_1.FirebaseAppCheckError(mapToAppCheckErrorCode(err.code), err.message);
}
function mapToAppCheckErrorCode(code) {
switch (code) {
case crypto_signer_1.CryptoSignerErrorCode.INVALID_CREDENTIAL:
return 'invalid-credential';
case crypto_signer_1.CryptoSignerErrorCode.INVALID_ARGUMENT:
return 'invalid-argument';
default:
return 'internal-error';
}
}

17
server/node_modules/firebase-admin/lib/app-check/token-verifier.d.ts generated vendored Normal file
View File

@@ -0,0 +1,17 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
export {};

147
server/node_modules/firebase-admin/lib/app-check/token-verifier.js generated vendored Normal file
View File

@@ -0,0 +1,147 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.AppCheckTokenVerifier = void 0;
const validator = require("../utils/validator");
const util = require("../utils/index");
const app_check_api_client_internal_1 = require("./app-check-api-client-internal");
const jwt_1 = require("../utils/jwt");
const APP_CHECK_ISSUER = 'https://firebaseappcheck.googleapis.com/';
const JWKS_URL = 'https://firebaseappcheck.googleapis.com/v1/jwks';
/**
* Class for verifying Firebase App Check tokens.
*
* @internal
*/
class AppCheckTokenVerifier {
constructor(app) {
this.app = app;
this.signatureVerifier = jwt_1.PublicKeySignatureVerifier.withJwksUrl(JWKS_URL, app.options.httpAgent);
}
/**
* Verifies the format and signature of a Firebase App Check token.
*
* @param token - The Firebase Auth JWT token to verify.
* @returns A promise fulfilled with the decoded claims of the Firebase App Check token.
*/
verifyToken(token) {
if (!validator.isString(token)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'App check token must be a non-null string.');
}
return this.ensureProjectId()
.then((projectId) => {
return this.decodeAndVerify(token, projectId);
})
.then((decoded) => {
const decodedAppCheckToken = decoded.payload;
decodedAppCheckToken.app_id = decodedAppCheckToken.sub;
return decodedAppCheckToken;
});
}
ensureProjectId() {
return util.findProjectId(this.app)
.then((projectId) => {
if (!validator.isNonEmptyString(projectId)) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-credential', 'Must initialize app with a cert credential or set your Firebase project ID as the ' +
'GOOGLE_CLOUD_PROJECT environment variable to verify an App Check token.');
}
return projectId;
});
}
decodeAndVerify(token, projectId) {
return this.safeDecode(token)
.then((decodedToken) => {
this.verifyContent(decodedToken, projectId);
return this.verifySignature(token)
.then(() => decodedToken);
});
}
safeDecode(jwtToken) {
return (0, jwt_1.decodeJwt)(jwtToken)
.catch(() => {
const errorMessage = 'Decoding App Check token failed. Make sure you passed ' +
'the entire string JWT which represents the Firebase App Check token.';
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
});
}
/**
* Verifies the content of a Firebase App Check JWT.
*
* @param fullDecodedToken - The decoded JWT.
* @param projectId - The Firebase Project Id.
*/
verifyContent(fullDecodedToken, projectId) {
const header = fullDecodedToken.header;
const payload = fullDecodedToken.payload;
const projectIdMatchMessage = ' Make sure the App Check token comes from the same ' +
'Firebase project as the service account used to authenticate this SDK.';
const scopedProjectId = `projects/${projectId}`;
let errorMessage;
if (header.alg !== jwt_1.ALGORITHM_RS256) {
errorMessage = 'The provided App Check token has incorrect algorithm. Expected "' +
jwt_1.ALGORITHM_RS256 + '" but got ' + '"' + header.alg + '".';
}
else if (!validator.isNonEmptyArray(payload.aud) || !payload.aud.includes(scopedProjectId)) {
errorMessage = 'The provided App Check token has incorrect "aud" (audience) claim. Expected "' +
scopedProjectId + '" but got "' + payload.aud + '".' + projectIdMatchMessage;
}
else if (typeof payload.iss !== 'string' || !payload.iss.startsWith(APP_CHECK_ISSUER)) {
errorMessage = 'The provided App Check token has incorrect "iss" (issuer) claim.';
}
else if (typeof payload.sub !== 'string') {
errorMessage = 'The provided App Check token has no "sub" (subject) claim.';
}
else if (payload.sub === '') {
errorMessage = 'The provided App Check token has an empty string "sub" (subject) claim.';
}
if (errorMessage) {
throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
}
}
verifySignature(jwtToken) {
return this.signatureVerifier.verify(jwtToken)
.catch((error) => {
throw this.mapJwtErrorToAppCheckError(error);
});
}
/**
* Maps JwtError to FirebaseAppCheckError
*
* @param error - JwtError to be mapped.
* @returns FirebaseAppCheckError instance.
*/
mapJwtErrorToAppCheckError(error) {
if (error.code === jwt_1.JwtErrorCode.TOKEN_EXPIRED) {
const errorMessage = 'The provided App Check token has expired. Get a fresh App Check token' +
' from your client app and try again.';
return new app_check_api_client_internal_1.FirebaseAppCheckError('app-check-token-expired', errorMessage);
}
else if (error.code === jwt_1.JwtErrorCode.INVALID_SIGNATURE) {
const errorMessage = 'The provided App Check token has invalid signature.';
return new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
}
else if (error.code === jwt_1.JwtErrorCode.NO_MATCHING_KID) {
const errorMessage = 'The provided App Check token has "kid" claim which does not ' +
'correspond to a known public key. Most likely the provided App Check token ' +
'is expired, so get a fresh token from your client app and try again.';
return new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
}
return new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', error.message);
}
}
exports.AppCheckTokenVerifier = AppCheckTokenVerifier;

187
server/node_modules/firebase-admin/lib/app/core.d.ts generated vendored Normal file
View File

@@ -0,0 +1,187 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Agent } from 'http';
import { Credential } from './credential';
/**
* Available options to pass to {@link firebase-admin.app#initializeApp}.
*/
export interface AppOptions {
/**
* A {@link firebase-admin.app#Credential} object used to
* authenticate the Admin SDK.
*
* See {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for detailed documentation and code samples.
*/
credential?: Credential;
/**
* The object to use as the {@link https://firebase.google.com/docs/reference/security/database/#auth | auth}
* variable in your Realtime Database Rules when the Admin SDK reads from or
* writes to the Realtime Database. This allows you to downscope the Admin SDK
* from its default full read and write privileges.
*
* You can pass `null` to act as an unauthenticated client.
*
* See
* {@link https://firebase.google.com/docs/database/admin/start#authenticate-with-limited-privileges |
* Authenticate with limited privileges}
* for detailed documentation and code samples.
*/
databaseAuthVariableOverride?: object | null;
/**
* The URL of the Realtime Database from which to read and write data.
*/
databaseURL?: string;
/**
* The ID of the service account to be used for signing custom tokens. This
* can be found in the `client_email` field of a service account JSON file.
*/
serviceAccountId?: string;
/**
* The name of the Google Cloud Storage bucket used for storing application data.
* Use only the bucket name without any prefixes or additions (do *not* prefix
* the name with "gs://").
*/
storageBucket?: string;
/**
* The ID of the Google Cloud project associated with the App.
*/
projectId?: string;
/**
* An {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when making outgoing HTTP calls. This Agent instance is used
* by all services that make REST calls (e.g. `auth`, `messaging`,
* `projectManagement`).
*
* Realtime Database and Firestore use other means of communicating with
* the backend servers, so they do not use this HTTP Agent. `Credential`
* instances also do not use this HTTP Agent, but instead support
* specifying an HTTP Agent in the corresponding factory methods.
*/
httpAgent?: Agent;
}
/**
* A Firebase app holds the initialization information for a collection of
* services.
*/
export interface App {
/**
* The (read-only) name for this app.
*
* The default app's name is `"[DEFAULT]"`.
*
* @example
* ```javascript
* // The default app's name is "[DEFAULT]"
* initializeApp(defaultAppConfig);
* console.log(admin.app().name); // "[DEFAULT]"
* ```
*
* @example
* ```javascript
* // A named app's name is what you provide to initializeApp()
* const otherApp = initializeApp(otherAppConfig, "other");
* console.log(otherApp.name); // "other"
* ```
*/
name: string;
/**
* The (read-only) configuration options for this app. These are the original
* parameters given in {@link firebase-admin.app#initializeApp}.
*
* @example
* ```javascript
* const app = initializeApp(config);
* console.log(app.options.credential === config.credential); // true
* console.log(app.options.databaseURL === config.databaseURL); // true
* ```
*/
options: AppOptions;
}
/**
* `FirebaseError` is a subclass of the standard JavaScript `Error` object. In
* addition to a message string and stack trace, it contains a string code.
*/
export interface FirebaseError {
/**
* Error codes are strings using the following format: `"service/string-code"`.
* Some examples include `"auth/invalid-uid"` and
* `"messaging/invalid-recipient"`.
*
* While the message for a given error can change, the code will remain the same
* between backward-compatible versions of the Firebase SDK.
*/
code: string;
/**
* An explanatory message for the error that just occurred.
*
* This message is designed to be helpful to you, the developer. Because
* it generally does not convey meaningful information to end users,
* this message should not be displayed in your application.
*/
message: string;
/**
* A string value containing the execution backtrace when the error originally
* occurred.
*
* This information can be useful for troubleshooting the cause of the error with
* {@link https://firebase.google.com/support | Firebase Support}.
*/
stack?: string;
/**
* Returns a JSON-serializable object representation of this error.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
}
/**
* Composite type which includes both a `FirebaseError` object and an index
* which can be used to get the errored item.
*
* @example
* ```javascript
* var registrationTokens = [token1, token2, token3];
* admin.messaging().subscribeToTopic(registrationTokens, 'topic-name')
* .then(function(response) {
* if (response.failureCount > 0) {
* console.log("Following devices unsucessfully subscribed to topic:");
* response.errors.forEach(function(error) {
* var invalidToken = registrationTokens[error.index];
* console.log(invalidToken, error.error);
* });
* } else {
* console.log("All devices successfully subscribed to topic:", response);
* }
* })
* .catch(function(error) {
* console.log("Error subscribing to topic:", error);
* });
*```
*/
export interface FirebaseArrayIndexError {
/**
* The index of the errored item within the original array passed as part of the
* called API method.
*/
index: number;
/**
* The error object.
*/
error: FirebaseError;
}

19
server/node_modules/firebase-admin/lib/app/core.js generated vendored Normal file
View File

@@ -0,0 +1,19 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

122
server/node_modules/firebase-admin/lib/app/credential-factory.d.ts generated vendored Normal file
View File

@@ -0,0 +1,122 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Agent } from 'http';
import { Credential, ServiceAccount } from './credential';
/**
* Returns a credential created from the
* {@link https://developers.google.com/identity/protocols/application-default-credentials |
* Google Application Default Credentials}
* that grants admin access to Firebase services. This credential can be used
* in the call to {@link firebase-admin.app#initializeApp}.
*
* Google Application Default Credentials are available on any Google
* infrastructure, such as Google App Engine and Google Compute Engine.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* initializeApp({
* credential: applicationDefault(),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via Google
* Application Default Credentials that can be used to initialize an app.
*/
export declare function applicationDefault(httpAgent?: Agent): Credential;
/**
* Returns a credential created from the provided service account that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a service account key JSON file
* const serviceAccount = require("path/to/serviceAccountKey.json");
* initializeApp({
* credential: cert(serviceAccount),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @example
* ```javascript
* // Providing a service account object inline
* initializeApp({
* credential: cert({
* projectId: "<PROJECT_ID>",
* clientEmail: "foo@<PROJECT_ID>.iam.gserviceaccount.com",
* privateKey: "-----BEGIN PRIVATE KEY-----<KEY>-----END PRIVATE KEY-----\n"
* }),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param serviceAccountPathOrObject - The path to a service
* account key JSON file or an object representing a service account key.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
export declare function cert(serviceAccountPathOrObject: string | ServiceAccount, httpAgent?: Agent): Credential;
/**
* Returns a credential created from the provided refresh token that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a refresh token JSON file
* const refreshToken = require("path/to/refreshToken.json");
* initializeApp({
* credential: refreshToken(refreshToken),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param refreshTokenPathOrObject - The path to a Google
* OAuth2 refresh token JSON file or an object representing a Google OAuth2
* refresh token.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
export declare function refreshToken(refreshTokenPathOrObject: string | object, httpAgent?: Agent): Credential;
/**
* Clears the global ADC cache. Exported for testing.
*/
export declare function clearGlobalAppDefaultCred(): void;

149
server/node_modules/firebase-admin/lib/app/credential-factory.js generated vendored Normal file
View File

@@ -0,0 +1,149 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.applicationDefault = applicationDefault;
exports.cert = cert;
exports.refreshToken = refreshToken;
exports.clearGlobalAppDefaultCred = clearGlobalAppDefaultCred;
const credential_internal_1 = require("./credential-internal");
let globalAppDefaultCred;
const globalCertCreds = {};
const globalRefreshTokenCreds = {};
/**
* Returns a credential created from the
* {@link https://developers.google.com/identity/protocols/application-default-credentials |
* Google Application Default Credentials}
* that grants admin access to Firebase services. This credential can be used
* in the call to {@link firebase-admin.app#initializeApp}.
*
* Google Application Default Credentials are available on any Google
* infrastructure, such as Google App Engine and Google Compute Engine.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* initializeApp({
* credential: applicationDefault(),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via Google
* Application Default Credentials that can be used to initialize an app.
*/
function applicationDefault(httpAgent) {
if (typeof globalAppDefaultCred === 'undefined') {
globalAppDefaultCred = (0, credential_internal_1.getApplicationDefault)(httpAgent);
}
return globalAppDefaultCred;
}
/**
* Returns a credential created from the provided service account that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a service account key JSON file
* const serviceAccount = require("path/to/serviceAccountKey.json");
* initializeApp({
* credential: cert(serviceAccount),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @example
* ```javascript
* // Providing a service account object inline
* initializeApp({
* credential: cert({
* projectId: "<PROJECT_ID>",
* clientEmail: "foo@<PROJECT_ID>.iam.gserviceaccount.com",
* privateKey: "-----BEGIN PRIVATE KEY-----<KEY>-----END PRIVATE KEY-----\n"
* }),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param serviceAccountPathOrObject - The path to a service
* account key JSON file or an object representing a service account key.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
function cert(serviceAccountPathOrObject, httpAgent) {
const stringifiedServiceAccount = JSON.stringify(serviceAccountPathOrObject);
if (!(stringifiedServiceAccount in globalCertCreds)) {
globalCertCreds[stringifiedServiceAccount] = new credential_internal_1.ServiceAccountCredential(serviceAccountPathOrObject, httpAgent);
}
return globalCertCreds[stringifiedServiceAccount];
}
/**
* Returns a credential created from the provided refresh token that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a refresh token JSON file
* const refreshToken = require("path/to/refreshToken.json");
* initializeApp({
* credential: refreshToken(refreshToken),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param refreshTokenPathOrObject - The path to a Google
* OAuth2 refresh token JSON file or an object representing a Google OAuth2
* refresh token.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
function refreshToken(refreshTokenPathOrObject, httpAgent) {
const stringifiedRefreshToken = JSON.stringify(refreshTokenPathOrObject);
if (!(stringifiedRefreshToken in globalRefreshTokenCreds)) {
globalRefreshTokenCreds[stringifiedRefreshToken] = new credential_internal_1.RefreshTokenCredential(refreshTokenPathOrObject, httpAgent);
}
return globalRefreshTokenCreds[stringifiedRefreshToken];
}
/**
* Clears the global ADC cache. Exported for testing.
*/
function clearGlobalAppDefaultCred() {
globalAppDefaultCred = undefined;
}

122
server/node_modules/firebase-admin/lib/app/credential-internal.d.ts generated vendored Normal file
View File

@@ -0,0 +1,122 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Agent } from 'http';
import { Credential, GoogleOAuthAccessToken } from './credential';
/**
* Implementation of ADC that uses google-auth-library-nodejs.
*/
export declare class ApplicationDefaultCredential implements Credential {
private readonly googleAuth;
private authClient;
private projectId?;
private quotaProjectId?;
private accountId?;
constructor(httpAgent?: Agent);
getAccessToken(): Promise<GoogleOAuthAccessToken>;
getProjectId(): Promise<string>;
getQuotaProjectId(): string | undefined;
isComputeEngineCredential(): Promise<boolean>;
/**
* getIDToken returns a OIDC token from the compute metadata service
* that can be used to make authenticated calls to audience
* @param audience the URL the returned ID token will be used to call.
*/
getIDToken(audience: string): Promise<string>;
getServiceAccountEmail(): Promise<string>;
}
/**
* Implementation of Credential that uses a service account.
*/
export declare class ServiceAccountCredential implements Credential {
private readonly serviceAccountPathOrObject;
private readonly httpAgent?;
readonly implicit: boolean;
readonly projectId: string;
readonly privateKey: string;
readonly clientEmail: string;
private googleAuth;
private authClient;
/**
* Creates a new ServiceAccountCredential from the given parameters.
*
* @param serviceAccountPathOrObject - Service account json object or path to a service account json file.
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
* @param implicit - An optional boolean indicating whether this credential was implicitly discovered from the
* environment, as opposed to being explicitly specified by the developer.
*
* @constructor
*/
constructor(serviceAccountPathOrObject: string | object, httpAgent?: Agent | undefined, implicit?: boolean);
private getGoogleAuth;
getAccessToken(): Promise<GoogleOAuthAccessToken>;
}
/**
* Implementation of Credential that gets access tokens from refresh tokens.
*/
export declare class RefreshTokenCredential implements Credential {
private readonly refreshTokenPathOrObject;
private readonly httpAgent?;
readonly implicit: boolean;
private googleAuth;
private authClient;
/**
* Creates a new RefreshTokenCredential from the given parameters.
*
* @param refreshTokenPathOrObject - Refresh token json object or path to a refresh token
* (user credentials) json file.
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
* @param implicit - An optinal boolean indicating whether this credential was implicitly
* discovered from the environment, as opposed to being explicitly specified by the developer.
*
* @constructor
*/
constructor(refreshTokenPathOrObject: string | object, httpAgent?: Agent | undefined, implicit?: boolean);
private getGoogleAuth;
getAccessToken(): Promise<GoogleOAuthAccessToken>;
}
/**
* Implementation of Credential that uses impersonated service account.
*/
export declare class ImpersonatedServiceAccountCredential implements Credential {
private readonly impersonatedServiceAccountPathOrObject;
private readonly httpAgent?;
readonly implicit: boolean;
private googleAuth;
private authClient;
/**
* Creates a new ImpersonatedServiceAccountCredential from the given parameters.
*
* @param impersonatedServiceAccountPathOrObject - Impersonated Service account json object or
* path to a service account json file.
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
* @param implicit - An optional boolean indicating whether this credential was implicitly
* discovered from the environment, as opposed to being explicitly specified by the developer.
*
* @constructor
*/
constructor(impersonatedServiceAccountPathOrObject: string | object, httpAgent?: Agent | undefined, implicit?: boolean);
private getGoogleAuth;
getAccessToken(): Promise<GoogleOAuthAccessToken>;
}
/**
* Checks if the given credential was loaded via the application default credentials mechanism.
*
* @param credential - The credential instance to check.
*/
export declare function isApplicationDefault(credential?: Credential): boolean;
export declare function getApplicationDefault(httpAgent?: Agent): Credential;

418
server/node_modules/firebase-admin/lib/app/credential-internal.js generated vendored Normal file
View File

@@ -0,0 +1,418 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.ImpersonatedServiceAccountCredential = exports.RefreshTokenCredential = exports.ServiceAccountCredential = exports.ApplicationDefaultCredential = void 0;
exports.isApplicationDefault = isApplicationDefault;
exports.getApplicationDefault = getApplicationDefault;
const fs = require("fs");
const google_auth_library_1 = require("google-auth-library");
const error_1 = require("../utils/error");
const util = require("../utils/validator");
const SCOPES = [
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/firebase.database',
'https://www.googleapis.com/auth/firebase.messaging',
'https://www.googleapis.com/auth/identitytoolkit',
'https://www.googleapis.com/auth/userinfo.email',
];
/**
* Implementation of ADC that uses google-auth-library-nodejs.
*/
class ApplicationDefaultCredential {
constructor(httpAgent) {
this.googleAuth = new google_auth_library_1.GoogleAuth({
scopes: SCOPES,
clientOptions: {
transporterOptions: {
agent: httpAgent,
},
},
});
}
async getAccessToken() {
if (!this.authClient) {
this.authClient = await this.googleAuth.getClient();
}
await this.authClient.getAccessToken();
const credentials = this.authClient.credentials;
this.quotaProjectId = this.authClient.quotaProjectId;
return populateCredential(credentials);
}
async getProjectId() {
if (!this.projectId) {
this.projectId = await this.googleAuth.getProjectId();
}
return Promise.resolve(this.projectId);
}
getQuotaProjectId() {
if (!this.quotaProjectId) {
this.quotaProjectId = this.authClient?.quotaProjectId;
}
return this.quotaProjectId;
}
async isComputeEngineCredential() {
if (!this.authClient) {
this.authClient = await this.googleAuth.getClient();
}
return Promise.resolve(this.authClient instanceof google_auth_library_1.Compute);
}
/**
* getIDToken returns a OIDC token from the compute metadata service
* that can be used to make authenticated calls to audience
* @param audience the URL the returned ID token will be used to call.
*/
async getIDToken(audience) {
if (await this.isComputeEngineCredential()) {
return this.authClient.fetchIdToken(audience);
}
else {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Credentials type should be Compute Engine Credentials.');
}
}
async getServiceAccountEmail() {
if (this.accountId) {
return Promise.resolve(this.accountId);
}
const { client_email: clientEmail } = await this.googleAuth.getCredentials();
this.accountId = clientEmail ?? '';
return Promise.resolve(this.accountId);
}
}
exports.ApplicationDefaultCredential = ApplicationDefaultCredential;
/**
* Implementation of Credential that uses a service account.
*/
class ServiceAccountCredential {
/**
* Creates a new ServiceAccountCredential from the given parameters.
*
* @param serviceAccountPathOrObject - Service account json object or path to a service account json file.
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
* @param implicit - An optional boolean indicating whether this credential was implicitly discovered from the
* environment, as opposed to being explicitly specified by the developer.
*
* @constructor
*/
constructor(serviceAccountPathOrObject, httpAgent, implicit = false) {
this.serviceAccountPathOrObject = serviceAccountPathOrObject;
this.httpAgent = httpAgent;
this.implicit = implicit;
const serviceAccount = (typeof serviceAccountPathOrObject === 'string') ?
ServiceAccount.fromPath(serviceAccountPathOrObject)
: new ServiceAccount(serviceAccountPathOrObject);
this.projectId = serviceAccount.projectId;
this.privateKey = serviceAccount.privateKey;
this.clientEmail = serviceAccount.clientEmail;
}
getGoogleAuth() {
if (this.googleAuth) {
return this.googleAuth;
}
const { auth, client } = populateGoogleAuth(this.serviceAccountPathOrObject, this.httpAgent);
this.googleAuth = auth;
this.authClient = client;
return this.googleAuth;
}
async getAccessToken() {
const googleAuth = this.getGoogleAuth();
if (this.authClient === undefined) {
this.authClient = await googleAuth.getClient();
}
await this.authClient.getAccessToken();
const credentials = this.authClient.credentials;
return populateCredential(credentials);
}
}
exports.ServiceAccountCredential = ServiceAccountCredential;
/**
* A struct containing the properties necessary to use service account JSON credentials.
*/
class ServiceAccount {
static fromPath(filePath) {
try {
return new ServiceAccount(JSON.parse(fs.readFileSync(filePath, 'utf8')));
}
catch (error) {
// Throw a nicely formed error message if the file contents cannot be parsed
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse service account json file: ' + error);
}
}
constructor(json) {
if (!util.isNonNullObject(json)) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Service account must be an object.');
}
copyAttr(this, json, 'projectId', 'project_id');
copyAttr(this, json, 'privateKey', 'private_key');
copyAttr(this, json, 'clientEmail', 'client_email');
let errorMessage;
if (!util.isNonEmptyString(this.projectId)) {
errorMessage = 'Service account object must contain a string "project_id" property.';
}
else if (!util.isNonEmptyString(this.privateKey)) {
errorMessage = 'Service account object must contain a string "private_key" property.';
}
else if (!util.isNonEmptyString(this.clientEmail)) {
errorMessage = 'Service account object must contain a string "client_email" property.';
}
if (typeof errorMessage !== 'undefined') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
}
// eslint-disable-next-line @typescript-eslint/no-var-requires
const forge = require('node-forge');
try {
forge.pki.privateKeyFromPem(this.privateKey);
}
catch (error) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse private key: ' + error);
}
}
}
/**
* Implementation of Credential that gets access tokens from refresh tokens.
*/
class RefreshTokenCredential {
/**
* Creates a new RefreshTokenCredential from the given parameters.
*
* @param refreshTokenPathOrObject - Refresh token json object or path to a refresh token
* (user credentials) json file.
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
* @param implicit - An optinal boolean indicating whether this credential was implicitly
* discovered from the environment, as opposed to being explicitly specified by the developer.
*
* @constructor
*/
constructor(refreshTokenPathOrObject, httpAgent, implicit = false) {
this.refreshTokenPathOrObject = refreshTokenPathOrObject;
this.httpAgent = httpAgent;
this.implicit = implicit;
(typeof refreshTokenPathOrObject === 'string') ?
RefreshToken.validateFromPath(refreshTokenPathOrObject)
: RefreshToken.validateFromJSON(refreshTokenPathOrObject);
}
getGoogleAuth() {
if (this.googleAuth) {
return this.googleAuth;
}
const { auth, client } = populateGoogleAuth(this.refreshTokenPathOrObject, this.httpAgent);
this.googleAuth = auth;
this.authClient = client;
return this.googleAuth;
}
async getAccessToken() {
const googleAuth = this.getGoogleAuth();
if (this.authClient === undefined) {
this.authClient = await googleAuth.getClient();
}
await this.authClient.getAccessToken();
const credentials = this.authClient.credentials;
return populateCredential(credentials);
}
}
exports.RefreshTokenCredential = RefreshTokenCredential;
class RefreshToken {
/*
* Tries to load a RefreshToken from a path. Throws if the path doesn't exist or the
* data at the path is invalid.
*/
static validateFromPath(filePath) {
try {
RefreshToken.validateFromJSON(JSON.parse(fs.readFileSync(filePath, 'utf8')));
}
catch (error) {
// Throw a nicely formed error message if the file contents cannot be parsed
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse refresh token file: ' + error);
}
}
static validateFromJSON(json) {
const creds = { clientId: '', clientSecret: '', refreshToken: '', type: '' };
copyAttr(creds, json, 'clientId', 'client_id');
copyAttr(creds, json, 'clientSecret', 'client_secret');
copyAttr(creds, json, 'refreshToken', 'refresh_token');
copyAttr(creds, json, 'type', 'type');
let errorMessage;
if (!util.isNonEmptyString(creds.clientId)) {
errorMessage = 'Refresh token must contain a "client_id" property.';
}
else if (!util.isNonEmptyString(creds.clientSecret)) {
errorMessage = 'Refresh token must contain a "client_secret" property.';
}
else if (!util.isNonEmptyString(creds.refreshToken)) {
errorMessage = 'Refresh token must contain a "refresh_token" property.';
}
else if (!util.isNonEmptyString(creds.type)) {
errorMessage = 'Refresh token must contain a "type" property.';
}
if (typeof errorMessage !== 'undefined') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
}
}
}
/**
* Implementation of Credential that uses impersonated service account.
*/
class ImpersonatedServiceAccountCredential {
/**
* Creates a new ImpersonatedServiceAccountCredential from the given parameters.
*
* @param impersonatedServiceAccountPathOrObject - Impersonated Service account json object or
* path to a service account json file.
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
* @param implicit - An optional boolean indicating whether this credential was implicitly
* discovered from the environment, as opposed to being explicitly specified by the developer.
*
* @constructor
*/
constructor(impersonatedServiceAccountPathOrObject, httpAgent, implicit = false) {
this.impersonatedServiceAccountPathOrObject = impersonatedServiceAccountPathOrObject;
this.httpAgent = httpAgent;
this.implicit = implicit;
(typeof impersonatedServiceAccountPathOrObject === 'string') ?
ImpersonatedServiceAccount.validateFromPath(impersonatedServiceAccountPathOrObject)
: ImpersonatedServiceAccount.validateFromJSON(impersonatedServiceAccountPathOrObject);
}
getGoogleAuth() {
if (this.googleAuth) {
return this.googleAuth;
}
const { auth, client } = populateGoogleAuth(this.impersonatedServiceAccountPathOrObject, this.httpAgent);
this.googleAuth = auth;
this.authClient = client;
return this.googleAuth;
}
async getAccessToken() {
const googleAuth = this.getGoogleAuth();
if (this.authClient === undefined) {
this.authClient = await googleAuth.getClient();
}
await this.authClient.getAccessToken();
const credentials = this.authClient.credentials;
return populateCredential(credentials);
}
}
exports.ImpersonatedServiceAccountCredential = ImpersonatedServiceAccountCredential;
/**
* A helper class to validate the properties necessary to use impersonated service account credentials.
*/
class ImpersonatedServiceAccount {
/*
* Tries to load a ImpersonatedServiceAccount from a path. Throws if the path doesn't exist or the
* data at the path is invalid.
*/
static validateFromPath(filePath) {
try {
ImpersonatedServiceAccount.validateFromJSON(JSON.parse(fs.readFileSync(filePath, 'utf8')));
}
catch (error) {
// Throw a nicely formed error message if the file contents cannot be parsed
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse impersonated service account file: ' + error);
}
}
static validateFromJSON(json) {
const { client_id: clientId, client_secret: clientSecret, refresh_token: refreshToken, type } = json['source_credentials'];
let errorMessage;
if (!util.isNonEmptyString(clientId)) {
errorMessage = 'Impersonated Service Account must contain a "source_credentials.client_id" property.';
}
else if (!util.isNonEmptyString(clientSecret)) {
errorMessage = 'Impersonated Service Account must contain a "source_credentials.client_secret" property.';
}
else if (!util.isNonEmptyString(refreshToken)) {
errorMessage = 'Impersonated Service Account must contain a "source_credentials.refresh_token" property.';
}
else if (!util.isNonEmptyString(type)) {
errorMessage = 'Impersonated Service Account must contain a "source_credentials.type" property.';
}
if (typeof errorMessage !== 'undefined') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
}
}
}
/**
* Checks if the given credential was loaded via the application default credentials mechanism.
*
* @param credential - The credential instance to check.
*/
function isApplicationDefault(credential) {
return credential instanceof ApplicationDefaultCredential ||
(credential instanceof RefreshTokenCredential && credential.implicit);
}
function getApplicationDefault(httpAgent) {
return new ApplicationDefaultCredential(httpAgent);
}
/**
* Copies the specified property from one object to another.
*
* If no property exists by the given "key", looks for a property identified by "alt", and copies it instead.
* This can be used to implement behaviors such as "copy property myKey or my_key".
*
* @param to - Target object to copy the property into.
* @param from - Source object to copy the property from.
* @param key - Name of the property to copy.
* @param alt - Alternative name of the property to copy.
*/
function copyAttr(to, from, key, alt) {
const tmp = from[key] || from[alt];
if (typeof tmp !== 'undefined') {
to[key] = tmp;
}
}
/**
* Populate google-auth-library GoogleAuth credentials type.
*/
function populateGoogleAuth(keyFile, httpAgent) {
let client;
const auth = new google_auth_library_1.GoogleAuth({
scopes: SCOPES,
clientOptions: {
transporterOptions: {
agent: httpAgent,
},
},
keyFile: (typeof keyFile === 'string') ? keyFile : undefined,
});
if (typeof keyFile === 'object') {
if (!util.isNonNullObject(keyFile)) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Service account must be an object.');
}
copyAttr(keyFile, keyFile, 'project_id', 'projectId');
copyAttr(keyFile, keyFile, 'private_key', 'privateKey');
copyAttr(keyFile, keyFile, 'client_email', 'clientEmail');
client = auth.fromJSON(keyFile);
}
return { auth, client };
}
/**
* Populate GoogleOAuthAccessToken credentials from google-auth-library Credentials type.
*/
function populateCredential(credentials) {
const accessToken = credentials?.access_token;
const expiryDate = credentials?.expiry_date;
if (typeof accessToken !== 'string')
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse Google auth credential: access_token must be a non empty string.');
if (typeof expiryDate !== 'number')
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse Google auth credential: Invalid expiry_date.');
return {
...credentials,
access_token: accessToken,
// inverse operation of following
// https://github.com/googleapis/google-auth-library-nodejs/blob/5ed910513451c82e2551777a3e2212964799ef8e/src/auth/baseexternalclient.ts#L446-L446
expires_in: Math.floor((expiryDate - new Date().getTime()) / 1000),
};
}

45
server/node_modules/firebase-admin/lib/app/credential.d.ts generated vendored Normal file
View File

@@ -0,0 +1,45 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
export interface ServiceAccount {
projectId?: string;
clientEmail?: string;
privateKey?: string;
}
/**
* Interface for Google OAuth 2.0 access tokens.
*/
export interface GoogleOAuthAccessToken {
access_token: string;
expires_in: number;
}
/**
* Interface that provides Google OAuth2 access tokens used to authenticate
* with Firebase services.
*
* In most cases, you will not need to implement this yourself and can instead
* use the default implementations provided by the `firebase-admin/app` module.
*/
export interface Credential {
/**
* Returns a Google OAuth2 access token object used to authenticate with
* Firebase services.
*
* @returns A Google OAuth2 access token object.
*/
getAccessToken(): Promise<GoogleOAuthAccessToken>;
}

19
server/node_modules/firebase-admin/lib/app/credential.js generated vendored Normal file
View File

@@ -0,0 +1,19 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

53
server/node_modules/firebase-admin/lib/app/firebase-app.d.ts generated vendored Normal file
View File

@@ -0,0 +1,53 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Credential } from './credential';
/**
* Type representing a Firebase OAuth access token (derived from a Google OAuth2 access token) which
* can be used to authenticate to Firebase services such as the Realtime Database and Auth.
*/
export interface FirebaseAccessToken {
accessToken: string;
expirationTime: number;
}
/**
* Internals of a FirebaseApp instance.
*/
export declare class FirebaseAppInternals {
private credential_;
private cachedToken_;
private promiseToCachedToken_;
private tokenListeners_;
private isRefreshing;
constructor(credential_: Credential);
getToken(forceRefresh?: boolean): Promise<FirebaseAccessToken>;
getCachedToken(): FirebaseAccessToken | null;
private refreshToken;
private shouldRefresh;
/**
* Adds a listener that is called each time a token changes.
*
* @param listener - The listener that will be called with each new token.
*/
addAuthTokenListener(listener: (token: string) => void): void;
/**
* Removes a token listener.
*
* @param listener - The listener to remove.
*/
removeAuthTokenListener(listener: (token: string) => void): void;
}

234
server/node_modules/firebase-admin/lib/app/firebase-app.js generated vendored Normal file
View File

@@ -0,0 +1,234 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseApp = exports.FirebaseAppInternals = void 0;
const credential_internal_1 = require("./credential-internal");
const validator = require("../utils/validator");
const deep_copy_1 = require("../utils/deep-copy");
const error_1 = require("../utils/error");
const TOKEN_EXPIRY_THRESHOLD_MILLIS = 5 * 60 * 1000;
/**
* Internals of a FirebaseApp instance.
*/
class FirebaseAppInternals {
// eslint-disable-next-line @typescript-eslint/naming-convention
constructor(credential_) {
this.credential_ = credential_;
this.tokenListeners_ = [];
this.isRefreshing = false;
}
getToken(forceRefresh = false) {
if (forceRefresh || this.shouldRefresh()) {
this.promiseToCachedToken_ = this.refreshToken();
}
return this.promiseToCachedToken_;
}
getCachedToken() {
return this.cachedToken_ || null;
}
refreshToken() {
this.isRefreshing = true;
return Promise.resolve(this.credential_.getAccessToken())
.then((result) => {
// Since the developer can provide the credential implementation, we want to weakly verify
// the return type until the type is properly exported.
if (!validator.isNonNullObject(result) ||
typeof result.expires_in !== 'number' ||
typeof result.access_token !== 'string') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, `Invalid access token generated: "${JSON.stringify(result)}". Valid access ` +
'tokens must be an object with the "expires_in" (number) and "access_token" ' +
'(string) properties.');
}
const token = {
accessToken: result.access_token,
expirationTime: Date.now() + (result.expires_in * 1000),
};
if (!this.cachedToken_
|| this.cachedToken_.accessToken !== token.accessToken
|| this.cachedToken_.expirationTime !== token.expirationTime) {
// Update the cache before firing listeners. Listeners may directly query the
// cached token state.
this.cachedToken_ = token;
this.tokenListeners_.forEach((listener) => {
listener(token.accessToken);
});
}
return token;
})
.catch((error) => {
let errorMessage = (typeof error === 'string') ? error : error.message;
errorMessage = 'Credential implementation provided to initializeApp() via the ' +
'"credential" property failed to fetch a valid Google OAuth2 access token with the ' +
`following error: "${errorMessage}".`;
if (errorMessage.indexOf('invalid_grant') !== -1) {
errorMessage += ' There are two likely causes: (1) your server time is not properly ' +
'synced or (2) your certificate key file has been revoked. To solve (1), re-sync the ' +
'time on your server. To solve (2), make sure the key ID for your key file is still ' +
'present at https://console.firebase.google.com/iam-admin/serviceaccounts/project. If ' +
'not, generate a new key file at ' +
'https://console.firebase.google.com/project/_/settings/serviceaccounts/adminsdk.';
}
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
})
.finally(() => {
this.isRefreshing = false;
});
}
shouldRefresh() {
return (!this.cachedToken_ || (this.cachedToken_.expirationTime - Date.now()) <= TOKEN_EXPIRY_THRESHOLD_MILLIS)
&& !this.isRefreshing;
}
/**
* Adds a listener that is called each time a token changes.
*
* @param listener - The listener that will be called with each new token.
*/
addAuthTokenListener(listener) {
this.tokenListeners_.push(listener);
if (this.cachedToken_) {
listener(this.cachedToken_.accessToken);
}
}
/**
* Removes a token listener.
*
* @param listener - The listener to remove.
*/
removeAuthTokenListener(listener) {
this.tokenListeners_ = this.tokenListeners_.filter((other) => other !== listener);
}
}
exports.FirebaseAppInternals = FirebaseAppInternals;
/**
* Global context object for a collection of services using a shared authentication state.
*
* @internal
*/
class FirebaseApp {
constructor(options, name, autoInit = false, appStore) {
this.appStore = appStore;
this.services_ = {};
this.isDeleted_ = false;
this.autoInit_ = false;
this.customCredential_ = true;
this.name_ = name;
this.options_ = (0, deep_copy_1.deepCopy)(options);
this.autoInit_ = autoInit;
if (!validator.isNonNullObject(this.options_)) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, 'Invalid Firebase app options passed as the first argument to initializeApp() for the ' +
`app named "${this.name_}". Options must be a non-null object.`);
}
const hasCredential = ('credential' in this.options_);
if (!hasCredential) {
this.customCredential_ = false;
this.options_.credential = (0, credential_internal_1.getApplicationDefault)(this.options_.httpAgent);
}
const credential = this.options_.credential;
if (typeof credential !== 'object' || credential === null || typeof credential.getAccessToken !== 'function') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, 'Invalid Firebase app options passed as the first argument to initializeApp() for the ' +
`app named "${this.name_}". The "credential" property must be an object which implements ` +
'the Credential interface.');
}
this.INTERNAL = new FirebaseAppInternals(credential);
}
/**
* Returns the name of the FirebaseApp instance.
*
* @returns The name of the FirebaseApp instance.
*/
get name() {
this.checkDestroyed_();
return this.name_;
}
/**
* Returns the options for the FirebaseApp instance.
*
* @returns The options for the FirebaseApp instance.
*/
get options() {
this.checkDestroyed_();
return (0, deep_copy_1.deepCopy)(this.options_);
}
/**
* @internal
*/
getOrInitService(name, init) {
return this.ensureService_(name, () => init(this));
}
/**
* Returns `true` if this app was initialized with auto-initialization.
*
* @internal
*/
autoInit() {
return this.autoInit_;
}
/**
* Returns `true` if the `FirebaseApp` instance was initialized with a custom
* `Credential`.
*
* @internal
*/
customCredential() {
return this.customCredential_;
}
/**
* Deletes the FirebaseApp instance.
*
* @returns An empty Promise fulfilled once the FirebaseApp instance is deleted.
*/
delete() {
this.checkDestroyed_();
// Also remove the instance from the AppStore. This is needed to support the existing
// app.delete() use case. In the future we can remove this API, and deleteApp() will
// become the only way to tear down an App.
this.appStore?.removeApp(this.name);
return Promise.all(Object.keys(this.services_).map((serviceName) => {
const service = this.services_[serviceName];
if (isStateful(service)) {
return service.delete();
}
return Promise.resolve();
})).then(() => {
this.services_ = {};
this.isDeleted_ = true;
});
}
// eslint-disable-next-line @typescript-eslint/naming-convention
ensureService_(serviceName, initializer) {
this.checkDestroyed_();
if (!(serviceName in this.services_)) {
this.services_[serviceName] = initializer();
}
return this.services_[serviceName];
}
/**
* Throws an Error if the FirebaseApp instance has already been deleted.
*/
// eslint-disable-next-line @typescript-eslint/naming-convention
checkDestroyed_() {
if (this.isDeleted_) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.APP_DELETED, `Firebase app named "${this.name_}" has already been deleted.`);
}
}
}
exports.FirebaseApp = FirebaseApp;
function isStateful(service) {
return typeof service.delete === 'function';
}

163
server/node_modules/firebase-admin/lib/app/firebase-namespace.d.ts generated vendored Normal file
View File

@@ -0,0 +1,163 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { AppStore } from './lifecycle';
import { app, appCheck, auth, messaging, machineLearning, storage, firestore, database, instanceId, installations, projectManagement, securityRules, remoteConfig, AppOptions } from '../firebase-namespace-api';
import { cert, refreshToken, applicationDefault } from './credential-factory';
import App = app.App;
import AppCheck = appCheck.AppCheck;
import Auth = auth.Auth;
import Database = database.Database;
import Firestore = firestore.Firestore;
import Installations = installations.Installations;
import InstanceId = instanceId.InstanceId;
import MachineLearning = machineLearning.MachineLearning;
import Messaging = messaging.Messaging;
import ProjectManagement = projectManagement.ProjectManagement;
import RemoteConfig = remoteConfig.RemoteConfig;
import SecurityRules = securityRules.SecurityRules;
import Storage = storage.Storage;
export interface FirebaseServiceNamespace<T> {
(app?: App): T;
[key: string]: any;
}
/**
* Internals of a FirebaseNamespace instance.
*/
export declare class FirebaseNamespaceInternals {
private readonly appStore;
constructor(appStore: AppStore);
/**
* Initializes the App instance.
*
* @param options - Optional options for the App instance. If none present will try to initialize
* from the FIREBASE_CONFIG environment variable. If the environment variable contains a string
* that starts with '{' it will be parsed as JSON, otherwise it will be assumed to be pointing
* to a file.
* @param appName - Optional name of the FirebaseApp instance.
*
* @returns A new App instance.
*/
initializeApp(options?: AppOptions, appName?: string): App;
/**
* Returns the App instance with the provided name (or the default App instance
* if no name is provided).
*
* @param appName - Optional name of the FirebaseApp instance to return.
* @returns The App instance which has the provided name.
*/
app(appName?: string): App;
get apps(): App[];
}
/**
* Global Firebase context object.
*/
export declare class FirebaseNamespace {
__esModule: boolean;
credential: {
cert: typeof cert;
refreshToken: typeof refreshToken;
applicationDefault: typeof applicationDefault;
};
SDK_VERSION: string;
INTERNAL: FirebaseNamespaceInternals;
Promise: any;
constructor(appStore?: AppStore);
/**
* Gets the `Auth` service namespace. The returned namespace can be used to get the
* `Auth` service for the default app or an explicitly specified app.
*/
get auth(): FirebaseServiceNamespace<Auth>;
/**
* Gets the `Database` service namespace. The returned namespace can be used to get the
* `Database` service for the default app or an explicitly specified app.
*/
get database(): FirebaseServiceNamespace<Database>;
/**
* Gets the `Messaging` service namespace. The returned namespace can be used to get the
* `Messaging` service for the default app or an explicitly specified app.
*/
get messaging(): FirebaseServiceNamespace<Messaging>;
/**
* Gets the `Storage` service namespace. The returned namespace can be used to get the
* `Storage` service for the default app or an explicitly specified app.
*/
get storage(): FirebaseServiceNamespace<Storage>;
/**
* Gets the `Firestore` service namespace. The returned namespace can be used to get the
* `Firestore` service for the default app or an explicitly specified app.
*/
get firestore(): FirebaseServiceNamespace<Firestore>;
/**
* Gets the `MachineLearning` service namespace. The returned namespace can be
* used to get the `MachineLearning` service for the default app or an
* explicityly specified app.
*/
get machineLearning(): FirebaseServiceNamespace<MachineLearning>;
/**
* Gets the `Installations` service namespace. The returned namespace can be used to get the
* `Installations` service for the default app or an explicitly specified app.
*/
get installations(): FirebaseServiceNamespace<Installations>;
/**
* Gets the `InstanceId` service namespace. The returned namespace can be used to get the
* `Instance` service for the default app or an explicitly specified app.
*/
get instanceId(): FirebaseServiceNamespace<InstanceId>;
/**
* Gets the `ProjectManagement` service namespace. The returned namespace can be used to get the
* `ProjectManagement` service for the default app or an explicitly specified app.
*/
get projectManagement(): FirebaseServiceNamespace<ProjectManagement>;
/**
* Gets the `SecurityRules` service namespace. The returned namespace can be used to get the
* `SecurityRules` service for the default app or an explicitly specified app.
*/
get securityRules(): FirebaseServiceNamespace<SecurityRules>;
/**
* Gets the `RemoteConfig` service namespace. The returned namespace can be used to get the
* `RemoteConfig` service for the default app or an explicitly specified app.
*/
get remoteConfig(): FirebaseServiceNamespace<RemoteConfig>;
/**
* Gets the `AppCheck` service namespace. The returned namespace can be used to get the
* `AppCheck` service for the default app or an explicitly specified app.
*/
get appCheck(): FirebaseServiceNamespace<AppCheck>;
/**
* Initializes the FirebaseApp instance.
*
* @param options - Optional options for the FirebaseApp instance.
* If none present will try to initialize from the FIREBASE_CONFIG environment variable.
* If the environment variable contains a string that starts with '{' it will be parsed as JSON,
* otherwise it will be assumed to be pointing to a file.
* @param appName - Optional name of the FirebaseApp instance.
*
* @returns A new FirebaseApp instance.
*/
initializeApp(options?: AppOptions, appName?: string): App;
/**
* Returns the FirebaseApp instance with the provided name (or the default FirebaseApp instance
* if no name is provided).
*
* @param appName - Optional name of the FirebaseApp instance to return.
* @returns The FirebaseApp instance which has the provided name.
*/
app(appName?: string): App;
get apps(): App[];
private ensureApp;
}

335
server/node_modules/firebase-admin/lib/app/firebase-namespace.js generated vendored Normal file
View File

@@ -0,0 +1,335 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.defaultNamespace = exports.FirebaseNamespace = exports.FirebaseNamespaceInternals = void 0;
const lifecycle_1 = require("./lifecycle");
const credential_factory_1 = require("./credential-factory");
const index_1 = require("../utils/index");
/**
* Internals of a FirebaseNamespace instance.
*/
class FirebaseNamespaceInternals {
constructor(appStore) {
this.appStore = appStore;
}
/**
* Initializes the App instance.
*
* @param options - Optional options for the App instance. If none present will try to initialize
* from the FIREBASE_CONFIG environment variable. If the environment variable contains a string
* that starts with '{' it will be parsed as JSON, otherwise it will be assumed to be pointing
* to a file.
* @param appName - Optional name of the FirebaseApp instance.
*
* @returns A new App instance.
*/
initializeApp(options, appName) {
const app = this.appStore.initializeApp(options, appName);
return extendApp(app);
}
/**
* Returns the App instance with the provided name (or the default App instance
* if no name is provided).
*
* @param appName - Optional name of the FirebaseApp instance to return.
* @returns The App instance which has the provided name.
*/
app(appName) {
const app = this.appStore.getApp(appName);
return extendApp(app);
}
/*
* Returns an array of all the non-deleted App instances.
*/
get apps() {
return this.appStore.getApps().map((app) => extendApp(app));
}
}
exports.FirebaseNamespaceInternals = FirebaseNamespaceInternals;
const firebaseCredential = {
cert: credential_factory_1.cert, refreshToken: credential_factory_1.refreshToken, applicationDefault: credential_factory_1.applicationDefault
};
/**
* Global Firebase context object.
*/
class FirebaseNamespace {
/* tslint:enable */
constructor(appStore) {
// Hack to prevent Babel from modifying the object returned as the default admin namespace.
/* tslint:disable:variable-name */
this.__esModule = true;
/* tslint:enable:variable-name */
this.credential = firebaseCredential;
this.SDK_VERSION = (0, index_1.getSdkVersion)();
/* tslint:disable */
// TODO(jwenger): Database is the only consumer of firebase.Promise. We should update it to use
// use the native Promise and then remove this.
this.Promise = Promise;
this.INTERNAL = new FirebaseNamespaceInternals(appStore ?? new lifecycle_1.AppStore());
}
/**
* Gets the `Auth` service namespace. The returned namespace can be used to get the
* `Auth` service for the default app or an explicitly specified app.
*/
get auth() {
const fn = (app) => {
return this.ensureApp(app).auth();
};
const auth = require('../auth/auth').Auth;
return Object.assign(fn, { Auth: auth });
}
/**
* Gets the `Database` service namespace. The returned namespace can be used to get the
* `Database` service for the default app or an explicitly specified app.
*/
get database() {
const fn = (app) => {
return this.ensureApp(app).database();
};
// eslint-disable-next-line @typescript-eslint/no-var-requires
return Object.assign(fn, require('@firebase/database-compat/standalone'));
}
/**
* Gets the `Messaging` service namespace. The returned namespace can be used to get the
* `Messaging` service for the default app or an explicitly specified app.
*/
get messaging() {
const fn = (app) => {
return this.ensureApp(app).messaging();
};
const messaging = require('../messaging/messaging').Messaging;
return Object.assign(fn, { Messaging: messaging });
}
/**
* Gets the `Storage` service namespace. The returned namespace can be used to get the
* `Storage` service for the default app or an explicitly specified app.
*/
get storage() {
const fn = (app) => {
return this.ensureApp(app).storage();
};
const storage = require('../storage/storage').Storage;
return Object.assign(fn, { Storage: storage });
}
/**
* Gets the `Firestore` service namespace. The returned namespace can be used to get the
* `Firestore` service for the default app or an explicitly specified app.
*/
get firestore() {
let fn = (app) => {
return this.ensureApp(app).firestore();
};
// eslint-disable-next-line @typescript-eslint/no-var-requires
const firestore = require('@google-cloud/firestore');
fn = Object.assign(fn, firestore.Firestore);
// `v1beta1` and `v1` are lazy-loaded in the Firestore SDK. We use the same trick here
// to avoid triggering this lazy-loading upon initialization.
Object.defineProperty(fn, 'v1beta1', {
get: () => {
return firestore.v1beta1;
},
});
Object.defineProperty(fn, 'v1', {
get: () => {
return firestore.v1;
},
});
return fn;
}
/**
* Gets the `MachineLearning` service namespace. The returned namespace can be
* used to get the `MachineLearning` service for the default app or an
* explicityly specified app.
*/
get machineLearning() {
const fn = (app) => {
return this.ensureApp(app).machineLearning();
};
const machineLearning = require('../machine-learning/machine-learning').MachineLearning;
return Object.assign(fn, { MachineLearning: machineLearning });
}
/**
* Gets the `Installations` service namespace. The returned namespace can be used to get the
* `Installations` service for the default app or an explicitly specified app.
*/
get installations() {
const fn = (app) => {
return this.ensureApp(app).installations();
};
const installations = require('../installations/installations').Installations;
return Object.assign(fn, { Installations: installations });
}
/**
* Gets the `InstanceId` service namespace. The returned namespace can be used to get the
* `Instance` service for the default app or an explicitly specified app.
*/
get instanceId() {
const fn = (app) => {
return this.ensureApp(app).instanceId();
};
const instanceId = require('../instance-id/instance-id').InstanceId;
return Object.assign(fn, { InstanceId: instanceId });
}
/**
* Gets the `ProjectManagement` service namespace. The returned namespace can be used to get the
* `ProjectManagement` service for the default app or an explicitly specified app.
*/
get projectManagement() {
const fn = (app) => {
return this.ensureApp(app).projectManagement();
};
const projectManagement = require('../project-management/project-management').ProjectManagement;
return Object.assign(fn, { ProjectManagement: projectManagement });
}
/**
* Gets the `SecurityRules` service namespace. The returned namespace can be used to get the
* `SecurityRules` service for the default app or an explicitly specified app.
*/
get securityRules() {
const fn = (app) => {
return this.ensureApp(app).securityRules();
};
const securityRules = require('../security-rules/security-rules').SecurityRules;
return Object.assign(fn, { SecurityRules: securityRules });
}
/**
* Gets the `RemoteConfig` service namespace. The returned namespace can be used to get the
* `RemoteConfig` service for the default app or an explicitly specified app.
*/
get remoteConfig() {
const fn = (app) => {
return this.ensureApp(app).remoteConfig();
};
const remoteConfig = require('../remote-config/remote-config').RemoteConfig;
return Object.assign(fn, { RemoteConfig: remoteConfig });
}
/**
* Gets the `AppCheck` service namespace. The returned namespace can be used to get the
* `AppCheck` service for the default app or an explicitly specified app.
*/
get appCheck() {
const fn = (app) => {
return this.ensureApp(app).appCheck();
};
const appCheck = require('../app-check/app-check').AppCheck;
return Object.assign(fn, { AppCheck: appCheck });
}
// TODO: Change the return types to app.App in the following methods.
/**
* Initializes the FirebaseApp instance.
*
* @param options - Optional options for the FirebaseApp instance.
* If none present will try to initialize from the FIREBASE_CONFIG environment variable.
* If the environment variable contains a string that starts with '{' it will be parsed as JSON,
* otherwise it will be assumed to be pointing to a file.
* @param appName - Optional name of the FirebaseApp instance.
*
* @returns A new FirebaseApp instance.
*/
initializeApp(options, appName) {
return this.INTERNAL.initializeApp(options, appName);
}
/**
* Returns the FirebaseApp instance with the provided name (or the default FirebaseApp instance
* if no name is provided).
*
* @param appName - Optional name of the FirebaseApp instance to return.
* @returns The FirebaseApp instance which has the provided name.
*/
app(appName) {
return this.INTERNAL.app(appName);
}
/*
* Returns an array of all the non-deleted FirebaseApp instances.
*/
get apps() {
return this.INTERNAL.apps;
}
ensureApp(app) {
if (typeof app === 'undefined') {
app = this.app();
}
return app;
}
}
exports.FirebaseNamespace = FirebaseNamespace;
/**
* In order to maintain backward compatibility, we instantiate a default namespace instance in
* this module, and delegate all app lifecycle operations to it. In a future implementation where
* the old admin namespace is no longer supported, we should remove this.
*
* @internal
*/
exports.defaultNamespace = new FirebaseNamespace(lifecycle_1.defaultAppStore);
function extendApp(app) {
const result = app;
if (result.__extended) {
return result;
}
result.auth = () => {
const fn = require('../auth/index').getAuth;
return fn(app);
};
result.appCheck = () => {
const fn = require('../app-check/index').getAppCheck;
return fn(app);
};
result.database = (url) => {
const fn = require('../database/index').getDatabaseWithUrl;
return fn(url, app);
};
result.messaging = () => {
const fn = require('../messaging/index').getMessaging;
return fn(app);
};
result.storage = () => {
const fn = require('../storage/index').getStorage;
return fn(app);
};
result.firestore = () => {
const fn = require('../firestore/index').getFirestore;
return fn(app);
};
result.instanceId = () => {
const fn = require('../instance-id/index').getInstanceId;
return fn(app);
};
result.installations = () => {
const fn = require('../installations/index').getInstallations;
return fn(app);
};
result.machineLearning = () => {
const fn = require('../machine-learning/index').getMachineLearning;
return fn(app);
};
result.projectManagement = () => {
const fn = require('../project-management/index').getProjectManagement;
return fn(app);
};
result.securityRules = () => {
const fn = require('../security-rules/index').getSecurityRules;
return fn(app);
};
result.remoteConfig = () => {
const fn = require('../remote-config/index').getRemoteConfig;
return fn(app);
};
result.__extended = true;
return result;
}

28
server/node_modules/firebase-admin/lib/app/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,28 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Firebase App and SDK initialization.
*
* @packageDocumentation
*/
export { App, AppOptions, FirebaseArrayIndexError, FirebaseError } from './core';
export { initializeApp, getApp, getApps, deleteApp } from './lifecycle';
export { Credential, ServiceAccount, GoogleOAuthAccessToken } from './credential';
export { applicationDefault, cert, refreshToken } from './credential-factory';
export { FirebaseAppError, AppErrorCodes } from '../utils/error';
export declare const SDK_VERSION: string;

34
server/node_modules/firebase-admin/lib/app/index.js generated vendored Normal file
View File

@@ -0,0 +1,34 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.SDK_VERSION = exports.AppErrorCodes = exports.FirebaseAppError = exports.refreshToken = exports.cert = exports.applicationDefault = exports.deleteApp = exports.getApps = exports.getApp = exports.initializeApp = void 0;
const utils_1 = require("../utils");
var lifecycle_1 = require("./lifecycle");
Object.defineProperty(exports, "initializeApp", { enumerable: true, get: function () { return lifecycle_1.initializeApp; } });
Object.defineProperty(exports, "getApp", { enumerable: true, get: function () { return lifecycle_1.getApp; } });
Object.defineProperty(exports, "getApps", { enumerable: true, get: function () { return lifecycle_1.getApps; } });
Object.defineProperty(exports, "deleteApp", { enumerable: true, get: function () { return lifecycle_1.deleteApp; } });
var credential_factory_1 = require("./credential-factory");
Object.defineProperty(exports, "applicationDefault", { enumerable: true, get: function () { return credential_factory_1.applicationDefault; } });
Object.defineProperty(exports, "cert", { enumerable: true, get: function () { return credential_factory_1.cert; } });
Object.defineProperty(exports, "refreshToken", { enumerable: true, get: function () { return credential_factory_1.refreshToken; } });
var error_1 = require("../utils/error");
Object.defineProperty(exports, "FirebaseAppError", { enumerable: true, get: function () { return error_1.FirebaseAppError; } });
Object.defineProperty(exports, "AppErrorCodes", { enumerable: true, get: function () { return error_1.AppErrorCodes; } });
exports.SDK_VERSION = (0, utils_1.getSdkVersion)();

116
server/node_modules/firebase-admin/lib/app/lifecycle.d.ts generated vendored Normal file
View File

@@ -0,0 +1,116 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { App, AppOptions } from './core';
export declare class AppStore {
private readonly appStore;
initializeApp(options?: AppOptions, appName?: string): App;
getApp(appName?: string): App;
getApps(): App[];
deleteApp(app: App): Promise<void>;
clearAllApps(): Promise<void>;
/**
* Removes the specified App instance from the store. This is currently called by the
* {@link FirebaseApp.delete} method. Can be removed once the app deletion is handled
* entirely by the {@link deleteApp} top-level function.
*/
removeApp(appName: string): void;
}
export declare const defaultAppStore: AppStore;
/**
* Initializes the `App` instance.
*
* Creates a new instance of {@link App} if one doesn't exist, or returns an existing
* `App` instance if one exists with the same `appName` and `options`.
*
* Note, due to the inablity to compare `http.Agent` objects and `Credential` objects,
* this function cannot support idempotency if either of `options.httpAgent` or
* `options.credential` are defined. When either is defined, subsequent invocations will
* throw a `FirebaseAppError` instead of returning an `App` object.
*
* For example, to safely initialize an app that may already exist:
*
* ```javascript
* let app;
* try {
* app = getApp("myApp");
* } catch (error) {
* app = initializeApp({ credential: myCredential }, "myApp");
* }
* ```
*
* @param options - Optional A set of {@link AppOptions} for the `App` instance.
* If not present, `initializeApp` will try to initialize with the options from the
* `FIREBASE_CONFIG` environment variable. If the environment variable contains a
* string that starts with `{` it will be parsed as JSON, otherwise it will be
* assumed to be pointing to a file.
* @param appName - Optional name of the `App` instance.
*
* @returns A new App instance, or the existing App if the instance already exists with
* the provided configuration.
*
* @throws FirebaseAppError if an `App` with the same name has already been
* initialized with a different set of `AppOptions`.
* @throws FirebaseAppError if an existing `App` exists and `options.httpAgent`
* or `options.credential` are defined. This is due to the function's inability to
* determine if the existing `App`'s `options` equate to the `options` parameter
* of this function. It's recommended to use {@link getApp} or {@link getApps} if your
* implementation uses either of these two fields in `AppOptions`.
*/
export declare function initializeApp(options?: AppOptions, appName?: string): App;
/**
* Returns an existing {@link App} instance for the provided name. If no name
* is provided the the default app name is used.
*
* @param appName - Optional name of the `App` instance.
*
* @returns An existing `App` instance that matches the name provided.
*
* @throws FirebaseAppError if no `App` exists for the given name.
* @throws FirebaseAppError if the `appName` is malformed.
*/
export declare function getApp(appName?: string): App;
/**
* A (read-only) array of all initialized apps.
*
* @returns An array containing all initialized apps.
*/
export declare function getApps(): App[];
/**
* Renders this given `App` unusable and frees the resources of
* all associated services (though it does *not* clean up any backend
* resources). When running the SDK locally, this method
* must be called to ensure graceful termination of the process.
*
* @example
* ```javascript
* deleteApp(app)
* .then(function() {
* console.log("App deleted successfully");
* })
* .catch(function(error) {
* console.log("Error deleting app:", error);
* });
* ```
*/
export declare function deleteApp(app: App): Promise<void>;
/**
* Constant holding the environment variable name with the default config.
* If the environment variable contains a string that starts with '{' it will be parsed as JSON,
* otherwise it will be assumed to be pointing to a file.
*/
export declare const FIREBASE_CONFIG_VAR = "FIREBASE_CONFIG";

277
server/node_modules/firebase-admin/lib/app/lifecycle.js generated vendored Normal file
View File

@@ -0,0 +1,277 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.FIREBASE_CONFIG_VAR = exports.defaultAppStore = exports.AppStore = void 0;
exports.initializeApp = initializeApp;
exports.getApp = getApp;
exports.getApps = getApps;
exports.deleteApp = deleteApp;
const fs = require("fs");
const validator = require("../utils/validator");
const error_1 = require("../utils/error");
const credential_internal_1 = require("./credential-internal");
const firebase_app_1 = require("./firebase-app");
const fastDeepEqual = require('fast-deep-equal');
const DEFAULT_APP_NAME = '[DEFAULT]';
class AppStore {
constructor() {
this.appStore = new Map();
}
initializeApp(options, appName = DEFAULT_APP_NAME) {
validateAppNameFormat(appName);
let autoInit = false;
if (typeof options === 'undefined') {
autoInit = true;
options = loadOptionsFromEnvVar();
options.credential = (0, credential_internal_1.getApplicationDefault)();
}
// Check if an app already exists and, if so, ensure its `AppOptions` match
// those of this `initializeApp` request.
if (!this.appStore.has(appName)) {
const app = new firebase_app_1.FirebaseApp(options, appName, autoInit, this);
this.appStore.set(app.name, app);
return app;
}
const currentApp = this.appStore.get(appName);
// Ensure the `autoInit` state matches the existing app's. If not, throw.
if (currentApp.autoInit() !== autoInit) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, `A Firebase app named "${appName}" already exists with a different configuration.`);
}
if (autoInit) {
// Auto-initialization is triggered when no options were passed to
// `initializeApp`. With no options to compare, simply return the App.
return currentApp;
}
// Ensure the options objects don't break deep equal comparisons.
validateAppOptionsSupportDeepEquals(options, currentApp);
// `FirebaseApp()` adds a synthesized `Credential` to `app.options` upon
// app construction. Run a comparison w/o `Credential` to see if the base
// configurations match. Return the existing app if so.
const currentAppOptions = { ...currentApp.options };
delete currentAppOptions.credential;
if (!fastDeepEqual(options, currentAppOptions)) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.DUPLICATE_APP, `A Firebase app named "${appName}" already exists with a different configuration.`);
}
return currentApp;
}
getApp(appName = DEFAULT_APP_NAME) {
validateAppNameFormat(appName);
if (!this.appStore.has(appName)) {
let errorMessage = (appName === DEFAULT_APP_NAME)
? 'The default Firebase app does not exist. ' : `Firebase app named "${appName}" does not exist. `;
errorMessage += 'Make sure you call initializeApp() before using any of the Firebase services.';
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.NO_APP, errorMessage);
}
return this.appStore.get(appName);
}
getApps() {
// Return a copy so the caller cannot mutate the array
return Array.from(this.appStore.values());
}
deleteApp(app) {
if (typeof app !== 'object' || app === null || !('options' in app)) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_ARGUMENT, 'Invalid app argument.');
}
// Make sure the given app already exists.
const existingApp = getApp(app.name);
// Delegate delete operation to the App instance itself. That will also remove the App
// instance from the AppStore.
return existingApp.delete();
}
clearAllApps() {
const promises = [];
this.getApps().forEach((app) => {
promises.push(this.deleteApp(app));
});
return Promise.all(promises).then();
}
/**
* Removes the specified App instance from the store. This is currently called by the
* {@link FirebaseApp.delete} method. Can be removed once the app deletion is handled
* entirely by the {@link deleteApp} top-level function.
*/
removeApp(appName) {
this.appStore.delete(appName);
}
}
exports.AppStore = AppStore;
/**
* Validates that the `requestedOptions` and the `existingApp` options objects
* do not have fields that would break deep equals comparisons.
*
* @param requestedOptions The incoming `AppOptions` of a new `initailizeApp`
* request.
* @param existingApp An existing `FirebaseApp` with internal `options` to
* compare against.
*
* @throws FirebaseAppError if the objects cannot be deeply compared.
*
* @internal
*/
function validateAppOptionsSupportDeepEquals(requestedOptions, existingApp) {
// http.Agent checks.
if (typeof requestedOptions.httpAgent !== 'undefined') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, `Firebase app named "${existingApp.name}" already exists and initializeApp was` +
' invoked with an optional http.Agent. The SDK cannot confirm the equality' +
' of http.Agent objects with the existing app. Please use getApp or getApps to reuse' +
' the existing app instead.');
}
else if (typeof existingApp.options.httpAgent !== 'undefined') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, `An existing app named "${existingApp.name}" already exists with a different` +
' options configuration: httpAgent.');
}
// Credential checks.
if (typeof requestedOptions.credential !== 'undefined') {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, `Firebase app named "${existingApp.name}" already exists and initializeApp was` +
' invoked with an optional Credential. The SDK cannot confirm the equality' +
' of Credential objects with the existing app. Please use getApp or getApps' +
' to reuse the existing app instead.');
}
if (existingApp.customCredential()) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, `An existing app named "${existingApp.name}" already exists with a different` +
' options configuration: Credential.');
}
}
/**
* Checks to see if the provided appName is a non-empty string and throws if it
* is not.
*
* @param appName A string representation of an App name.
*
* @throws FirebaseAppError if appName is not of type string or is empty.
*
* @internal
*/
function validateAppNameFormat(appName) {
if (!validator.isNonEmptyString(appName)) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_NAME, `Invalid Firebase app name "${appName}" provided. App name must be a non-empty string.`);
}
}
exports.defaultAppStore = new AppStore();
/**
* Initializes the `App` instance.
*
* Creates a new instance of {@link App} if one doesn't exist, or returns an existing
* `App` instance if one exists with the same `appName` and `options`.
*
* Note, due to the inablity to compare `http.Agent` objects and `Credential` objects,
* this function cannot support idempotency if either of `options.httpAgent` or
* `options.credential` are defined. When either is defined, subsequent invocations will
* throw a `FirebaseAppError` instead of returning an `App` object.
*
* For example, to safely initialize an app that may already exist:
*
* ```javascript
* let app;
* try {
* app = getApp("myApp");
* } catch (error) {
* app = initializeApp({ credential: myCredential }, "myApp");
* }
* ```
*
* @param options - Optional A set of {@link AppOptions} for the `App` instance.
* If not present, `initializeApp` will try to initialize with the options from the
* `FIREBASE_CONFIG` environment variable. If the environment variable contains a
* string that starts with `{` it will be parsed as JSON, otherwise it will be
* assumed to be pointing to a file.
* @param appName - Optional name of the `App` instance.
*
* @returns A new App instance, or the existing App if the instance already exists with
* the provided configuration.
*
* @throws FirebaseAppError if an `App` with the same name has already been
* initialized with a different set of `AppOptions`.
* @throws FirebaseAppError if an existing `App` exists and `options.httpAgent`
* or `options.credential` are defined. This is due to the function's inability to
* determine if the existing `App`'s `options` equate to the `options` parameter
* of this function. It's recommended to use {@link getApp} or {@link getApps} if your
* implementation uses either of these two fields in `AppOptions`.
*/
function initializeApp(options, appName = DEFAULT_APP_NAME) {
return exports.defaultAppStore.initializeApp(options, appName);
}
/**
* Returns an existing {@link App} instance for the provided name. If no name
* is provided the the default app name is used.
*
* @param appName - Optional name of the `App` instance.
*
* @returns An existing `App` instance that matches the name provided.
*
* @throws FirebaseAppError if no `App` exists for the given name.
* @throws FirebaseAppError if the `appName` is malformed.
*/
function getApp(appName = DEFAULT_APP_NAME) {
return exports.defaultAppStore.getApp(appName);
}
/**
* A (read-only) array of all initialized apps.
*
* @returns An array containing all initialized apps.
*/
function getApps() {
return exports.defaultAppStore.getApps();
}
/**
* Renders this given `App` unusable and frees the resources of
* all associated services (though it does *not* clean up any backend
* resources). When running the SDK locally, this method
* must be called to ensure graceful termination of the process.
*
* @example
* ```javascript
* deleteApp(app)
* .then(function() {
* console.log("App deleted successfully");
* })
* .catch(function(error) {
* console.log("Error deleting app:", error);
* });
* ```
*/
function deleteApp(app) {
return exports.defaultAppStore.deleteApp(app);
}
/**
* Constant holding the environment variable name with the default config.
* If the environment variable contains a string that starts with '{' it will be parsed as JSON,
* otherwise it will be assumed to be pointing to a file.
*/
exports.FIREBASE_CONFIG_VAR = 'FIREBASE_CONFIG';
/**
* Parse the file pointed to by the FIREBASE_CONFIG_VAR, if it exists.
* Or if the FIREBASE_CONFIG_ENV contains a valid JSON object, parse it directly.
* If the environment variable contains a string that starts with '{' it will be parsed as JSON,
* otherwise it will be assumed to be pointing to a file.
*/
function loadOptionsFromEnvVar() {
const config = process.env[exports.FIREBASE_CONFIG_VAR];
if (!validator.isNonEmptyString(config)) {
return {};
}
try {
const contents = config.startsWith('{') ? config : fs.readFileSync(config, 'utf8');
return JSON.parse(contents);
}
catch (error) {
// Throw a nicely formed error message if the file contents cannot be parsed
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_APP_OPTIONS, 'Failed to parse app options file: ' + error);
}
}

96
server/node_modules/firebase-admin/lib/auth/action-code-settings-builder.d.ts generated vendored Normal file
View File

@@ -0,0 +1,96 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* This is the interface that defines the required continue/state URL with
* optional Android and iOS bundle identifiers.
*/
export interface ActionCodeSettings {
/**
* Defines the link continue/state URL, which has different meanings in
* different contexts:
* <ul>
* <li>When the link is handled in the web action widgets, this is the deep
* link in the `continueUrl` query parameter.</li>
* <li>When the link is handled in the app directly, this is the `continueUrl`
* query parameter in the deep link of the Dynamic Link.</li>
* </ul>
*/
url: string;
/**
* Whether to open the link via a mobile app or a browser.
* The default is false. When set to true, the action code link is sent
* as a Universal Link or Android App Link and is opened by the app if
* installed. In the false case, the code is sent to the web widget first
* and then redirects to the app if installed.
*/
handleCodeInApp?: boolean;
/**
* Defines the iOS bundle ID. This will try to open the link in an iOS app if it
* is installed.
*/
iOS?: {
/**
* Defines the required iOS bundle ID of the app where the link should be
* handled if the application is already installed on the device.
*/
bundleId: string;
};
/**
* Defines the Android package name. This will try to open the link in an
* android app if it is installed. If `installApp` is passed, it specifies
* whether to install the Android app if the device supports it and the app is
* not already installed. If this field is provided without a `packageName`, an
* error is thrown explaining that the `packageName` must be provided in
* conjunction with this field. If `minimumVersion` is specified, and an older
* version of the app is installed, the user is taken to the Play Store to
* upgrade the app.
*/
android?: {
/**
* Defines the required Android package name of the app where the link should be
* handled if the Android app is installed.
*/
packageName: string;
/**
* Whether to install the Android app if the device supports it and the app is
* not already installed.
*/
installApp?: boolean;
/**
* The Android minimum version if available. If the installed app is an older
* version, the user is taken to the GOogle Play Store to upgrade the app.
*/
minimumVersion?: string;
};
/**
* Defines the dynamic link domain to use for the current link if it is to be
* opened using Firebase Dynamic Links, as multiple dynamic link domains can be
* configured per project. This field provides the ability to explicitly choose
* configured per project. This fields provides the ability explicitly choose
* one. If none is provided, the oldest domain is used by default.
* @deprecated use `linkDomain` instead
*/
dynamicLinkDomain?: string;
/**
* Defines the custom Firebase Hosting domain to use when the link is to be opened
* via a specified mobile app,
* This is a replacement of Firebase Dynamic Link.
* If none is provided,
* a default hosting domain will be used (for example, `example.firebaseapp.com`)
*/
linkDomain?: string;
}

125
server/node_modules/firebase-admin/lib/auth/action-code-settings-builder.js generated vendored Normal file
View File

@@ -0,0 +1,125 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.ActionCodeSettingsBuilder = void 0;
const validator = require("../utils/validator");
const error_1 = require("../utils/error");
/**
* Defines the ActionCodeSettings builder class used to convert the
* ActionCodeSettings object to its corresponding server request.
*
* @internal
*/
class ActionCodeSettingsBuilder {
/**
* ActionCodeSettingsBuilder constructor.
*
* @param {ActionCodeSettings} actionCodeSettings The ActionCodeSettings
* object used to initiliaze this server request builder.
* @constructor
*/
constructor(actionCodeSettings) {
if (!validator.isNonNullObject(actionCodeSettings)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings" must be a non-null object.');
}
if (typeof actionCodeSettings.url === 'undefined') {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISSING_CONTINUE_URI);
}
else if (!validator.isURL(actionCodeSettings.url)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONTINUE_URI);
}
this.continueUrl = actionCodeSettings.url;
if (typeof actionCodeSettings.handleCodeInApp !== 'undefined' &&
!validator.isBoolean(actionCodeSettings.handleCodeInApp)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings.handleCodeInApp" must be a boolean.');
}
this.canHandleCodeInApp = actionCodeSettings.handleCodeInApp || false;
if (typeof actionCodeSettings.dynamicLinkDomain !== 'undefined' &&
!validator.isNonEmptyString(actionCodeSettings.dynamicLinkDomain)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_DYNAMIC_LINK_DOMAIN);
}
this.dynamicLinkDomain = actionCodeSettings.dynamicLinkDomain;
if (typeof actionCodeSettings.linkDomain !== 'undefined' &&
!validator.isNonEmptyString(actionCodeSettings.linkDomain)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HOSTING_LINK_DOMAIN);
}
this.linkDomain = actionCodeSettings.linkDomain;
if (typeof actionCodeSettings.iOS !== 'undefined') {
if (!validator.isNonNullObject(actionCodeSettings.iOS)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings.iOS" must be a valid non-null object.');
}
else if (typeof actionCodeSettings.iOS.bundleId === 'undefined') {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISSING_IOS_BUNDLE_ID);
}
else if (!validator.isNonEmptyString(actionCodeSettings.iOS.bundleId)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings.iOS.bundleId" must be a valid non-empty string.');
}
this.ibi = actionCodeSettings.iOS.bundleId;
}
if (typeof actionCodeSettings.android !== 'undefined') {
if (!validator.isNonNullObject(actionCodeSettings.android)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings.android" must be a valid non-null object.');
}
else if (typeof actionCodeSettings.android.packageName === 'undefined') {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISSING_ANDROID_PACKAGE_NAME);
}
else if (!validator.isNonEmptyString(actionCodeSettings.android.packageName)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings.android.packageName" must be a valid non-empty string.');
}
else if (typeof actionCodeSettings.android.minimumVersion !== 'undefined' &&
!validator.isNonEmptyString(actionCodeSettings.android.minimumVersion)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings.android.minimumVersion" must be a valid non-empty string.');
}
else if (typeof actionCodeSettings.android.installApp !== 'undefined' &&
!validator.isBoolean(actionCodeSettings.android.installApp)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings.android.installApp" must be a valid boolean.');
}
this.apn = actionCodeSettings.android.packageName;
this.amv = actionCodeSettings.android.minimumVersion;
this.installApp = actionCodeSettings.android.installApp || false;
}
}
/**
* Returns the corresponding constructed server request corresponding to the
* current ActionCodeSettings.
*
* @returns The constructed EmailActionCodeRequest request.
*/
buildRequest() {
const request = {
continueUrl: this.continueUrl,
canHandleCodeInApp: this.canHandleCodeInApp,
dynamicLinkDomain: this.dynamicLinkDomain,
linkDomain: this.linkDomain,
androidPackageName: this.apn,
androidMinimumVersion: this.amv,
androidInstallApp: this.installApp,
iOSBundleId: this.ibi,
};
// Remove all null and undefined fields from request.
for (const key in request) {
if (Object.prototype.hasOwnProperty.call(request, key)) {
if (typeof request[key] === 'undefined' || request[key] === null) {
delete request[key];
}
}
}
return request;
}
}
exports.ActionCodeSettingsBuilder = ActionCodeSettingsBuilder;

185
server/node_modules/firebase-admin/lib/auth/auth-api-request.d.ts generated vendored Normal file
View File

@@ -0,0 +1,185 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { App } from '../app/index';
import { UserImportOptions, UserImportRecord, UserImportResult } from './user-import-builder';
import { TenantServerResponse, CreateTenantRequest, UpdateTenantRequest } from './tenant';
import { ProjectConfigServerResponse, UpdateProjectConfigRequest } from './project-config';
/** List of reserved claims which cannot be provided when creating a custom token. */
export declare const RESERVED_CLAIMS: string[];
/** List of supported email action request types. */
export declare const EMAIL_ACTION_REQUEST_TYPES: string[];
/** Defines a base utility to help with resource URL construction. */
declare class AuthResourceUrlBuilder {
protected app: App;
protected version: string;
protected urlFormat: string;
private projectId;
/**
* The resource URL builder constructor.
*
* @param projectId - The resource project ID.
* @param version - The endpoint API version.
* @constructor
*/
constructor(app: App, version?: string);
/**
* Returns the resource URL corresponding to the provided parameters.
*
* @param api - The backend API name.
* @param params - The optional additional parameters to substitute in the
* URL path.
* @returns The corresponding resource URL.
*/
getUrl(api?: string, params?: object): Promise<string>;
private getProjectId;
}
interface BatchDeleteErrorInfo {
index?: number;
localId?: string;
message?: string;
}
export interface BatchDeleteAccountsResponse {
errors?: BatchDeleteErrorInfo[];
}
/**
* Utility for sending requests to Auth server that are Auth instance related. This includes user, tenant,
* and project config management related APIs. This extends the BaseFirebaseAuthRequestHandler class and defines
* additional tenant management related APIs.
*/
export declare class AuthRequestHandler extends AbstractAuthRequestHandler {
protected readonly authResourceUrlBuilder: AuthResourceUrlBuilder;
/**
* The FirebaseAuthRequestHandler constructor used to initialize an instance using a FirebaseApp.
*
* @param app - The app used to fetch access tokens to sign API requests.
* @constructor
*/
constructor(app: App);
/**
* @returns A new Auth user management resource URL builder instance.
*/
protected newAuthUrlBuilder(): AuthResourceUrlBuilder;
/**
* @returns A new project config resource URL builder instance.
*/
protected newProjectConfigUrlBuilder(): AuthResourceUrlBuilder;
/**
* Get the current project's config
* @returns A promise that resolves with the project config information.
*/
getProjectConfig(): Promise<ProjectConfigServerResponse>;
/**
* Update the current project's config.
* @returns A promise that resolves with the project config information.
*/
updateProjectConfig(options: UpdateProjectConfigRequest): Promise<ProjectConfigServerResponse>;
/**
* Looks up a tenant by tenant ID.
*
* @param tenantId - The tenant identifier of the tenant to lookup.
* @returns A promise that resolves with the tenant information.
*/
getTenant(tenantId: string): Promise<TenantServerResponse>;
/**
* Exports the tenants (single batch only) with a size of maxResults and starting from
* the offset as specified by pageToken.
*
* @param maxResults - The page size, 1000 if undefined. This is also the maximum
* allowed limit.
* @param pageToken - The next page token. If not specified, returns tenants starting
* without any offset. Tenants are returned in the order they were created from oldest to
* newest, relative to the page token offset.
* @returns A promise that resolves with the current batch of downloaded
* tenants and the next page token if available. For the last page, an empty list of tenants
* and no page token are returned.
*/
listTenants(maxResults?: number, pageToken?: string): Promise<{
tenants: TenantServerResponse[];
nextPageToken?: string;
}>;
/**
* Deletes a tenant identified by a tenantId.
*
* @param tenantId - The identifier of the tenant to delete.
* @returns A promise that resolves when the tenant is deleted.
*/
deleteTenant(tenantId: string): Promise<void>;
/**
* Creates a new tenant with the properties provided.
*
* @param tenantOptions - The properties to set on the new tenant to be created.
* @returns A promise that resolves with the newly created tenant object.
*/
createTenant(tenantOptions: CreateTenantRequest): Promise<TenantServerResponse>;
/**
* Updates an existing tenant with the properties provided.
*
* @param tenantId - The tenant identifier of the tenant to update.
* @param tenantOptions - The properties to update on the existing tenant.
* @returns A promise that resolves with the modified tenant object.
*/
updateTenant(tenantId: string, tenantOptions: UpdateTenantRequest): Promise<TenantServerResponse>;
}
/**
* Utility for sending requests to Auth server that are tenant Auth instance related. This includes user
* management related APIs for specified tenants.
* This extends the BaseFirebaseAuthRequestHandler class.
*/
export declare class TenantAwareAuthRequestHandler extends AbstractAuthRequestHandler {
private readonly tenantId;
/**
* The FirebaseTenantRequestHandler constructor used to initialize an instance using a
* FirebaseApp and a tenant ID.
*
* @param app - The app used to fetch access tokens to sign API requests.
* @param tenantId - The request handler's tenant ID.
* @constructor
*/
constructor(app: App, tenantId: string);
/**
* @returns A new Auth user management resource URL builder instance.
*/
protected newAuthUrlBuilder(): AuthResourceUrlBuilder;
/**
* @returns A new project config resource URL builder instance.
*/
protected newProjectConfigUrlBuilder(): AuthResourceUrlBuilder;
/**
* Imports the list of users provided to Firebase Auth. This is useful when
* migrating from an external authentication system without having to use the Firebase CLI SDK.
* At most, 1000 users are allowed to be imported one at a time.
* When importing a list of password users, UserImportOptions are required to be specified.
*
* Overrides the superclass methods by adding an additional check to match tenant IDs of
* imported user records if present.
*
* @param users - The list of user records to import to Firebase Auth.
* @param options - The user import options, required when the users provided
* include password credentials.
* @returns A promise that resolves when the operation completes
* with the result of the import. This includes the number of successful imports, the number
* of failed uploads and their corresponding errors.
*/
uploadAccount(users: UserImportRecord[], options?: UserImportOptions): Promise<UserImportResult>;
}
/**
* When true the SDK should communicate with the Auth Emulator for all API
* calls and also produce unsigned tokens.
*/
export declare function useEmulator(): boolean;
export {};

1948
server/node_modules/firebase-admin/lib/auth/auth-api-request.js generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

851
server/node_modules/firebase-admin/lib/auth/auth-config.d.ts generated vendored Normal file
View File

@@ -0,0 +1,851 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Interface representing base properties of a user-enrolled second factor for a
* `CreateRequest`.
*/
export interface BaseCreateMultiFactorInfoRequest {
/**
* The optional display name for an enrolled second factor.
*/
displayName?: string;
/**
* The type identifier of the second factor. For SMS second factors, this is `phone`.
*/
factorId: string;
}
/**
* Interface representing a phone specific user-enrolled second factor for a
* `CreateRequest`.
*/
export interface CreatePhoneMultiFactorInfoRequest extends BaseCreateMultiFactorInfoRequest {
/**
* The phone number associated with a phone second factor.
*/
phoneNumber: string;
}
/**
* Type representing the properties of a user-enrolled second factor
* for a `CreateRequest`.
*/
export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
/**
* Interface representing common properties of a user-enrolled second factor
* for an `UpdateRequest`.
*/
export interface BaseUpdateMultiFactorInfoRequest {
/**
* The ID of the enrolled second factor. This ID is unique to the user. When not provided,
* a new one is provisioned by the Auth server.
*/
uid?: string;
/**
* The optional display name for an enrolled second factor.
*/
displayName?: string;
/**
* The optional date the second factor was enrolled, formatted as a UTC string.
*/
enrollmentTime?: string;
/**
* The type identifier of the second factor. For SMS second factors, this is `phone`.
*/
factorId: string;
}
/**
* Interface representing a phone specific user-enrolled second factor
* for an `UpdateRequest`.
*/
export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactorInfoRequest {
/**
* The phone number associated with a phone second factor.
*/
phoneNumber: string;
}
/**
* Type representing the properties of a user-enrolled second factor
* for an `UpdateRequest`.
*/
export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
/**
* The multi-factor related user settings for create operations.
*/
export interface MultiFactorCreateSettings {
/**
* The created user's list of enrolled second factors.
*/
enrolledFactors: CreateMultiFactorInfoRequest[];
}
/**
* The multi-factor related user settings for update operations.
*/
export interface MultiFactorUpdateSettings {
/**
* The updated list of enrolled second factors. The provided list overwrites the user's
* existing list of second factors.
* When null is passed, all of the user's existing second factors are removed.
*/
enrolledFactors: UpdateMultiFactorInfoRequest[] | null;
}
/**
* Interface representing the properties to update on the provided user.
*/
export interface UpdateRequest {
/**
* Whether or not the user is disabled: `true` for disabled;
* `false` for enabled.
*/
disabled?: boolean;
/**
* The user's display name.
*/
displayName?: string | null;
/**
* The user's primary email.
*/
email?: string;
/**
* Whether or not the user's primary email is verified.
*/
emailVerified?: boolean;
/**
* The user's unhashed password.
*/
password?: string;
/**
* The user's primary phone number.
*/
phoneNumber?: string | null;
/**
* The user's photo URL.
*/
photoURL?: string | null;
/**
* The user's updated multi-factor related properties.
*/
multiFactor?: MultiFactorUpdateSettings;
/**
* Links this user to the specified provider.
*
* Linking a provider to an existing user account does not invalidate the
* refresh token of that account. In other words, the existing account
* would continue to be able to access resources, despite not having used
* the newly linked provider to log in. If you wish to force the user to
* authenticate with this new provider, you need to (a) revoke their
* refresh token (see
* https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens),
* and (b) ensure no other authentication methods are present on this
* account.
*/
providerToLink?: UserProvider;
/**
* Unlinks this user from the specified providers.
*/
providersToUnlink?: string[];
}
/**
* Represents a user identity provider that can be associated with a Firebase user.
*/
export interface UserProvider {
/**
* The user identifier for the linked provider.
*/
uid?: string;
/**
* The display name for the linked provider.
*/
displayName?: string;
/**
* The email for the linked provider.
*/
email?: string;
/**
* The phone number for the linked provider.
*/
phoneNumber?: string;
/**
* The photo URL for the linked provider.
*/
photoURL?: string;
/**
* The linked provider ID (for example, "google.com" for the Google provider).
*/
providerId?: string;
}
/**
* Interface representing the properties to set on a new user record to be
* created.
*/
export interface CreateRequest extends UpdateRequest {
/**
* The user's `uid`.
*/
uid?: string;
/**
* The user's multi-factor related properties.
*/
multiFactor?: MultiFactorCreateSettings;
}
/**
* The response interface for listing provider configs. This is only available
* when listing all identity providers' configurations via
* {@link BaseAuth.listProviderConfigs}.
*/
export interface ListProviderConfigResults {
/**
* The list of providers for the specified type in the current page.
*/
providerConfigs: AuthProviderConfig[];
/**
* The next page token, if available.
*/
pageToken?: string;
}
/**
* The filter interface used for listing provider configurations. This is used
* when specifying how to list configured identity providers via
* {@link BaseAuth.listProviderConfigs}.
*/
export interface AuthProviderConfigFilter {
/**
* The Auth provider configuration filter. This can be either `saml` or `oidc`.
* The former is used to look up SAML providers only, while the latter is used
* for OIDC providers.
*/
type: 'saml' | 'oidc';
/**
* The maximum number of results to return per page. The default and maximum is
* 100.
*/
maxResults?: number;
/**
* The next page token. When not specified, the lookup starts from the beginning
* of the list.
*/
pageToken?: string;
}
/**
* The request interface for updating a SAML Auth provider. This is used
* when updating a SAML provider's configuration via
* {@link BaseAuth.updateProviderConfig}.
*/
export interface SAMLUpdateAuthProviderRequest {
/**
* The SAML provider's updated display name. If not provided, the existing
* configuration's value is not modified.
*/
displayName?: string;
/**
* Whether the SAML provider is enabled or not. If not provided, the existing
* configuration's setting is not modified.
*/
enabled?: boolean;
/**
* The SAML provider's updated IdP entity ID. If not provided, the existing
* configuration's value is not modified.
*/
idpEntityId?: string;
/**
* The SAML provider's updated SSO URL. If not provided, the existing
* configuration's value is not modified.
*/
ssoURL?: string;
/**
* The SAML provider's updated list of X.509 certificated. If not provided, the
* existing configuration list is not modified.
*/
x509Certificates?: string[];
/**
* The SAML provider's updated RP entity ID. If not provided, the existing
* configuration's value is not modified.
*/
rpEntityId?: string;
/**
* The SAML provider's callback URL. If not provided, the existing
* configuration's value is not modified.
*/
callbackURL?: string;
}
/**
* The request interface for updating an OIDC Auth provider. This is used
* when updating an OIDC provider's configuration via
* {@link BaseAuth.updateProviderConfig}.
*/
export interface OIDCUpdateAuthProviderRequest {
/**
* The OIDC provider's updated display name. If not provided, the existing
* configuration's value is not modified.
*/
displayName?: string;
/**
* Whether the OIDC provider is enabled or not. If not provided, the existing
* configuration's setting is not modified.
*/
enabled?: boolean;
/**
* The OIDC provider's updated client ID. If not provided, the existing
* configuration's value is not modified.
*/
clientId?: string;
/**
* The OIDC provider's updated issuer. If not provided, the existing
* configuration's value is not modified.
*/
issuer?: string;
/**
* The OIDC provider's client secret to enable OIDC code flow.
* If not provided, the existing configuration's value is not modified.
*/
clientSecret?: string;
/**
* The OIDC provider's response object for OAuth authorization flow.
*/
responseType?: OAuthResponseType;
}
export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
/** A maximum of 10 test phone number / code pairs can be configured. */
export declare const MAXIMUM_TEST_PHONE_NUMBERS = 10;
/** The server side SAML configuration request interface. */
export interface SAMLConfigServerRequest {
idpConfig?: {
idpEntityId?: string;
ssoUrl?: string;
idpCertificates?: Array<{
x509Certificate: string;
}>;
signRequest?: boolean;
};
spConfig?: {
spEntityId?: string;
callbackUri?: string;
};
displayName?: string;
enabled?: boolean;
[key: string]: any;
}
/** The server side SAML configuration response interface. */
export interface SAMLConfigServerResponse {
name?: string;
idpConfig?: {
idpEntityId?: string;
ssoUrl?: string;
idpCertificates?: Array<{
x509Certificate: string;
}>;
signRequest?: boolean;
};
spConfig?: {
spEntityId?: string;
callbackUri?: string;
};
displayName?: string;
enabled?: boolean;
}
/** The server side OIDC configuration request interface. */
export interface OIDCConfigServerRequest {
clientId?: string;
issuer?: string;
displayName?: string;
enabled?: boolean;
clientSecret?: string;
responseType?: OAuthResponseType;
[key: string]: any;
}
/** The server side OIDC configuration response interface. */
export interface OIDCConfigServerResponse {
name?: string;
clientId?: string;
issuer?: string;
displayName?: string;
enabled?: boolean;
clientSecret?: string;
responseType?: OAuthResponseType;
}
/** The server side email configuration request interface. */
export interface EmailSignInConfigServerRequest {
allowPasswordSignup?: boolean;
enableEmailLinkSignin?: boolean;
}
/** Identifies the server side second factor type. */
type AuthFactorServerType = 'PHONE_SMS';
/** Server side multi-factor configuration. */
export interface MultiFactorAuthServerConfig {
state?: MultiFactorConfigState;
enabledProviders?: AuthFactorServerType[];
providerConfigs?: MultiFactorProviderConfig[];
}
/**
* Identifies a second factor type.
*/
export type AuthFactorType = 'phone';
/**
* Identifies a multi-factor configuration state.
*/
export type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
/**
* Interface representing a multi-factor configuration.
* This can be used to define whether multi-factor authentication is enabled
* or disabled and the list of second factor challenges that are supported.
*/
export interface MultiFactorConfig {
/**
* The multi-factor config state.
*/
state: MultiFactorConfigState;
/**
* The list of identifiers for enabled second factors.
* Currently only phone is supported.
*/
factorIds?: AuthFactorType[];
/**
* A list of multi-factor provider configurations.
* MFA providers (except phone) indicate whether they're enabled through this field. */
providerConfigs?: MultiFactorProviderConfig[];
}
/**
* Interface representing a multi-factor auth provider configuration.
* This interface is used for second factor auth providers other than SMS.
* Currently, only TOTP is supported.
*/ export interface MultiFactorProviderConfig {
/**
* Indicates whether this multi-factor provider is enabled or disabled. */
state: MultiFactorConfigState;
/**
* TOTP multi-factor provider config. */
totpProviderConfig?: TotpMultiFactorProviderConfig;
}
/**
* Interface representing configuration settings for TOTP second factor auth.
*/
export interface TotpMultiFactorProviderConfig {
/**
* The allowed number of adjacent intervals that will be used for verification
* to compensate for clock skew. */
adjacentIntervals?: number;
}
/**
* Validates the provided map of test phone number / code pairs.
* @param testPhoneNumbers - The phone number / code pairs to validate.
*/
export declare function validateTestPhoneNumbers(testPhoneNumbers: {
[phoneNumber: string]: string;
}): void;
/**
* The email sign in provider configuration.
*/
export interface EmailSignInProviderConfig {
/**
* Whether email provider is enabled.
*/
enabled: boolean;
/**
* Whether password is required for email sign-in. When not required,
* email sign-in can be performed with password or via email link sign-in.
*/
passwordRequired?: boolean;
}
/**
* The base Auth provider configuration interface.
*/
export interface BaseAuthProviderConfig {
/**
* The provider ID defined by the developer.
* For a SAML provider, this is always prefixed by `saml.`.
* For an OIDC provider, this is always prefixed by `oidc.`.
*/
providerId: string;
/**
* The user-friendly display name to the current configuration. This name is
* also used as the provider label in the Cloud Console.
*/
displayName?: string;
/**
* Whether the provider configuration is enabled or disabled. A user
* cannot sign in using a disabled provider.
*/
enabled: boolean;
}
/**
* The
* [SAML](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html)
* Auth provider configuration interface. A SAML provider can be created via
* {@link BaseAuth.createProviderConfig}.
*/
export interface SAMLAuthProviderConfig extends BaseAuthProviderConfig {
/**
* The SAML IdP entity identifier.
*/
idpEntityId: string;
/**
* The SAML IdP SSO URL. This must be a valid URL.
*/
ssoURL: string;
/**
* The list of SAML IdP X.509 certificates issued by CA for this provider.
* Multiple certificates are accepted to prevent outages during
* IdP key rotation (for example ADFS rotates every 10 days). When the Auth
* server receives a SAML response, it will match the SAML response with the
* certificate on record. Otherwise the response is rejected.
* Developers are expected to manage the certificate updates as keys are
* rotated.
*/
x509Certificates: string[];
/**
* The SAML relying party (service provider) entity ID.
* This is defined by the developer but needs to be provided to the SAML IdP.
*/
rpEntityId: string;
/**
* This is fixed and must always be the same as the OAuth redirect URL
* provisioned by Firebase Auth,
* `https://project-id.firebaseapp.com/__/auth/handler` unless a custom
* `authDomain` is used.
* The callback URL should also be provided to the SAML IdP during
* configuration.
*/
callbackURL?: string;
}
/**
* The interface representing OIDC provider's response object for OAuth
* authorization flow.
* One of the following settings is required:
* <ul>
* <li>Set <code>code</code> to <code>true</code> for the code flow.</li>
* <li>Set <code>idToken</code> to <code>true</code> for the ID token flow.</li>
* </ul>
*/
export interface OAuthResponseType {
/**
* Whether ID token is returned from IdP's authorization endpoint.
*/
idToken?: boolean;
/**
* Whether authorization code is returned from IdP's authorization endpoint.
*/
code?: boolean;
}
/**
* The [OIDC](https://openid.net/specs/openid-connect-core-1_0-final.html) Auth
* provider configuration interface. An OIDC provider can be created via
* {@link BaseAuth.createProviderConfig}.
*/
export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig {
/**
* This is the required client ID used to confirm the audience of an OIDC
* provider's
* [ID token](https://openid.net/specs/openid-connect-core-1_0-final.html#IDToken).
*/
clientId: string;
/**
* This is the required provider issuer used to match the provider issuer of
* the ID token and to determine the corresponding OIDC discovery document, eg.
* [`/.well-known/openid-configuration`](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig).
* This is needed for the following:
* <ul>
* <li>To verify the provided issuer.</li>
* <li>Determine the authentication/authorization endpoint during the OAuth
* `id_token` authentication flow.</li>
* <li>To retrieve the public signing keys via `jwks_uri` to verify the OIDC
* provider's ID token's signature.</li>
* <li>To determine the claims_supported to construct the user attributes to be
* returned in the additional user info response.</li>
* </ul>
* ID token validation will be performed as defined in the
* [spec](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
*/
issuer: string;
/**
* The OIDC provider's client secret to enable OIDC code flow.
*/
clientSecret?: string;
/**
* The OIDC provider's response object for OAuth authorization flow.
*/
responseType?: OAuthResponseType;
}
/**
* The Auth provider configuration type.
* {@link BaseAuth.createProviderConfig}.
*/
export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
/**
* The request interface for updating a SMS Region Config.
* Configures the regions where users are allowed to send verification SMS.
* This is based on the calling code of the destination phone number.
*/
export type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
/**
* Mutual exclusive SMS Region Config of AllowByDefault interface
*/
export interface AllowByDefaultWrap {
/**
* Allow every region by default.
*/
allowByDefault: AllowByDefault;
/** @alpha */
allowlistOnly?: never;
}
/**
* Mutually exclusive SMS Region Config of AllowlistOnly interface
*/
export interface AllowlistOnlyWrap {
/**
* Only allowing regions by explicitly adding them to an
* allowlist.
*/
allowlistOnly: AllowlistOnly;
/** @alpha */
allowByDefault?: never;
}
/**
* Defines a policy of allowing every region by default and adding disallowed
* regions to a disallow list.
*/
export interface AllowByDefault {
/**
* Two letter unicode region codes to disallow as defined by
* https://cldr.unicode.org/
* The full list of these region codes is here:
* https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json
*/
disallowedRegions: string[];
}
/**
* Defines a policy of only allowing regions by explicitly adding them to an
* allowlist.
*/
export interface AllowlistOnly {
/**
* Two letter unicode region codes to allow as defined by
* https://cldr.unicode.org/
* The full list of these region codes is here:
* https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json
*/
allowedRegions: string[];
}
/**
* Enforcement state of reCAPTCHA protection.
* - 'OFF': Unenforced.
* - 'AUDIT': Create assessment but don't enforce the result.
* - 'ENFORCE': Create assessment and enforce the result.
*/
export type RecaptchaProviderEnforcementState = 'OFF' | 'AUDIT' | 'ENFORCE';
/**
* The actions to take for reCAPTCHA-protected requests.
* - 'BLOCK': The reCAPTCHA-protected request will be blocked.
*/
export type RecaptchaAction = 'BLOCK';
/**
* The config for a reCAPTCHA action rule.
*/
export interface RecaptchaManagedRule {
/**
* The action will be enforced if the reCAPTCHA score of a request is larger than endScore.
*/
endScore: number;
/**
* The action for reCAPTCHA-protected requests.
*/
action?: RecaptchaAction;
}
/**
* The managed rules for toll fraud provider, containing the enforcement status.
* The toll fraud provider contains all SMS related user flows.
*/
export interface RecaptchaTollFraudManagedRule {
/**
* The action will be enforced if the reCAPTCHA score of a request is larger than startScore.
*/
startScore: number;
/**
* The action for reCAPTCHA-protected requests.
*/
action?: RecaptchaAction;
}
/**
* The key's platform type.
*/
export type RecaptchaKeyClientType = 'WEB' | 'IOS' | 'ANDROID';
/**
* The reCAPTCHA key config.
*/
export interface RecaptchaKey {
/**
* The key's client platform type.
*/
type?: RecaptchaKeyClientType;
/**
* The reCAPTCHA site key.
*/
key: string;
}
/**
* The request interface for updating a reCAPTCHA Config.
* By enabling reCAPTCHA Enterprise Integration you are
* agreeing to reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
export interface RecaptchaConfig {
/**
* The enforcement state of the email password provider.
*/
emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
/**
* The enforcement state of the phone provider.
*/
phoneEnforcementState?: RecaptchaProviderEnforcementState;
/**
* The reCAPTCHA managed rules.
*/
managedRules?: RecaptchaManagedRule[];
/**
* The reCAPTCHA keys.
*/
recaptchaKeys?: RecaptchaKey[];
/**
* Whether to use account defender for reCAPTCHA assessment.
* The default value is false.
*/
useAccountDefender?: boolean;
/**
* Whether to use the rCE bot score for reCAPTCHA phone provider.
* Can only be true when the phone_enforcement_state is AUDIT or ENFORCE.
*/
useSmsBotScore?: boolean;
/**
* Whether to use the rCE SMS toll fraud protection risk score for reCAPTCHA phone provider.
* Can only be true when the phone_enforcement_state is AUDIT or ENFORCE.
*/
useSmsTollFraudProtection?: boolean;
/**
* The managed rules for toll fraud provider, containing the enforcement status.
* The toll fraud provider contains all SMS related user flows.
*/
smsTollFraudManagedRules?: RecaptchaTollFraudManagedRule[];
}
/**
* Server side recaptcha configuration.
*/
export interface RecaptchaAuthServerConfig {
emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
phoneEnforcementState?: RecaptchaProviderEnforcementState;
managedRules?: RecaptchaManagedRule[];
recaptchaKeys?: RecaptchaKey[];
useAccountDefender?: boolean;
useSmsBotScore?: boolean;
useSmsTollFraudProtection?: boolean;
tollFraudManagedRules?: RecaptchaTollFraudManagedRule[];
}
/**
* A password policy configuration for a project or tenant
*/
export interface PasswordPolicyConfig {
/**
* Enforcement state of the password policy
*/
enforcementState?: PasswordPolicyEnforcementState;
/**
* Require users to have a policy-compliant password to sign in
*/
forceUpgradeOnSignin?: boolean;
/**
* The constraints that make up the password strength policy
*/
constraints?: CustomStrengthOptionsConfig;
}
/**
* Configuration for settings related to univeral links (iOS)
* and app links (Android).
*/
export interface MobileLinksConfig {
/**
* Use Firebase Hosting or dynamic link domain as the out-of-band code domain.
*/
domain?: MobileLinksDomain;
}
/**
* Open code in app domain to use for app links and universal links.
*/
export type MobileLinksDomain = 'HOSTING_DOMAIN' | 'FIREBASE_DYNAMIC_LINK_DOMAIN';
/**
* A password policy's enforcement state.
*/
export type PasswordPolicyEnforcementState = 'ENFORCE' | 'OFF';
/**
* Constraints to be enforced on the password policy
*/
export interface CustomStrengthOptionsConfig {
/**
* The password must contain an upper case character
*/
requireUppercase?: boolean;
/**
* The password must contain a lower case character
*/
requireLowercase?: boolean;
/**
* The password must contain a non-alphanumeric character
*/
requireNonAlphanumeric?: boolean;
/**
* The password must contain a number
*/
requireNumeric?: boolean;
/**
* Minimum password length. Valid values are from 6 to 30
*/
minLength?: number;
/**
* Maximum password length. No default max length
*/
maxLength?: number;
}
/**
* Server side password policy configuration.
*/
export interface PasswordPolicyAuthServerConfig {
passwordPolicyEnforcementState?: PasswordPolicyEnforcementState;
passwordPolicyVersions?: PasswordPolicyVersionsAuthServerConfig[];
forceUpgradeOnSignin?: boolean;
}
/**
* Server side password policy versions configuration.
*/
export interface PasswordPolicyVersionsAuthServerConfig {
customStrengthOptions?: CustomStrengthOptionsAuthServerConfig;
}
/**
* Server side password policy constraints configuration.
*/
export interface CustomStrengthOptionsAuthServerConfig {
containsLowercaseCharacter?: boolean;
containsUppercaseCharacter?: boolean;
containsNumericCharacter?: boolean;
containsNonAlphanumericCharacter?: boolean;
minPasswordLength?: number;
maxPasswordLength?: number;
}
/**
* The email privacy configuration of a project or tenant.
*/
export interface EmailPrivacyConfig {
/**
* Whether enhanced email privacy is enabled.
*/
enableImprovedEmailPrivacy?: boolean;
}
export {};

1186
server/node_modules/firebase-admin/lib/auth/auth-config.js generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

257
server/node_modules/firebase-admin/lib/auth/auth-namespace.d.ts generated vendored Normal file
View File

@@ -0,0 +1,257 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { App } from '../app/index';
import { ActionCodeSettings as TActionCodeSettings } from './action-code-settings-builder';
import { Auth as TAuth } from './auth';
import { AuthFactorType as TAuthFactorType, AuthProviderConfig as TAuthProviderConfig, AuthProviderConfigFilter as TAuthProviderConfigFilter, CreateRequest as TCreateRequest, CreateMultiFactorInfoRequest as TCreateMultiFactorInfoRequest, CreatePhoneMultiFactorInfoRequest as TCreatePhoneMultiFactorInfoRequest, EmailSignInProviderConfig as TEmailSignInProviderConfig, ListProviderConfigResults as TListProviderConfigResults, MultiFactorCreateSettings as TMultiFactorCreateSettings, MultiFactorConfig as TMultiFactorConfig, MultiFactorConfigState as TMultiFactorConfigState, MultiFactorUpdateSettings as TMultiFactorUpdateSettings, OIDCAuthProviderConfig as TOIDCAuthProviderConfig, OIDCUpdateAuthProviderRequest as TOIDCUpdateAuthProviderRequest, SAMLAuthProviderConfig as TSAMLAuthProviderConfig, SAMLUpdateAuthProviderRequest as TSAMLUpdateAuthProviderRequest, UpdateAuthProviderRequest as TUpdateAuthProviderRequest, UpdateMultiFactorInfoRequest as TUpdateMultiFactorInfoRequest, UpdatePhoneMultiFactorInfoRequest as TUpdatePhoneMultiFactorInfoRequest, UpdateRequest as TUpdateRequest } from './auth-config';
import { BaseAuth as TBaseAuth, DeleteUsersResult as TDeleteUsersResult, GetUsersResult as TGetUsersResult, ListUsersResult as TListUsersResult, SessionCookieOptions as TSessionCookieOptions } from './base-auth';
import { EmailIdentifier as TEmailIdentifier, PhoneIdentifier as TPhoneIdentifier, ProviderIdentifier as TProviderIdentifier, UserIdentifier as TUserIdentifier, UidIdentifier as TUidIdentifier } from './identifier';
import { CreateTenantRequest as TCreateTenantRequest, Tenant as TTenant, UpdateTenantRequest as TUpdateTenantRequest } from './tenant';
import { ListTenantsResult as TListTenantsResult, TenantAwareAuth as TTenantAwareAuth, TenantManager as TTenantManager } from './tenant-manager';
import { DecodedIdToken as TDecodedIdToken, DecodedAuthBlockingToken as TDecodedAuthBlockingToken } from './token-verifier';
import { HashAlgorithmType as THashAlgorithmType, UserImportOptions as TUserImportOptions, UserImportRecord as TUserImportRecord, UserImportResult as TUserImportResult, UserMetadataRequest as TUserMetadataRequest, UserProviderRequest as TUserProviderRequest } from './user-import-builder';
import { MultiFactorInfo as TMultiFactorInfo, MultiFactorSettings as TMultiFactorSettings, PhoneMultiFactorInfo as TPhoneMultiFactorInfo, UserInfo as TUserInfo, UserMetadata as TUserMetadata, UserRecord as TUserRecord } from './user-record';
/**
* Gets the {@link firebase-admin.auth#Auth} service for the default app or a
* given app.
*
* `admin.auth()` can be called with no arguments to access the default app's
* {@link firebase-admin.auth#Auth} service or as `admin.auth(app)` to access the
* {@link firebase-admin.auth#Auth} service associated with a specific app.
*
* @example
* ```javascript
* // Get the Auth service for the default app
* var defaultAuth = admin.auth();
* ```
*
* @example
* ```javascript
* // Get the Auth service for a given app
* var otherAuth = admin.auth(otherApp);
* ```
*
*/
export declare function auth(app?: App): auth.Auth;
export declare namespace auth {
/**
* Type alias to {@link firebase-admin.auth#ActionCodeSettings}.
*/
type ActionCodeSettings = TActionCodeSettings;
/**
* Type alias to {@link firebase-admin.auth#Auth}.
*/
type Auth = TAuth;
/**
* Type alias to {@link firebase-admin.auth#AuthFactorType}.
*/
type AuthFactorType = TAuthFactorType;
/**
* Type alias to {@link firebase-admin.auth#AuthProviderConfig}.
*/
type AuthProviderConfig = TAuthProviderConfig;
/**
* Type alias to {@link firebase-admin.auth#AuthProviderConfigFilter}.
*/
type AuthProviderConfigFilter = TAuthProviderConfigFilter;
/**
* Type alias to {@link firebase-admin.auth#BaseAuth}.
*/
type BaseAuth = TBaseAuth;
/**
* Type alias to {@link firebase-admin.auth#CreateMultiFactorInfoRequest}.
*/
type CreateMultiFactorInfoRequest = TCreateMultiFactorInfoRequest;
/**
* Type alias to {@link firebase-admin.auth#CreatePhoneMultiFactorInfoRequest}.
*/
type CreatePhoneMultiFactorInfoRequest = TCreatePhoneMultiFactorInfoRequest;
/**
* Type alias to {@link firebase-admin.auth#CreateRequest}.
*/
type CreateRequest = TCreateRequest;
/**
* Type alias to {@link firebase-admin.auth#CreateTenantRequest}.
*/
type CreateTenantRequest = TCreateTenantRequest;
/**
* Type alias to {@link firebase-admin.auth#DecodedIdToken}.
*/
type DecodedIdToken = TDecodedIdToken;
/** @alpha */
type DecodedAuthBlockingToken = TDecodedAuthBlockingToken;
/**
* Type alias to {@link firebase-admin.auth#DeleteUsersResult}.
*/
type DeleteUsersResult = TDeleteUsersResult;
/**
* Type alias to {@link firebase-admin.auth#EmailIdentifier}.
*/
type EmailIdentifier = TEmailIdentifier;
/**
* Type alias to {@link firebase-admin.auth#EmailSignInProviderConfig}.
*/
type EmailSignInProviderConfig = TEmailSignInProviderConfig;
/**
* Type alias to {@link firebase-admin.auth#GetUsersResult}.
*/
type GetUsersResult = TGetUsersResult;
/**
* Type alias to {@link firebase-admin.auth#HashAlgorithmType}.
*/
type HashAlgorithmType = THashAlgorithmType;
/**
* Type alias to {@link firebase-admin.auth#ListProviderConfigResults}.
*/
type ListProviderConfigResults = TListProviderConfigResults;
/**
* Type alias to {@link firebase-admin.auth#ListTenantsResult}.
*/
type ListTenantsResult = TListTenantsResult;
/**
* Type alias to {@link firebase-admin.auth#ListUsersResult}.
*/
type ListUsersResult = TListUsersResult;
/**
* Type alias to {@link firebase-admin.auth#MultiFactorCreateSettings}.
*/
type MultiFactorCreateSettings = TMultiFactorCreateSettings;
/**
* Type alias to {@link firebase-admin.auth#MultiFactorConfig}.
*/
type MultiFactorConfig = TMultiFactorConfig;
/**
* Type alias to {@link firebase-admin.auth#MultiFactorConfigState}.
*/
type MultiFactorConfigState = TMultiFactorConfigState;
/**
* Type alias to {@link firebase-admin.auth#MultiFactorInfo}.
*/
type MultiFactorInfo = TMultiFactorInfo;
/**
* Type alias to {@link firebase-admin.auth#MultiFactorUpdateSettings}.
*/
type MultiFactorUpdateSettings = TMultiFactorUpdateSettings;
/**
* Type alias to {@link firebase-admin.auth#MultiFactorSettings}.
*/
type MultiFactorSettings = TMultiFactorSettings;
/**
* Type alias to {@link firebase-admin.auth#OIDCAuthProviderConfig}.
*/
type OIDCAuthProviderConfig = TOIDCAuthProviderConfig;
/**
* Type alias to {@link firebase-admin.auth#OIDCUpdateAuthProviderRequest}.
*/
type OIDCUpdateAuthProviderRequest = TOIDCUpdateAuthProviderRequest;
/**
* Type alias to {@link firebase-admin.auth#PhoneIdentifier}.
*/
type PhoneIdentifier = TPhoneIdentifier;
/**
* Type alias to {@link firebase-admin.auth#PhoneMultiFactorInfo}.
*/
type PhoneMultiFactorInfo = TPhoneMultiFactorInfo;
/**
* Type alias to {@link firebase-admin.auth#ProviderIdentifier}.
*/
type ProviderIdentifier = TProviderIdentifier;
/**
* Type alias to {@link firebase-admin.auth#SAMLAuthProviderConfig}.
*/
type SAMLAuthProviderConfig = TSAMLAuthProviderConfig;
/**
* Type alias to {@link firebase-admin.auth#SAMLUpdateAuthProviderRequest}.
*/
type SAMLUpdateAuthProviderRequest = TSAMLUpdateAuthProviderRequest;
/**
* Type alias to {@link firebase-admin.auth#SessionCookieOptions}.
*/
type SessionCookieOptions = TSessionCookieOptions;
/**
* Type alias to {@link firebase-admin.auth#Tenant}.
*/
type Tenant = TTenant;
/**
* Type alias to {@link firebase-admin.auth#TenantAwareAuth}.
*/
type TenantAwareAuth = TTenantAwareAuth;
/**
* Type alias to {@link firebase-admin.auth#TenantManager}.
*/
type TenantManager = TTenantManager;
/**
* Type alias to {@link firebase-admin.auth#UidIdentifier}.
*/
type UidIdentifier = TUidIdentifier;
/**
* Type alias to {@link firebase-admin.auth#UpdateAuthProviderRequest}.
*/
type UpdateAuthProviderRequest = TUpdateAuthProviderRequest;
/**
* Type alias to {@link firebase-admin.auth#UpdateMultiFactorInfoRequest}.
*/
type UpdateMultiFactorInfoRequest = TUpdateMultiFactorInfoRequest;
/**
* Type alias to {@link firebase-admin.auth#UpdatePhoneMultiFactorInfoRequest}.
*/
type UpdatePhoneMultiFactorInfoRequest = TUpdatePhoneMultiFactorInfoRequest;
/**
* Type alias to {@link firebase-admin.auth#UpdateRequest}.
*/
type UpdateRequest = TUpdateRequest;
/**
* Type alias to {@link firebase-admin.auth#UpdateTenantRequest}.
*/
type UpdateTenantRequest = TUpdateTenantRequest;
/**
* Type alias to {@link firebase-admin.auth#UserIdentifier}.
*/
type UserIdentifier = TUserIdentifier;
/**
* Type alias to {@link firebase-admin.auth#UserImportOptions}.
*/
type UserImportOptions = TUserImportOptions;
/**
* Type alias to {@link firebase-admin.auth#UserImportRecord}.
*/
type UserImportRecord = TUserImportRecord;
/**
* Type alias to {@link firebase-admin.auth#UserImportResult}.
*/
type UserImportResult = TUserImportResult;
/**
* Type alias to {@link firebase-admin.auth#UserInfo}.
*/
type UserInfo = TUserInfo;
/**
* Type alias to {@link firebase-admin.auth#UserMetadata}.
*/
type UserMetadata = TUserMetadata;
/**
* Type alias to {@link firebase-admin.auth#UserMetadataRequest}.
*/
type UserMetadataRequest = TUserMetadataRequest;
/**
* Type alias to {@link firebase-admin.auth#UserProviderRequest}.
*/
type UserProviderRequest = TUserProviderRequest;
/**
* Type alias to {@link firebase-admin.auth#UserRecord}.
*/
type UserRecord = TUserRecord;
}

18
server/node_modules/firebase-admin/lib/auth/auth-namespace.js generated vendored Normal file
View File

@@ -0,0 +1,18 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

48
server/node_modules/firebase-admin/lib/auth/auth.d.ts generated vendored Normal file
View File

@@ -0,0 +1,48 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { App } from '../app/index';
import { TenantManager } from './tenant-manager';
import { BaseAuth } from './base-auth';
import { ProjectConfigManager } from './project-config-manager';
/**
* Auth service bound to the provided app.
* An Auth instance can have multiple tenants.
*/
export declare class Auth extends BaseAuth {
private readonly tenantManager_;
private readonly projectConfigManager_;
private readonly app_;
/**
* Returns the app associated with this Auth instance.
*
* @returns The app associated with this Auth instance.
*/
get app(): App;
/**
* Returns the tenant manager instance associated with the current project.
*
* @returns The tenant manager instance associated with the current project.
*/
tenantManager(): TenantManager;
/**
* Returns the project config manager instance associated with the current project.
*
* @returns The project config manager instance associated with the current project.
*/
projectConfigManager(): ProjectConfigManager;
}

66
server/node_modules/firebase-admin/lib/auth/auth.js generated vendored Normal file
View File

@@ -0,0 +1,66 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.Auth = void 0;
const auth_api_request_1 = require("./auth-api-request");
const tenant_manager_1 = require("./tenant-manager");
const base_auth_1 = require("./base-auth");
const project_config_manager_1 = require("./project-config-manager");
/**
* Auth service bound to the provided app.
* An Auth instance can have multiple tenants.
*/
class Auth extends base_auth_1.BaseAuth {
/**
* @param app - The app for this Auth service.
* @constructor
* @internal
*/
constructor(app) {
super(app, new auth_api_request_1.AuthRequestHandler(app));
this.app_ = app;
this.tenantManager_ = new tenant_manager_1.TenantManager(app);
this.projectConfigManager_ = new project_config_manager_1.ProjectConfigManager(app);
}
/**
* Returns the app associated with this Auth instance.
*
* @returns The app associated with this Auth instance.
*/
get app() {
return this.app_;
}
/**
* Returns the tenant manager instance associated with the current project.
*
* @returns The tenant manager instance associated with the current project.
*/
tenantManager() {
return this.tenantManager_;
}
/**
* Returns the project config manager instance associated with the current project.
*
* @returns The project config manager instance associated with the current project.
*/
projectConfigManager() {
return this.projectConfigManager_;
}
}
exports.Auth = Auth;

640
server/node_modules/firebase-admin/lib/auth/base-auth.d.ts generated vendored Normal file
View File

@@ -0,0 +1,640 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { FirebaseArrayIndexError } from '../app';
import { DecodedIdToken, DecodedAuthBlockingToken } from './token-verifier';
import { AuthProviderConfig, AuthProviderConfigFilter, ListProviderConfigResults, UpdateAuthProviderRequest, CreateRequest, UpdateRequest } from './auth-config';
import { UserRecord } from './user-record';
import { UserIdentifier } from './identifier';
import { UserImportOptions, UserImportRecord, UserImportResult } from './user-import-builder';
import { ActionCodeSettings } from './action-code-settings-builder';
/** Represents the result of the {@link BaseAuth.getUsers} API. */
export interface GetUsersResult {
/**
* Set of user records, corresponding to the set of users that were
* requested. Only users that were found are listed here. The result set is
* unordered.
*/
users: UserRecord[];
/** Set of identifiers that were requested, but not found. */
notFound: UserIdentifier[];
}
/**
* Interface representing the object returned from a
* {@link BaseAuth.listUsers} operation. Contains the list
* of users for the current batch and the next page token if available.
*/
export interface ListUsersResult {
/**
* The list of {@link UserRecord} objects for the
* current downloaded batch.
*/
users: UserRecord[];
/**
* The next page token if available. This is needed for the next batch download.
*/
pageToken?: string;
}
/**
* Represents the result of the {@link BaseAuth.deleteUsers}.
* API.
*/
export interface DeleteUsersResult {
/**
* The number of user records that failed to be deleted (possibly zero).
*/
failureCount: number;
/**
* The number of users that were deleted successfully (possibly zero).
* Users that did not exist prior to calling `deleteUsers()` are
* considered to be successfully deleted.
*/
successCount: number;
/**
* A list of `FirebaseArrayIndexError` instances describing the errors that
* were encountered during the deletion. Length of this list is equal to
* the return value of {@link DeleteUsersResult.failureCount}.
*/
errors: FirebaseArrayIndexError[];
}
/**
* Interface representing the session cookie options needed for the
* {@link BaseAuth.createSessionCookie} method.
*/
export interface SessionCookieOptions {
/**
* The session cookie custom expiration in milliseconds. The minimum allowed is
* 5 minutes and the maxium allowed is 2 weeks.
*/
expiresIn: number;
}
/**
* Common parent interface for both `Auth` and `TenantAwareAuth` APIs.
*/
export declare abstract class BaseAuth {
/**
* Creates a new Firebase custom token (JWT) that can be sent back to a client
* device to use to sign in with the client SDKs' `signInWithCustomToken()`
* methods. (Tenant-aware instances will also embed the tenant ID in the
* token.)
*
* See {@link https://firebase.google.com/docs/auth/admin/create-custom-tokens | Create Custom Tokens}
* for code samples and detailed documentation.
*
* @param uid - The `uid` to use as the custom token's subject.
* @param developerClaims - Optional additional claims to include
* in the custom token's payload.
*
* @returns A promise fulfilled with a custom token for the
* provided `uid` and payload.
*/
createCustomToken(uid: string, developerClaims?: object): Promise<string>;
/**
* Verifies a Firebase ID token (JWT). If the token is valid, the promise is
* fulfilled with the token's decoded claims; otherwise, the promise is
* rejected.
*
* If `checkRevoked` is set to true, first verifies whether the corresponding
* user is disabled. If yes, an `auth/user-disabled` error is thrown. If no,
* verifies if the session corresponding to the ID token was revoked. If the
* corresponding user's session was invalidated, an `auth/id-token-revoked`
* error is thrown. If not specified the check is not applied.
*
* See {@link https://firebase.google.com/docs/auth/admin/verify-id-tokens | Verify ID Tokens}
* for code samples and detailed documentation.
*
* @param idToken - The ID token to verify.
* @param checkRevoked - Whether to check if the ID token was revoked.
* This requires an extra request to the Firebase Auth backend to check
* the `tokensValidAfterTime` time for the corresponding user.
* When not specified, this additional check is not applied.
*
* @returns A promise fulfilled with the
* token's decoded claims if the ID token is valid; otherwise, a rejected
* promise.
*/
verifyIdToken(idToken: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
/**
* Gets the user data for the user corresponding to a given `uid`.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param uid - The `uid` corresponding to the user whose data to fetch.
*
* @returns A promise fulfilled with the user
* data corresponding to the provided `uid`.
*/
getUser(uid: string): Promise<UserRecord>;
/**
* Gets the user data for the user corresponding to a given email.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param email - The email corresponding to the user whose data to
* fetch.
*
* @returns A promise fulfilled with the user
* data corresponding to the provided email.
*/
getUserByEmail(email: string): Promise<UserRecord>;
/**
* Gets the user data for the user corresponding to a given phone number. The
* phone number has to conform to the E.164 specification.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param phoneNumber - The phone number corresponding to the user whose
* data to fetch.
*
* @returns A promise fulfilled with the user
* data corresponding to the provided phone number.
*/
getUserByPhoneNumber(phoneNumber: string): Promise<UserRecord>;
/**
* Gets the user data for the user corresponding to a given provider id.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param providerId - The provider ID, for example, "google.com" for the
* Google provider.
* @param uid - The user identifier for the given provider.
*
* @returns A promise fulfilled with the user data corresponding to the
* given provider id.
*/
getUserByProviderUid(providerId: string, uid: string): Promise<UserRecord>;
/**
* Gets the user data corresponding to the specified identifiers.
*
* There are no ordering guarantees; in particular, the nth entry in the result list is not
* guaranteed to correspond to the nth entry in the input parameters list.
*
* Only a maximum of 100 identifiers may be supplied. If more than 100 identifiers are supplied,
* this method throws a FirebaseAuthError.
*
* @param identifiers - The identifiers used to indicate which user records should be returned.
* Must not have more than 100 entries.
* @returns A promise that resolves to the corresponding user records.
* @throws FirebaseAuthError If any of the identifiers are invalid or if more than 100
* identifiers are specified.
*/
getUsers(identifiers: UserIdentifier[]): Promise<GetUsersResult>;
/**
* Retrieves a list of users (single batch only) with a size of `maxResults`
* starting from the offset as specified by `pageToken`. This is used to
* retrieve all the users of a specified project in batches.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#list_all_users | List all users}
* for code samples and detailed documentation.
*
* @param maxResults - The page size, 1000 if undefined. This is also
* the maximum allowed limit.
* @param pageToken - The next page token. If not specified, returns
* users starting without any offset.
* @returns A promise that resolves with
* the current batch of downloaded users and the next page token.
*/
listUsers(maxResults?: number, pageToken?: string): Promise<ListUsersResult>;
/**
* Creates a new user.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#create_a_user | Create a user}
* for code samples and detailed documentation.
*
* @param properties - The properties to set on the
* new user record to be created.
*
* @returns A promise fulfilled with the user
* data corresponding to the newly created user.
*/
createUser(properties: CreateRequest): Promise<UserRecord>;
/**
* Deletes an existing user.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#delete_a_user | Delete a user}
* for code samples and detailed documentation.
*
* @param uid - The `uid` corresponding to the user to delete.
*
* @returns An empty promise fulfilled once the user has been
* deleted.
*/
deleteUser(uid: string): Promise<void>;
/**
* Deletes the users specified by the given uids.
*
* Deleting a non-existing user won't generate an error (i.e. this method
* is idempotent.) Non-existing users are considered to be successfully
* deleted, and are therefore counted in the
* `DeleteUsersResult.successCount` value.
*
* Only a maximum of 1000 identifiers may be supplied. If more than 1000
* identifiers are supplied, this method throws a FirebaseAuthError.
*
* This API is currently rate limited at the server to 1 QPS. If you exceed
* this, you may get a quota exceeded error. Therefore, if you want to
* delete more than 1000 users, you may need to add a delay to ensure you
* don't go over this limit.
*
* @param uids - The `uids` corresponding to the users to delete.
*
* @returns A Promise that resolves to the total number of successful/failed
* deletions, as well as the array of errors that corresponds to the
* failed deletions.
*/
deleteUsers(uids: string[]): Promise<DeleteUsersResult>;
/**
* Updates an existing user.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#update_a_user | Update a user}
* for code samples and detailed documentation.
*
* @param uid - The `uid` corresponding to the user to update.
* @param properties - The properties to update on
* the provided user.
*
* @returns A promise fulfilled with the
* updated user data.
*/
updateUser(uid: string, properties: UpdateRequest): Promise<UserRecord>;
/**
* Sets additional developer claims on an existing user identified by the
* provided `uid`, typically used to define user roles and levels of
* access. These claims should propagate to all devices where the user is
* already signed in (after token expiration or when token refresh is forced)
* and the next time the user signs in. If a reserved OIDC claim name
* is used (sub, iat, iss, etc), an error is thrown. They are set on the
* authenticated user's ID token JWT.
*
* See {@link https://firebase.google.com/docs/auth/admin/custom-claims |
* Defining user roles and access levels}
* for code samples and detailed documentation.
*
* @param uid - The `uid` of the user to edit.
* @param customUserClaims - The developer claims to set. If null is
* passed, existing custom claims are deleted. Passing a custom claims payload
* larger than 1000 bytes will throw an error. Custom claims are added to the
* user's ID token which is transmitted on every authenticated request.
* For profile non-access related user attributes, use database or other
* separate storage systems.
* @returns A promise that resolves when the operation completes
* successfully.
*/
setCustomUserClaims(uid: string, customUserClaims: object | null): Promise<void>;
/**
* Revokes all refresh tokens for an existing user.
*
* This API will update the user's {@link UserRecord.tokensValidAfterTime} to
* the current UTC. It is important that the server on which this is called has
* its clock set correctly and synchronized.
*
* While this will revoke all sessions for a specified user and disable any
* new ID tokens for existing sessions from getting minted, existing ID tokens
* may remain active until their natural expiration (one hour). To verify that
* ID tokens are revoked, use {@link BaseAuth.verifyIdToken}
* where `checkRevoked` is set to true.
*
* @param uid - The `uid` corresponding to the user whose refresh tokens
* are to be revoked.
*
* @returns An empty promise fulfilled once the user's refresh
* tokens have been revoked.
*/
revokeRefreshTokens(uid: string): Promise<void>;
/**
* Imports the provided list of users into Firebase Auth.
* A maximum of 1000 users are allowed to be imported one at a time.
* When importing users with passwords,
* {@link UserImportOptions} are required to be
* specified.
* This operation is optimized for bulk imports and will ignore checks on `uid`,
* `email` and other identifier uniqueness which could result in duplications.
*
* @param users - The list of user records to import to Firebase Auth.
* @param options - The user import options, required when the users provided include
* password credentials.
* @returns A promise that resolves when
* the operation completes with the result of the import. This includes the
* number of successful imports, the number of failed imports and their
* corresponding errors.
*/
importUsers(users: UserImportRecord[], options?: UserImportOptions): Promise<UserImportResult>;
/**
* Creates a new Firebase session cookie with the specified options. The created
* JWT string can be set as a server-side session cookie with a custom cookie
* policy, and be used for session management. The session cookie JWT will have
* the same payload claims as the provided ID token.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-cookies | Manage Session Cookies}
* for code samples and detailed documentation.
*
* @param idToken - The Firebase ID token to exchange for a session
* cookie.
* @param sessionCookieOptions - The session
* cookie options which includes custom session duration.
*
* @returns A promise that resolves on success with the
* created session cookie.
*/
createSessionCookie(idToken: string, sessionCookieOptions: SessionCookieOptions): Promise<string>;
/**
* Verifies a Firebase session cookie. Returns a Promise with the cookie claims.
* Rejects the promise if the cookie could not be verified.
*
* If `checkRevoked` is set to true, first verifies whether the corresponding
* user is disabled: If yes, an `auth/user-disabled` error is thrown. If no,
* verifies if the session corresponding to the session cookie was revoked.
* If the corresponding user's session was invalidated, an
* `auth/session-cookie-revoked` error is thrown. If not specified the check
* is not performed.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-cookies#verify_session_cookie_and_check_permissions |
* Verify Session Cookies}
* for code samples and detailed documentation
*
* @param sessionCookie - The session cookie to verify.
* @param checkForRevocation - Whether to check if the session cookie was
* revoked. This requires an extra request to the Firebase Auth backend to
* check the `tokensValidAfterTime` time for the corresponding user.
* When not specified, this additional check is not performed.
*
* @returns A promise fulfilled with the
* session cookie's decoded claims if the session cookie is valid; otherwise,
* a rejected promise.
*/
verifySessionCookie(sessionCookie: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
/**
* Generates the out of band email action link to reset a user's password.
* The link is generated for the user with the specified email address. The
* optional {@link ActionCodeSettings} object
* defines whether the link is to be handled by a mobile app or browser and the
* additional state information to be passed in the deep link, etc.
*
* @example
* ```javascript
* var actionCodeSettings = {
* url: 'https://www.example.com/?email=user@example.com',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true,
* linkDomain: 'project-id.firebaseapp.com'
* };
* admin.auth()
* .generatePasswordResetLink('user@example.com', actionCodeSettings)
* .then(function(link) {
* // The link was successfully generated.
* })
* .catch(function(error) {
* // Some error occurred, you can inspect the code: error.code
* });
* ```
*
* @param email - The email address of the user whose password is to be
* reset.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the password reset link. The default password
* reset landing page will use this to display a link to go back to the app
* if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is whitelisted by the
* developer in the console. Otherwise an error is thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generatePasswordResetLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
/**
* Generates the out of band email action link to verify the user's ownership
* of the specified email. The {@link ActionCodeSettings} object provided
* as an argument to this method defines whether the link is to be handled by a
* mobile app or browser along with additional state information to be passed in
* the deep link, etc.
*
* @example
* ```javascript
* var actionCodeSettings = {
* url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true,
* linkDomain: 'project-id.firebaseapp.com'
* };
* admin.auth()
* .generateEmailVerificationLink('user@example.com', actionCodeSettings)
* .then(function(link) {
* // The link was successfully generated.
* })
* .catch(function(error) {
* // Some error occurred, you can inspect the code: error.code
* });
* ```
*
* @param email - The email account to verify.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the email verification link. The default email
* verification landing page will use this to display a link to go back to
* the app if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is whitelisted by the
* developer in the console. Otherwise an error is thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generateEmailVerificationLink(email: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
/**
* Generates an out-of-band email action link to verify the user's ownership
* of the specified email. The {@link ActionCodeSettings} object provided
* as an argument to this method defines whether the link is to be handled by a
* mobile app or browser along with additional state information to be passed in
* the deep link, etc.
*
* @param email - The current email account.
* @param newEmail - The email address the account is being updated to.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the email verification link. The default email
* verification landing page will use this to display a link to go back to
* the app if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is authorized
* in the console, or an error will be thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generateVerifyAndChangeEmailLink(email: string, newEmail: string, actionCodeSettings?: ActionCodeSettings): Promise<string>;
/**
* Generates the out of band email action link to verify the user's ownership
* of the specified email. The {@link ActionCodeSettings} object provided
* as an argument to this method defines whether the link is to be handled by a
* mobile app or browser along with additional state information to be passed in
* the deep link, etc.
*
* @example
* ```javascript
* var actionCodeSettings = {
* url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true,
* linkDomain: 'project-id.firebaseapp.com'
* };
* admin.auth()
* .generateEmailVerificationLink('user@example.com', actionCodeSettings)
* .then(function(link) {
* // The link was successfully generated.
* })
* .catch(function(error) {
* // Some error occurred, you can inspect the code: error.code
* });
* ```
*
* @param email - The email account to verify.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the email verification link. The default email
* verification landing page will use this to display a link to go back to
* the app if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is whitelisted by the
* developer in the console. Otherwise an error is thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generateSignInWithEmailLink(email: string, actionCodeSettings: ActionCodeSettings): Promise<string>;
/**
* Returns the list of existing provider configurations matching the filter
* provided. At most, 100 provider configs can be listed at a time.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param options - The provider config filter to apply.
* @returns A promise that resolves with the list of provider configs meeting the
* filter requirements.
*/
listProviderConfigs(options: AuthProviderConfigFilter): Promise<ListProviderConfigResults>;
/**
* Looks up an Auth provider configuration by the provided ID.
* Returns a promise that resolves with the provider configuration
* corresponding to the provider ID specified. If the specified ID does not
* exist, an `auth/configuration-not-found` error is thrown.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param providerId - The provider ID corresponding to the provider
* config to return.
* @returns A promise that resolves
* with the configuration corresponding to the provided ID.
*/
getProviderConfig(providerId: string): Promise<AuthProviderConfig>;
/**
* Deletes the provider configuration corresponding to the provider ID passed.
* If the specified ID does not exist, an `auth/configuration-not-found` error
* is thrown.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param providerId - The provider ID corresponding to the provider
* config to delete.
* @returns A promise that resolves on completion.
*/
deleteProviderConfig(providerId: string): Promise<void>;
/**
* Returns a promise that resolves with the updated `AuthProviderConfig`
* corresponding to the provider ID specified.
* If the specified ID does not exist, an `auth/configuration-not-found` error
* is thrown.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param providerId - The provider ID corresponding to the provider
* config to update.
* @param updatedConfig - The updated configuration.
* @returns A promise that resolves with the updated provider configuration.
*/
updateProviderConfig(providerId: string, updatedConfig: UpdateAuthProviderRequest): Promise<AuthProviderConfig>;
/**
* Returns a promise that resolves with the newly created `AuthProviderConfig`
* when the new provider configuration is created.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param config - The provider configuration to create.
* @returns A promise that resolves with the created provider configuration.
*/
createProviderConfig(config: AuthProviderConfig): Promise<AuthProviderConfig>;
/** @alpha */
_verifyAuthBlockingToken(token: string, audience?: string): Promise<DecodedAuthBlockingToken>;
/**
* Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
* resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
* or user disabled.
*
* @param decodedIdToken - The JWT's decoded claims.
* @param revocationErrorInfo - The revocation error info to throw on revocation
* detection.
* @returns A promise that will be fulfilled after a successful verification.
*/
private verifyDecodedJWTNotRevokedOrDisabled;
}

981
server/node_modules/firebase-admin/lib/auth/base-auth.js generated vendored Normal file
View File

@@ -0,0 +1,981 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.BaseAuth = void 0;
exports.createFirebaseTokenGenerator = createFirebaseTokenGenerator;
const error_1 = require("../utils/error");
const deep_copy_1 = require("../utils/deep-copy");
const validator = require("../utils/validator");
const auth_api_request_1 = require("./auth-api-request");
const token_generator_1 = require("./token-generator");
const token_verifier_1 = require("./token-verifier");
const auth_config_1 = require("./auth-config");
const user_record_1 = require("./user-record");
const identifier_1 = require("./identifier");
const crypto_signer_1 = require("../utils/crypto-signer");
/**
* @internal
*/
function createFirebaseTokenGenerator(app, tenantId) {
try {
const signer = (0, auth_api_request_1.useEmulator)() ? new token_generator_1.EmulatedSigner() : (0, crypto_signer_1.cryptoSignerFromApp)(app);
return new token_generator_1.FirebaseTokenGenerator(signer, tenantId);
}
catch (err) {
throw (0, token_generator_1.handleCryptoSignerError)(err);
}
}
/**
* Common parent interface for both `Auth` and `TenantAwareAuth` APIs.
*/
class BaseAuth {
/**
* The BaseAuth class constructor.
*
* @param app - The FirebaseApp to associate with this Auth instance.
* @param authRequestHandler - The RPC request handler for this instance.
* @param tokenGenerator - Optional token generator. If not specified, a
* (non-tenant-aware) instance will be created. Use this paramter to
* specify a tenant-aware tokenGenerator.
* @constructor
* @internal
*/
constructor(app,
/** @internal */ authRequestHandler, tokenGenerator) {
this.authRequestHandler = authRequestHandler;
if (tokenGenerator) {
this.tokenGenerator = tokenGenerator;
}
else {
this.tokenGenerator = createFirebaseTokenGenerator(app);
}
this.sessionCookieVerifier = (0, token_verifier_1.createSessionCookieVerifier)(app);
this.idTokenVerifier = (0, token_verifier_1.createIdTokenVerifier)(app);
this.authBlockingTokenVerifier = (0, token_verifier_1.createAuthBlockingTokenVerifier)(app);
}
/**
* Creates a new Firebase custom token (JWT) that can be sent back to a client
* device to use to sign in with the client SDKs' `signInWithCustomToken()`
* methods. (Tenant-aware instances will also embed the tenant ID in the
* token.)
*
* See {@link https://firebase.google.com/docs/auth/admin/create-custom-tokens | Create Custom Tokens}
* for code samples and detailed documentation.
*
* @param uid - The `uid` to use as the custom token's subject.
* @param developerClaims - Optional additional claims to include
* in the custom token's payload.
*
* @returns A promise fulfilled with a custom token for the
* provided `uid` and payload.
*/
createCustomToken(uid, developerClaims) {
return this.tokenGenerator.createCustomToken(uid, developerClaims);
}
/**
* Verifies a Firebase ID token (JWT). If the token is valid, the promise is
* fulfilled with the token's decoded claims; otherwise, the promise is
* rejected.
*
* If `checkRevoked` is set to true, first verifies whether the corresponding
* user is disabled. If yes, an `auth/user-disabled` error is thrown. If no,
* verifies if the session corresponding to the ID token was revoked. If the
* corresponding user's session was invalidated, an `auth/id-token-revoked`
* error is thrown. If not specified the check is not applied.
*
* See {@link https://firebase.google.com/docs/auth/admin/verify-id-tokens | Verify ID Tokens}
* for code samples and detailed documentation.
*
* @param idToken - The ID token to verify.
* @param checkRevoked - Whether to check if the ID token was revoked.
* This requires an extra request to the Firebase Auth backend to check
* the `tokensValidAfterTime` time for the corresponding user.
* When not specified, this additional check is not applied.
*
* @returns A promise fulfilled with the
* token's decoded claims if the ID token is valid; otherwise, a rejected
* promise.
*/
verifyIdToken(idToken, checkRevoked = false) {
const isEmulator = (0, auth_api_request_1.useEmulator)();
return this.idTokenVerifier.verifyJWT(idToken, isEmulator)
.then((decodedIdToken) => {
// Whether to check if the token was revoked.
if (checkRevoked || isEmulator) {
return this.verifyDecodedJWTNotRevokedOrDisabled(decodedIdToken, error_1.AuthClientErrorCode.ID_TOKEN_REVOKED);
}
return decodedIdToken;
});
}
/**
* Gets the user data for the user corresponding to a given `uid`.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param uid - The `uid` corresponding to the user whose data to fetch.
*
* @returns A promise fulfilled with the user
* data corresponding to the provided `uid`.
*/
getUser(uid) {
return this.authRequestHandler.getAccountInfoByUid(uid)
.then((response) => {
// Returns the user record populated with server response.
return new user_record_1.UserRecord(response.users[0]);
});
}
/**
* Gets the user data for the user corresponding to a given email.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param email - The email corresponding to the user whose data to
* fetch.
*
* @returns A promise fulfilled with the user
* data corresponding to the provided email.
*/
getUserByEmail(email) {
return this.authRequestHandler.getAccountInfoByEmail(email)
.then((response) => {
// Returns the user record populated with server response.
return new user_record_1.UserRecord(response.users[0]);
});
}
/**
* Gets the user data for the user corresponding to a given phone number. The
* phone number has to conform to the E.164 specification.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param phoneNumber - The phone number corresponding to the user whose
* data to fetch.
*
* @returns A promise fulfilled with the user
* data corresponding to the provided phone number.
*/
getUserByPhoneNumber(phoneNumber) {
return this.authRequestHandler.getAccountInfoByPhoneNumber(phoneNumber)
.then((response) => {
// Returns the user record populated with server response.
return new user_record_1.UserRecord(response.users[0]);
});
}
/**
* Gets the user data for the user corresponding to a given provider id.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#retrieve_user_data | Retrieve user data}
* for code samples and detailed documentation.
*
* @param providerId - The provider ID, for example, "google.com" for the
* Google provider.
* @param uid - The user identifier for the given provider.
*
* @returns A promise fulfilled with the user data corresponding to the
* given provider id.
*/
getUserByProviderUid(providerId, uid) {
// Although we don't really advertise it, we want to also handle
// non-federated idps with this call. So if we detect one of them, we'll
// reroute this request appropriately.
if (providerId === 'phone') {
return this.getUserByPhoneNumber(uid);
}
else if (providerId === 'email') {
return this.getUserByEmail(uid);
}
return this.authRequestHandler.getAccountInfoByFederatedUid(providerId, uid)
.then((response) => {
// Returns the user record populated with server response.
return new user_record_1.UserRecord(response.users[0]);
});
}
/**
* Gets the user data corresponding to the specified identifiers.
*
* There are no ordering guarantees; in particular, the nth entry in the result list is not
* guaranteed to correspond to the nth entry in the input parameters list.
*
* Only a maximum of 100 identifiers may be supplied. If more than 100 identifiers are supplied,
* this method throws a FirebaseAuthError.
*
* @param identifiers - The identifiers used to indicate which user records should be returned.
* Must not have more than 100 entries.
* @returns A promise that resolves to the corresponding user records.
* @throws FirebaseAuthError If any of the identifiers are invalid or if more than 100
* identifiers are specified.
*/
getUsers(identifiers) {
if (!validator.isArray(identifiers)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '`identifiers` parameter must be an array');
}
return this.authRequestHandler
.getAccountInfoByIdentifiers(identifiers)
.then((response) => {
/**
* Checks if the specified identifier is within the list of
* UserRecords.
*/
const isUserFound = ((id, userRecords) => {
return !!userRecords.find((userRecord) => {
if ((0, identifier_1.isUidIdentifier)(id)) {
return id.uid === userRecord.uid;
}
else if ((0, identifier_1.isEmailIdentifier)(id)) {
return id.email === userRecord.email;
}
else if ((0, identifier_1.isPhoneIdentifier)(id)) {
return id.phoneNumber === userRecord.phoneNumber;
}
else if ((0, identifier_1.isProviderIdentifier)(id)) {
const matchingUserInfo = userRecord.providerData.find((userInfo) => {
return id.providerId === userInfo.providerId;
});
return !!matchingUserInfo && id.providerUid === matchingUserInfo.uid;
}
else {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'Unhandled identifier type');
}
});
});
const users = response.users ? response.users.map((user) => new user_record_1.UserRecord(user)) : [];
const notFound = identifiers.filter((id) => !isUserFound(id, users));
return { users, notFound };
});
}
/**
* Retrieves a list of users (single batch only) with a size of `maxResults`
* starting from the offset as specified by `pageToken`. This is used to
* retrieve all the users of a specified project in batches.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#list_all_users | List all users}
* for code samples and detailed documentation.
*
* @param maxResults - The page size, 1000 if undefined. This is also
* the maximum allowed limit.
* @param pageToken - The next page token. If not specified, returns
* users starting without any offset.
* @returns A promise that resolves with
* the current batch of downloaded users and the next page token.
*/
listUsers(maxResults, pageToken) {
return this.authRequestHandler.downloadAccount(maxResults, pageToken)
.then((response) => {
// List of users to return.
const users = [];
// Convert each user response to a UserRecord.
response.users.forEach((userResponse) => {
users.push(new user_record_1.UserRecord(userResponse));
});
// Return list of user records and the next page token if available.
const result = {
users,
pageToken: response.nextPageToken,
};
// Delete result.pageToken if undefined.
if (typeof result.pageToken === 'undefined') {
delete result.pageToken;
}
return result;
});
}
/**
* Creates a new user.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#create_a_user | Create a user}
* for code samples and detailed documentation.
*
* @param properties - The properties to set on the
* new user record to be created.
*
* @returns A promise fulfilled with the user
* data corresponding to the newly created user.
*/
createUser(properties) {
return this.authRequestHandler.createNewAccount(properties)
.then((uid) => {
// Return the corresponding user record.
return this.getUser(uid);
})
.catch((error) => {
if (error.code === 'auth/user-not-found') {
// Something must have happened after creating the user and then retrieving it.
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'Unable to create the user record provided.');
}
throw error;
});
}
/**
* Deletes an existing user.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#delete_a_user | Delete a user}
* for code samples and detailed documentation.
*
* @param uid - The `uid` corresponding to the user to delete.
*
* @returns An empty promise fulfilled once the user has been
* deleted.
*/
deleteUser(uid) {
return this.authRequestHandler.deleteAccount(uid)
.then(() => {
// Return nothing on success.
});
}
/**
* Deletes the users specified by the given uids.
*
* Deleting a non-existing user won't generate an error (i.e. this method
* is idempotent.) Non-existing users are considered to be successfully
* deleted, and are therefore counted in the
* `DeleteUsersResult.successCount` value.
*
* Only a maximum of 1000 identifiers may be supplied. If more than 1000
* identifiers are supplied, this method throws a FirebaseAuthError.
*
* This API is currently rate limited at the server to 1 QPS. If you exceed
* this, you may get a quota exceeded error. Therefore, if you want to
* delete more than 1000 users, you may need to add a delay to ensure you
* don't go over this limit.
*
* @param uids - The `uids` corresponding to the users to delete.
*
* @returns A Promise that resolves to the total number of successful/failed
* deletions, as well as the array of errors that corresponds to the
* failed deletions.
*/
deleteUsers(uids) {
if (!validator.isArray(uids)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '`uids` parameter must be an array');
}
return this.authRequestHandler.deleteAccounts(uids, /*force=*/ true)
.then((batchDeleteAccountsResponse) => {
const result = {
failureCount: 0,
successCount: uids.length,
errors: [],
};
if (!validator.isNonEmptyArray(batchDeleteAccountsResponse.errors)) {
return result;
}
result.failureCount = batchDeleteAccountsResponse.errors.length;
result.successCount = uids.length - batchDeleteAccountsResponse.errors.length;
result.errors = batchDeleteAccountsResponse.errors.map((batchDeleteErrorInfo) => {
if (batchDeleteErrorInfo.index === undefined) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'Corrupt BatchDeleteAccountsResponse detected');
}
const errMsgToError = (msg) => {
// We unconditionally set force=true, so the 'NOT_DISABLED' error
// should not be possible.
const code = msg && msg.startsWith('NOT_DISABLED') ?
error_1.AuthClientErrorCode.USER_NOT_DISABLED : error_1.AuthClientErrorCode.INTERNAL_ERROR;
return new error_1.FirebaseAuthError(code, batchDeleteErrorInfo.message);
};
return {
index: batchDeleteErrorInfo.index,
error: errMsgToError(batchDeleteErrorInfo.message),
};
});
return result;
});
}
/**
* Updates an existing user.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-users#update_a_user | Update a user}
* for code samples and detailed documentation.
*
* @param uid - The `uid` corresponding to the user to update.
* @param properties - The properties to update on
* the provided user.
*
* @returns A promise fulfilled with the
* updated user data.
*/
updateUser(uid, properties) {
// Although we don't really advertise it, we want to also handle linking of
// non-federated idps with this call. So if we detect one of them, we'll
// adjust the properties parameter appropriately. This *does* imply that a
// conflict could arise, e.g. if the user provides a phoneNumber property,
// but also provides a providerToLink with a 'phone' provider id. In that
// case, we'll throw an error.
properties = (0, deep_copy_1.deepCopy)(properties);
if (properties?.providerToLink) {
if (properties.providerToLink.providerId === 'email') {
if (typeof properties.email !== 'undefined') {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "Both UpdateRequest.email and UpdateRequest.providerToLink.providerId='email' were set. To "
+ 'link to the email/password provider, only specify the UpdateRequest.email field.');
}
properties.email = properties.providerToLink.uid;
delete properties.providerToLink;
}
else if (properties.providerToLink.providerId === 'phone') {
if (typeof properties.phoneNumber !== 'undefined') {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "Both UpdateRequest.phoneNumber and UpdateRequest.providerToLink.providerId='phone' were set. To "
+ 'link to a phone provider, only specify the UpdateRequest.phoneNumber field.');
}
properties.phoneNumber = properties.providerToLink.uid;
delete properties.providerToLink;
}
}
if (properties?.providersToUnlink) {
if (properties.providersToUnlink.indexOf('phone') !== -1) {
// If we've been told to unlink the phone provider both via setting
// phoneNumber to null *and* by setting providersToUnlink to include
// 'phone', then we'll reject that. Though it might also be reasonable
// to relax this restriction and just unlink it.
if (properties.phoneNumber === null) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, "Both UpdateRequest.phoneNumber=null and UpdateRequest.providersToUnlink=['phone'] were set. To "
+ 'unlink from a phone provider, only specify the UpdateRequest.phoneNumber=null field.');
}
}
}
return this.authRequestHandler.updateExistingAccount(uid, properties)
.then((existingUid) => {
// Return the corresponding user record.
return this.getUser(existingUid);
});
}
/**
* Sets additional developer claims on an existing user identified by the
* provided `uid`, typically used to define user roles and levels of
* access. These claims should propagate to all devices where the user is
* already signed in (after token expiration or when token refresh is forced)
* and the next time the user signs in. If a reserved OIDC claim name
* is used (sub, iat, iss, etc), an error is thrown. They are set on the
* authenticated user's ID token JWT.
*
* See {@link https://firebase.google.com/docs/auth/admin/custom-claims |
* Defining user roles and access levels}
* for code samples and detailed documentation.
*
* @param uid - The `uid` of the user to edit.
* @param customUserClaims - The developer claims to set. If null is
* passed, existing custom claims are deleted. Passing a custom claims payload
* larger than 1000 bytes will throw an error. Custom claims are added to the
* user's ID token which is transmitted on every authenticated request.
* For profile non-access related user attributes, use database or other
* separate storage systems.
* @returns A promise that resolves when the operation completes
* successfully.
*/
setCustomUserClaims(uid, customUserClaims) {
return this.authRequestHandler.setCustomUserClaims(uid, customUserClaims)
.then(() => {
// Return nothing on success.
});
}
/**
* Revokes all refresh tokens for an existing user.
*
* This API will update the user's {@link UserRecord.tokensValidAfterTime} to
* the current UTC. It is important that the server on which this is called has
* its clock set correctly and synchronized.
*
* While this will revoke all sessions for a specified user and disable any
* new ID tokens for existing sessions from getting minted, existing ID tokens
* may remain active until their natural expiration (one hour). To verify that
* ID tokens are revoked, use {@link BaseAuth.verifyIdToken}
* where `checkRevoked` is set to true.
*
* @param uid - The `uid` corresponding to the user whose refresh tokens
* are to be revoked.
*
* @returns An empty promise fulfilled once the user's refresh
* tokens have been revoked.
*/
revokeRefreshTokens(uid) {
return this.authRequestHandler.revokeRefreshTokens(uid)
.then(() => {
// Return nothing on success.
});
}
/**
* Imports the provided list of users into Firebase Auth.
* A maximum of 1000 users are allowed to be imported one at a time.
* When importing users with passwords,
* {@link UserImportOptions} are required to be
* specified.
* This operation is optimized for bulk imports and will ignore checks on `uid`,
* `email` and other identifier uniqueness which could result in duplications.
*
* @param users - The list of user records to import to Firebase Auth.
* @param options - The user import options, required when the users provided include
* password credentials.
* @returns A promise that resolves when
* the operation completes with the result of the import. This includes the
* number of successful imports, the number of failed imports and their
* corresponding errors.
*/
importUsers(users, options) {
return this.authRequestHandler.uploadAccount(users, options);
}
/**
* Creates a new Firebase session cookie with the specified options. The created
* JWT string can be set as a server-side session cookie with a custom cookie
* policy, and be used for session management. The session cookie JWT will have
* the same payload claims as the provided ID token.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-cookies | Manage Session Cookies}
* for code samples and detailed documentation.
*
* @param idToken - The Firebase ID token to exchange for a session
* cookie.
* @param sessionCookieOptions - The session
* cookie options which includes custom session duration.
*
* @returns A promise that resolves on success with the
* created session cookie.
*/
createSessionCookie(idToken, sessionCookieOptions) {
// Return rejected promise if expiresIn is not available.
if (!validator.isNonNullObject(sessionCookieOptions) ||
!validator.isNumber(sessionCookieOptions.expiresIn)) {
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_SESSION_COOKIE_DURATION));
}
return this.authRequestHandler.createSessionCookie(idToken, sessionCookieOptions.expiresIn);
}
/**
* Verifies a Firebase session cookie. Returns a Promise with the cookie claims.
* Rejects the promise if the cookie could not be verified.
*
* If `checkRevoked` is set to true, first verifies whether the corresponding
* user is disabled: If yes, an `auth/user-disabled` error is thrown. If no,
* verifies if the session corresponding to the session cookie was revoked.
* If the corresponding user's session was invalidated, an
* `auth/session-cookie-revoked` error is thrown. If not specified the check
* is not performed.
*
* See {@link https://firebase.google.com/docs/auth/admin/manage-cookies#verify_session_cookie_and_check_permissions |
* Verify Session Cookies}
* for code samples and detailed documentation
*
* @param sessionCookie - The session cookie to verify.
* @param checkForRevocation - Whether to check if the session cookie was
* revoked. This requires an extra request to the Firebase Auth backend to
* check the `tokensValidAfterTime` time for the corresponding user.
* When not specified, this additional check is not performed.
*
* @returns A promise fulfilled with the
* session cookie's decoded claims if the session cookie is valid; otherwise,
* a rejected promise.
*/
verifySessionCookie(sessionCookie, checkRevoked = false) {
const isEmulator = (0, auth_api_request_1.useEmulator)();
return this.sessionCookieVerifier.verifyJWT(sessionCookie, isEmulator)
.then((decodedIdToken) => {
// Whether to check if the token was revoked.
if (checkRevoked || isEmulator) {
return this.verifyDecodedJWTNotRevokedOrDisabled(decodedIdToken, error_1.AuthClientErrorCode.SESSION_COOKIE_REVOKED);
}
return decodedIdToken;
});
}
/**
* Generates the out of band email action link to reset a user's password.
* The link is generated for the user with the specified email address. The
* optional {@link ActionCodeSettings} object
* defines whether the link is to be handled by a mobile app or browser and the
* additional state information to be passed in the deep link, etc.
*
* @example
* ```javascript
* var actionCodeSettings = {
* url: 'https://www.example.com/?email=user@example.com',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true,
* linkDomain: 'project-id.firebaseapp.com'
* };
* admin.auth()
* .generatePasswordResetLink('user@example.com', actionCodeSettings)
* .then(function(link) {
* // The link was successfully generated.
* })
* .catch(function(error) {
* // Some error occurred, you can inspect the code: error.code
* });
* ```
*
* @param email - The email address of the user whose password is to be
* reset.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the password reset link. The default password
* reset landing page will use this to display a link to go back to the app
* if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is whitelisted by the
* developer in the console. Otherwise an error is thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generatePasswordResetLink(email, actionCodeSettings) {
return this.authRequestHandler.getEmailActionLink('PASSWORD_RESET', email, actionCodeSettings);
}
/**
* Generates the out of band email action link to verify the user's ownership
* of the specified email. The {@link ActionCodeSettings} object provided
* as an argument to this method defines whether the link is to be handled by a
* mobile app or browser along with additional state information to be passed in
* the deep link, etc.
*
* @example
* ```javascript
* var actionCodeSettings = {
* url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true,
* linkDomain: 'project-id.firebaseapp.com'
* };
* admin.auth()
* .generateEmailVerificationLink('user@example.com', actionCodeSettings)
* .then(function(link) {
* // The link was successfully generated.
* })
* .catch(function(error) {
* // Some error occurred, you can inspect the code: error.code
* });
* ```
*
* @param email - The email account to verify.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the email verification link. The default email
* verification landing page will use this to display a link to go back to
* the app if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is whitelisted by the
* developer in the console. Otherwise an error is thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generateEmailVerificationLink(email, actionCodeSettings) {
return this.authRequestHandler.getEmailActionLink('VERIFY_EMAIL', email, actionCodeSettings);
}
/**
* Generates an out-of-band email action link to verify the user's ownership
* of the specified email. The {@link ActionCodeSettings} object provided
* as an argument to this method defines whether the link is to be handled by a
* mobile app or browser along with additional state information to be passed in
* the deep link, etc.
*
* @param email - The current email account.
* @param newEmail - The email address the account is being updated to.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the email verification link. The default email
* verification landing page will use this to display a link to go back to
* the app if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is authorized
* in the console, or an error will be thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generateVerifyAndChangeEmailLink(email, newEmail, actionCodeSettings) {
return this.authRequestHandler.getEmailActionLink('VERIFY_AND_CHANGE_EMAIL', email, actionCodeSettings, newEmail);
}
/**
* Generates the out of band email action link to verify the user's ownership
* of the specified email. The {@link ActionCodeSettings} object provided
* as an argument to this method defines whether the link is to be handled by a
* mobile app or browser along with additional state information to be passed in
* the deep link, etc.
*
* @example
* ```javascript
* var actionCodeSettings = {
* url: 'https://www.example.com/cart?email=user@example.com&cartId=123',
* iOS: {
* bundleId: 'com.example.ios'
* },
* android: {
* packageName: 'com.example.android',
* installApp: true,
* minimumVersion: '12'
* },
* handleCodeInApp: true,
* linkDomain: 'project-id.firebaseapp.com'
* };
* admin.auth()
* .generateEmailVerificationLink('user@example.com', actionCodeSettings)
* .then(function(link) {
* // The link was successfully generated.
* })
* .catch(function(error) {
* // Some error occurred, you can inspect the code: error.code
* });
* ```
*
* @param email - The email account to verify.
* @param actionCodeSettings - The action
* code settings. If specified, the state/continue URL is set as the
* "continueUrl" parameter in the email verification link. The default email
* verification landing page will use this to display a link to go back to
* the app if it is installed.
* If the actionCodeSettings is not specified, no URL is appended to the
* action URL.
* The state URL provided must belong to a domain that is whitelisted by the
* developer in the console. Otherwise an error is thrown.
* Mobile app redirects are only applicable if the developer configures
* and accepts the Firebase Dynamic Links terms of service.
* The Android package name and iOS bundle ID are respected only if they
* are configured in the same Firebase Auth project.
* @returns A promise that resolves with the generated link.
*/
generateSignInWithEmailLink(email, actionCodeSettings) {
return this.authRequestHandler.getEmailActionLink('EMAIL_SIGNIN', email, actionCodeSettings);
}
/**
* Returns the list of existing provider configurations matching the filter
* provided. At most, 100 provider configs can be listed at a time.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param options - The provider config filter to apply.
* @returns A promise that resolves with the list of provider configs meeting the
* filter requirements.
*/
listProviderConfigs(options) {
const processResponse = (response, providerConfigs) => {
// Return list of provider configuration and the next page token if available.
const result = {
providerConfigs,
};
// Delete result.pageToken if undefined.
if (Object.prototype.hasOwnProperty.call(response, 'nextPageToken')) {
result.pageToken = response.nextPageToken;
}
return result;
};
if (options && options.type === 'oidc') {
return this.authRequestHandler.listOAuthIdpConfigs(options.maxResults, options.pageToken)
.then((response) => {
// List of provider configurations to return.
const providerConfigs = [];
// Convert each provider config response to a OIDCConfig.
response.oauthIdpConfigs.forEach((configResponse) => {
providerConfigs.push(new auth_config_1.OIDCConfig(configResponse));
});
// Return list of provider configuration and the next page token if available.
return processResponse(response, providerConfigs);
});
}
else if (options && options.type === 'saml') {
return this.authRequestHandler.listInboundSamlConfigs(options.maxResults, options.pageToken)
.then((response) => {
// List of provider configurations to return.
const providerConfigs = [];
// Convert each provider config response to a SAMLConfig.
response.inboundSamlConfigs.forEach((configResponse) => {
providerConfigs.push(new auth_config_1.SAMLConfig(configResponse));
});
// Return list of provider configuration and the next page token if available.
return processResponse(response, providerConfigs);
});
}
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"AuthProviderConfigFilter.type" must be either "saml" or "oidc"'));
}
/**
* Looks up an Auth provider configuration by the provided ID.
* Returns a promise that resolves with the provider configuration
* corresponding to the provider ID specified. If the specified ID does not
* exist, an `auth/configuration-not-found` error is thrown.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param providerId - The provider ID corresponding to the provider
* config to return.
* @returns A promise that resolves
* with the configuration corresponding to the provided ID.
*/
getProviderConfig(providerId) {
if (auth_config_1.OIDCConfig.isProviderId(providerId)) {
return this.authRequestHandler.getOAuthIdpConfig(providerId)
.then((response) => {
return new auth_config_1.OIDCConfig(response);
});
}
else if (auth_config_1.SAMLConfig.isProviderId(providerId)) {
return this.authRequestHandler.getInboundSamlConfig(providerId)
.then((response) => {
return new auth_config_1.SAMLConfig(response);
});
}
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PROVIDER_ID));
}
/**
* Deletes the provider configuration corresponding to the provider ID passed.
* If the specified ID does not exist, an `auth/configuration-not-found` error
* is thrown.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param providerId - The provider ID corresponding to the provider
* config to delete.
* @returns A promise that resolves on completion.
*/
deleteProviderConfig(providerId) {
if (auth_config_1.OIDCConfig.isProviderId(providerId)) {
return this.authRequestHandler.deleteOAuthIdpConfig(providerId);
}
else if (auth_config_1.SAMLConfig.isProviderId(providerId)) {
return this.authRequestHandler.deleteInboundSamlConfig(providerId);
}
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PROVIDER_ID));
}
/**
* Returns a promise that resolves with the updated `AuthProviderConfig`
* corresponding to the provider ID specified.
* If the specified ID does not exist, an `auth/configuration-not-found` error
* is thrown.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param providerId - The provider ID corresponding to the provider
* config to update.
* @param updatedConfig - The updated configuration.
* @returns A promise that resolves with the updated provider configuration.
*/
updateProviderConfig(providerId, updatedConfig) {
if (!validator.isNonNullObject(updatedConfig)) {
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, 'Request is missing "UpdateAuthProviderRequest" configuration.'));
}
if (auth_config_1.OIDCConfig.isProviderId(providerId)) {
return this.authRequestHandler.updateOAuthIdpConfig(providerId, updatedConfig)
.then((response) => {
return new auth_config_1.OIDCConfig(response);
});
}
else if (auth_config_1.SAMLConfig.isProviderId(providerId)) {
return this.authRequestHandler.updateInboundSamlConfig(providerId, updatedConfig)
.then((response) => {
return new auth_config_1.SAMLConfig(response);
});
}
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PROVIDER_ID));
}
/**
* Returns a promise that resolves with the newly created `AuthProviderConfig`
* when the new provider configuration is created.
*
* SAML and OIDC provider support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* @param config - The provider configuration to create.
* @returns A promise that resolves with the created provider configuration.
*/
createProviderConfig(config) {
if (!validator.isNonNullObject(config)) {
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, 'Request is missing "AuthProviderConfig" configuration.'));
}
if (auth_config_1.OIDCConfig.isProviderId(config.providerId)) {
return this.authRequestHandler.createOAuthIdpConfig(config)
.then((response) => {
return new auth_config_1.OIDCConfig(response);
});
}
else if (auth_config_1.SAMLConfig.isProviderId(config.providerId)) {
return this.authRequestHandler.createInboundSamlConfig(config)
.then((response) => {
return new auth_config_1.SAMLConfig(response);
});
}
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PROVIDER_ID));
}
/** @alpha */
// eslint-disable-next-line @typescript-eslint/naming-convention
_verifyAuthBlockingToken(token, audience) {
const isEmulator = (0, auth_api_request_1.useEmulator)();
return this.authBlockingTokenVerifier._verifyAuthBlockingToken(token, isEmulator, audience)
.then((decodedAuthBlockingToken) => {
return decodedAuthBlockingToken;
});
}
/**
* Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
* resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
* or user disabled.
*
* @param decodedIdToken - The JWT's decoded claims.
* @param revocationErrorInfo - The revocation error info to throw on revocation
* detection.
* @returns A promise that will be fulfilled after a successful verification.
*/
verifyDecodedJWTNotRevokedOrDisabled(decodedIdToken, revocationErrorInfo) {
// Get tokens valid after time for the corresponding user.
return this.getUser(decodedIdToken.sub)
.then((user) => {
if (user.disabled) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.USER_DISABLED, 'The user record is disabled.');
}
// If no tokens valid after time available, token is not revoked.
if (user.tokensValidAfterTime) {
// Get the ID token authentication time and convert to milliseconds UTC.
const authTimeUtc = decodedIdToken.auth_time * 1000;
// Get user tokens valid after time in milliseconds UTC.
const validSinceUtc = new Date(user.tokensValidAfterTime).getTime();
// Check if authentication time is older than valid since time.
if (authTimeUtc < validSinceUtc) {
throw new error_1.FirebaseAuthError(revocationErrorInfo);
}
}
// All checks above passed. Return the decoded token.
return decodedIdToken;
});
}
}
exports.BaseAuth = BaseAuth;

57
server/node_modules/firebase-admin/lib/auth/identifier.d.ts generated vendored Normal file
View File

@@ -0,0 +1,57 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Used for looking up an account by uid.
*
* See {@link BaseAuth.getUsers}.
*/
export interface UidIdentifier {
uid: string;
}
/**
* Used for looking up an account by email.
*
* See {@link BaseAuth.getUsers}.
*/
export interface EmailIdentifier {
email: string;
}
/**
* Used for looking up an account by phone number.
*
* See {@link BaseAuth.getUsers}.
*/
export interface PhoneIdentifier {
phoneNumber: string;
}
/**
* Used for looking up an account by federated provider.
*
* See {@link BaseAuth.getUsers}.
*/
export interface ProviderIdentifier {
providerId: string;
providerUid: string;
}
/**
* Identifies a user to be looked up.
*/
export type UserIdentifier = UidIdentifier | EmailIdentifier | PhoneIdentifier | ProviderIdentifier;
export declare function isUidIdentifier(id: UserIdentifier): id is UidIdentifier;
export declare function isEmailIdentifier(id: UserIdentifier): id is EmailIdentifier;
export declare function isPhoneIdentifier(id: UserIdentifier): id is PhoneIdentifier;
export declare function isProviderIdentifier(id: ProviderIdentifier): id is ProviderIdentifier;

39
server/node_modules/firebase-admin/lib/auth/identifier.js generated vendored Normal file
View File

@@ -0,0 +1,39 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.isUidIdentifier = isUidIdentifier;
exports.isEmailIdentifier = isEmailIdentifier;
exports.isPhoneIdentifier = isPhoneIdentifier;
exports.isProviderIdentifier = isProviderIdentifier;
/*
* User defined type guards. See
* https://www.typescriptlang.org/docs/handbook/advanced-types.html#user-defined-type-guards
*/
function isUidIdentifier(id) {
return id.uid !== undefined;
}
function isEmailIdentifier(id) {
return id.email !== undefined;
}
function isPhoneIdentifier(id) {
return id.phoneNumber !== undefined;
}
function isProviderIdentifier(id) {
const pid = id;
return pid.providerId !== undefined && pid.providerUid !== undefined;
}

58
server/node_modules/firebase-admin/lib/auth/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,58 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Firebase Authentication.
*
* @packageDocumentation
*/
import { App } from '../app/index';
import { Auth } from './auth';
/**
* Gets the {@link Auth} service for the default app or a
* given app.
*
* `getAuth()` can be called with no arguments to access the default app's
* {@link Auth} service or as `getAuth(app)` to access the
* {@link Auth} service associated with a specific app.
*
* @example
* ```javascript
* // Get the Auth service for the default app
* const defaultAuth = getAuth();
* ```
*
* @example
* ```javascript
* // Get the Auth service for a given app
* const otherAuth = getAuth(otherApp);
* ```
*
*/
export declare function getAuth(app?: App): Auth;
export { ActionCodeSettings } from './action-code-settings-builder';
export { Auth, } from './auth';
export { AllowByDefault, AllowByDefaultWrap, AllowlistOnly, AllowlistOnlyWrap, AuthFactorType, AuthProviderConfig, AuthProviderConfigFilter, BaseAuthProviderConfig, BaseCreateMultiFactorInfoRequest, BaseUpdateMultiFactorInfoRequest, CreateMultiFactorInfoRequest, CreatePhoneMultiFactorInfoRequest, CreateRequest, EmailSignInProviderConfig, ListProviderConfigResults, MultiFactorConfig, MultiFactorConfigState, MultiFactorCreateSettings, MultiFactorUpdateSettings, MultiFactorProviderConfig, OAuthResponseType, OIDCAuthProviderConfig, OIDCUpdateAuthProviderRequest, RecaptchaAction, RecaptchaConfig, RecaptchaKey, RecaptchaKeyClientType, RecaptchaManagedRule, RecaptchaTollFraudManagedRule, RecaptchaProviderEnforcementState, SAMLAuthProviderConfig, SAMLUpdateAuthProviderRequest, SmsRegionConfig, UserProvider, UpdateAuthProviderRequest, UpdateMultiFactorInfoRequest, UpdatePhoneMultiFactorInfoRequest, UpdateRequest, TotpMultiFactorProviderConfig, PasswordPolicyConfig, PasswordPolicyEnforcementState, CustomStrengthOptionsConfig, EmailPrivacyConfig, MobileLinksConfig, MobileLinksDomain, } from './auth-config';
export { BaseAuth, DeleteUsersResult, GetUsersResult, ListUsersResult, SessionCookieOptions, } from './base-auth';
export { EmailIdentifier, PhoneIdentifier, ProviderIdentifier, UidIdentifier, UserIdentifier, } from './identifier';
export { CreateTenantRequest, Tenant, UpdateTenantRequest, } from './tenant';
export { ListTenantsResult, TenantAwareAuth, TenantManager, } from './tenant-manager';
export { UpdateProjectConfigRequest, ProjectConfig, } from './project-config';
export { ProjectConfigManager, } from './project-config-manager';
export { DecodedIdToken, DecodedAuthBlockingToken } from './token-verifier';
export { HashAlgorithmType, UserImportOptions, UserImportRecord, UserImportResult, UserMetadataRequest, UserProviderRequest, } from './user-import-builder';
export { MultiFactorInfo, MultiFactorSettings, PhoneMultiFactorInfo, UserInfo, UserMetadata, UserRecord, } from './user-record';
export { FirebaseAuthError, AuthClientErrorCode, } from '../utils/error';

78
server/node_modules/firebase-admin/lib/auth/index.js generated vendored Normal file
View File

@@ -0,0 +1,78 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthClientErrorCode = exports.FirebaseAuthError = exports.UserRecord = exports.UserMetadata = exports.UserInfo = exports.PhoneMultiFactorInfo = exports.MultiFactorSettings = exports.MultiFactorInfo = exports.ProjectConfigManager = exports.ProjectConfig = exports.TenantManager = exports.TenantAwareAuth = exports.Tenant = exports.BaseAuth = exports.Auth = void 0;
exports.getAuth = getAuth;
/**
* Firebase Authentication.
*
* @packageDocumentation
*/
const index_1 = require("../app/index");
const auth_1 = require("./auth");
/**
* Gets the {@link Auth} service for the default app or a
* given app.
*
* `getAuth()` can be called with no arguments to access the default app's
* {@link Auth} service or as `getAuth(app)` to access the
* {@link Auth} service associated with a specific app.
*
* @example
* ```javascript
* // Get the Auth service for the default app
* const defaultAuth = getAuth();
* ```
*
* @example
* ```javascript
* // Get the Auth service for a given app
* const otherAuth = getAuth(otherApp);
* ```
*
*/
function getAuth(app) {
if (typeof app === 'undefined') {
app = (0, index_1.getApp)();
}
const firebaseApp = app;
return firebaseApp.getOrInitService('auth', (app) => new auth_1.Auth(app));
}
var auth_2 = require("./auth");
Object.defineProperty(exports, "Auth", { enumerable: true, get: function () { return auth_2.Auth; } });
var base_auth_1 = require("./base-auth");
Object.defineProperty(exports, "BaseAuth", { enumerable: true, get: function () { return base_auth_1.BaseAuth; } });
var tenant_1 = require("./tenant");
Object.defineProperty(exports, "Tenant", { enumerable: true, get: function () { return tenant_1.Tenant; } });
var tenant_manager_1 = require("./tenant-manager");
Object.defineProperty(exports, "TenantAwareAuth", { enumerable: true, get: function () { return tenant_manager_1.TenantAwareAuth; } });
Object.defineProperty(exports, "TenantManager", { enumerable: true, get: function () { return tenant_manager_1.TenantManager; } });
var project_config_1 = require("./project-config");
Object.defineProperty(exports, "ProjectConfig", { enumerable: true, get: function () { return project_config_1.ProjectConfig; } });
var project_config_manager_1 = require("./project-config-manager");
Object.defineProperty(exports, "ProjectConfigManager", { enumerable: true, get: function () { return project_config_manager_1.ProjectConfigManager; } });
var user_record_1 = require("./user-record");
Object.defineProperty(exports, "MultiFactorInfo", { enumerable: true, get: function () { return user_record_1.MultiFactorInfo; } });
Object.defineProperty(exports, "MultiFactorSettings", { enumerable: true, get: function () { return user_record_1.MultiFactorSettings; } });
Object.defineProperty(exports, "PhoneMultiFactorInfo", { enumerable: true, get: function () { return user_record_1.PhoneMultiFactorInfo; } });
Object.defineProperty(exports, "UserInfo", { enumerable: true, get: function () { return user_record_1.UserInfo; } });
Object.defineProperty(exports, "UserMetadata", { enumerable: true, get: function () { return user_record_1.UserMetadata; } });
Object.defineProperty(exports, "UserRecord", { enumerable: true, get: function () { return user_record_1.UserRecord; } });
var error_1 = require("../utils/error");
Object.defineProperty(exports, "FirebaseAuthError", { enumerable: true, get: function () { return error_1.FirebaseAuthError; } });
Object.defineProperty(exports, "AuthClientErrorCode", { enumerable: true, get: function () { return error_1.AuthClientErrorCode; } });

22
server/node_modules/firebase-admin/lib/auth/project-config-manager.d.ts generated vendored Normal file
View File

@@ -0,0 +1,22 @@
/*! firebase-admin v13.5.0 */
import { ProjectConfig, UpdateProjectConfigRequest } from './project-config';
/**
* Manages (gets and updates) the current project config.
*/
export declare class ProjectConfigManager {
private readonly authRequestHandler;
/**
* Get the project configuration.
*
* @returns A promise fulfilled with the project configuration.
*/
getProjectConfig(): Promise<ProjectConfig>;
/**
* Updates an existing project configuration.
*
* @param projectConfigOptions - The properties to update on the project.
*
* @returns A promise fulfilled with the updated project config.
*/
updateProjectConfig(projectConfigOptions: UpdateProjectConfigRequest): Promise<ProjectConfig>;
}

47
server/node_modules/firebase-admin/lib/auth/project-config-manager.js generated vendored Normal file
View File

@@ -0,0 +1,47 @@
/*! firebase-admin v13.5.0 */
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ProjectConfigManager = void 0;
const project_config_1 = require("./project-config");
const auth_api_request_1 = require("./auth-api-request");
/**
* Manages (gets and updates) the current project config.
*/
class ProjectConfigManager {
/**
* Initializes a ProjectConfigManager instance for a specified FirebaseApp.
*
* @param app - The app for this ProjectConfigManager instance.
*
* @constructor
* @internal
*/
constructor(app) {
this.authRequestHandler = new auth_api_request_1.AuthRequestHandler(app);
}
/**
* Get the project configuration.
*
* @returns A promise fulfilled with the project configuration.
*/
getProjectConfig() {
return this.authRequestHandler.getProjectConfig()
.then((response) => {
return new project_config_1.ProjectConfig(response);
});
}
/**
* Updates an existing project configuration.
*
* @param projectConfigOptions - The properties to update on the project.
*
* @returns A promise fulfilled with the updated project config.
*/
updateProjectConfig(projectConfigOptions) {
return this.authRequestHandler.updateProjectConfig(projectConfigOptions)
.then((response) => {
return new project_config_1.ProjectConfig(response);
});
}
}
exports.ProjectConfigManager = ProjectConfigManager;

111
server/node_modules/firebase-admin/lib/auth/project-config.d.ts generated vendored Normal file
View File

@@ -0,0 +1,111 @@
/*! firebase-admin v13.5.0 */
import { SmsRegionConfig, MultiFactorConfig, MultiFactorAuthServerConfig, RecaptchaConfig, RecaptchaAuthServerConfig, PasswordPolicyAuthServerConfig, PasswordPolicyConfig, EmailPrivacyConfig, MobileLinksConfig } from './auth-config';
/**
* Interface representing the properties to update on the provided project config.
*/
export interface UpdateProjectConfigRequest {
/**
* The SMS configuration to update on the project.
*/
smsRegionConfig?: SmsRegionConfig;
/**
* The multi-factor auth configuration to update on the project.
*/
multiFactorConfig?: MultiFactorConfig;
/**
* The reCAPTCHA configuration to update on the project.
* By enabling reCAPTCHA Enterprise integration, you are
* agreeing to the reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
recaptchaConfig?: RecaptchaConfig;
/**
* The password policy configuration to update on the project
*/
passwordPolicyConfig?: PasswordPolicyConfig;
/**
* The email privacy configuration to update on the project
*/
emailPrivacyConfig?: EmailPrivacyConfig;
/**
* The mobile links configuration for the project
*/
mobileLinksConfig?: MobileLinksConfig;
}
/**
* Response received when getting or updating the project config.
*/
export interface ProjectConfigServerResponse {
smsRegionConfig?: SmsRegionConfig;
mfa?: MultiFactorAuthServerConfig;
recaptchaConfig?: RecaptchaAuthServerConfig;
passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
emailPrivacyConfig?: EmailPrivacyConfig;
mobileLinksConfig?: MobileLinksConfig;
}
/**
* Request to update the project config.
*/
export interface ProjectConfigClientRequest {
smsRegionConfig?: SmsRegionConfig;
mfa?: MultiFactorAuthServerConfig;
recaptchaConfig?: RecaptchaAuthServerConfig;
passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
emailPrivacyConfig?: EmailPrivacyConfig;
mobileLinksConfig?: MobileLinksConfig;
}
/**
* Represents a project configuration.
*/
export declare class ProjectConfig {
/**
* The SMS Regions Config for the project.
* Configures the regions where users are allowed to send verification SMS.
* This is based on the calling code of the destination phone number.
*/
readonly smsRegionConfig?: SmsRegionConfig;
/**
* The project's multi-factor auth configuration.
* Supports only phone and TOTP.
*/
private readonly multiFactorConfig_?;
/**
* The multi-factor auth configuration.
*/
get multiFactorConfig(): MultiFactorConfig | undefined;
/**
* The reCAPTCHA configuration to update on the project.
* By enabling reCAPTCHA Enterprise integration, you are
* agreeing to the reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
private readonly recaptchaConfig_?;
/**
* The reCAPTCHA configuration.
*/
get recaptchaConfig(): RecaptchaConfig | undefined;
/**
* The password policy configuration for the project
*/
readonly passwordPolicyConfig?: PasswordPolicyConfig;
/**
* The email privacy configuration for the project
*/
readonly emailPrivacyConfig?: EmailPrivacyConfig;
/**
* The mobile links configuration for the project
*/
readonly mobileLinksConfig?: MobileLinksConfig;
/**
* Validates a project config options object. Throws an error on failure.
*
* @param request - The project config options object to validate.
*/
private static validate;
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
}

183
server/node_modules/firebase-admin/lib/auth/project-config.js generated vendored Normal file
View File

@@ -0,0 +1,183 @@
/*! firebase-admin v13.5.0 */
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ProjectConfig = void 0;
/*!
* Copyright 2022 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
const validator = require("../utils/validator");
const error_1 = require("../utils/error");
const auth_config_1 = require("./auth-config");
const deep_copy_1 = require("../utils/deep-copy");
/**
* Represents a project configuration.
*/
class ProjectConfig {
/**
* The multi-factor auth configuration.
*/
get multiFactorConfig() {
return this.multiFactorConfig_;
}
/**
* The reCAPTCHA configuration.
*/
get recaptchaConfig() {
return this.recaptchaConfig_;
}
/**
* Validates a project config options object. Throws an error on failure.
*
* @param request - The project config options object to validate.
*/
static validate(request) {
if (!validator.isNonNullObject(request)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"UpdateProjectConfigRequest" must be a valid non-null object.');
}
const validKeys = {
smsRegionConfig: true,
multiFactorConfig: true,
recaptchaConfig: true,
passwordPolicyConfig: true,
emailPrivacyConfig: true,
mobileLinksConfig: true,
};
// Check for unsupported top level attributes.
for (const key in request) {
if (!(key in validKeys)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `"${key}" is not a valid UpdateProjectConfigRequest parameter.`);
}
}
// Validate SMS Regions Config if provided.
if (typeof request.smsRegionConfig !== 'undefined') {
auth_config_1.SmsRegionsAuthConfig.validate(request.smsRegionConfig);
}
// Validate Multi Factor Config if provided
if (typeof request.multiFactorConfig !== 'undefined') {
auth_config_1.MultiFactorAuthConfig.validate(request.multiFactorConfig);
}
// Validate reCAPTCHA config attribute.
if (typeof request.recaptchaConfig !== 'undefined') {
auth_config_1.RecaptchaAuthConfig.validate(request.recaptchaConfig);
}
// Validate Password policy Config if provided
if (typeof request.passwordPolicyConfig !== 'undefined') {
auth_config_1.PasswordPolicyAuthConfig.validate(request.passwordPolicyConfig);
}
// Validate Email Privacy Config if provided.
if (typeof request.emailPrivacyConfig !== 'undefined') {
auth_config_1.EmailPrivacyAuthConfig.validate(request.emailPrivacyConfig);
}
// Validate Mobile Links Config if provided.
if (typeof request.mobileLinksConfig !== 'undefined') {
auth_config_1.MobileLinksAuthConfig.validate(request.mobileLinksConfig);
}
}
/**
* Build the corresponding server request for a UpdateProjectConfigRequest object.
* @param configOptions - The properties to convert to a server request.
* @returns The equivalent server request.
*
* @internal
*/
static buildServerRequest(configOptions) {
ProjectConfig.validate(configOptions);
const request = {};
if (typeof configOptions.smsRegionConfig !== 'undefined') {
request.smsRegionConfig = configOptions.smsRegionConfig;
}
if (typeof configOptions.multiFactorConfig !== 'undefined') {
request.mfa = auth_config_1.MultiFactorAuthConfig.buildServerRequest(configOptions.multiFactorConfig);
}
if (typeof configOptions.recaptchaConfig !== 'undefined') {
request.recaptchaConfig = auth_config_1.RecaptchaAuthConfig.buildServerRequest(configOptions.recaptchaConfig);
}
if (typeof configOptions.passwordPolicyConfig !== 'undefined') {
request.passwordPolicyConfig = auth_config_1.PasswordPolicyAuthConfig.buildServerRequest(configOptions.passwordPolicyConfig);
}
if (typeof configOptions.emailPrivacyConfig !== 'undefined') {
request.emailPrivacyConfig = configOptions.emailPrivacyConfig;
}
if (typeof configOptions.mobileLinksConfig !== 'undefined') {
request.mobileLinksConfig = configOptions.mobileLinksConfig;
}
return request;
}
/**
* The Project Config object constructor.
*
* @param response - The server side response used to initialize the Project Config object.
* @constructor
* @internal
*/
constructor(response) {
if (typeof response.smsRegionConfig !== 'undefined') {
this.smsRegionConfig = response.smsRegionConfig;
}
//Backend API returns "mfa" in case of project config and "mfaConfig" in case of tenant config.
//The SDK exposes it as multiFactorConfig always.
if (typeof response.mfa !== 'undefined') {
this.multiFactorConfig_ = new auth_config_1.MultiFactorAuthConfig(response.mfa);
}
if (typeof response.recaptchaConfig !== 'undefined') {
this.recaptchaConfig_ = new auth_config_1.RecaptchaAuthConfig(response.recaptchaConfig);
}
if (typeof response.passwordPolicyConfig !== 'undefined') {
this.passwordPolicyConfig = new auth_config_1.PasswordPolicyAuthConfig(response.passwordPolicyConfig);
}
if (typeof response.emailPrivacyConfig !== 'undefined') {
this.emailPrivacyConfig = response.emailPrivacyConfig;
}
if (typeof response.mobileLinksConfig !== 'undefined') {
this.mobileLinksConfig = response.mobileLinksConfig;
}
}
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON() {
// JSON serialization
const json = {
smsRegionConfig: (0, deep_copy_1.deepCopy)(this.smsRegionConfig),
multiFactorConfig: (0, deep_copy_1.deepCopy)(this.multiFactorConfig),
recaptchaConfig: (0, deep_copy_1.deepCopy)(this.recaptchaConfig),
passwordPolicyConfig: (0, deep_copy_1.deepCopy)(this.passwordPolicyConfig),
emailPrivacyConfig: (0, deep_copy_1.deepCopy)(this.emailPrivacyConfig),
mobileLinksConfig: (0, deep_copy_1.deepCopy)(this.mobileLinksConfig),
};
if (typeof json.smsRegionConfig === 'undefined') {
delete json.smsRegionConfig;
}
if (typeof json.multiFactorConfig === 'undefined') {
delete json.multiFactorConfig;
}
if (typeof json.recaptchaConfig === 'undefined') {
delete json.recaptchaConfig;
}
if (typeof json.passwordPolicyConfig === 'undefined') {
delete json.passwordPolicyConfig;
}
if (typeof json.emailPrivacyConfig === 'undefined') {
delete json.emailPrivacyConfig;
}
if (typeof json.mobileLinksConfig === 'undefined') {
delete json.mobileLinksConfig;
}
return json;
}
}
exports.ProjectConfig = ProjectConfig;

146
server/node_modules/firebase-admin/lib/auth/tenant-manager.d.ts generated vendored Normal file
View File

@@ -0,0 +1,146 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2019 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { BaseAuth, SessionCookieOptions } from './base-auth';
import { Tenant, CreateTenantRequest, UpdateTenantRequest } from './tenant';
import { DecodedIdToken } from './token-verifier';
/**
* Interface representing the object returned from a
* {@link TenantManager.listTenants}
* operation.
* Contains the list of tenants for the current batch and the next page token if available.
*/
export interface ListTenantsResult {
/**
* The list of {@link Tenant} objects for the downloaded batch.
*/
tenants: Tenant[];
/**
* The next page token if available. This is needed for the next batch download.
*/
pageToken?: string;
}
/**
* Tenant-aware `Auth` interface used for managing users, configuring SAML/OIDC providers,
* generating email links for password reset, email verification, etc for specific tenants.
*
* Multi-tenancy support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* Each tenant contains its own identity providers, settings and sets of users.
* Using `TenantAwareAuth`, users for a specific tenant and corresponding OIDC/SAML
* configurations can also be managed, ID tokens for users signed in to a specific tenant
* can be verified, and email action links can also be generated for users belonging to the
* tenant.
*
* `TenantAwareAuth` instances for a specific `tenantId` can be instantiated by calling
* {@link TenantManager.authForTenant}.
*/
export declare class TenantAwareAuth extends BaseAuth {
/**
* The tenant identifier corresponding to this `TenantAwareAuth` instance.
* All calls to the user management APIs, OIDC/SAML provider management APIs, email link
* generation APIs, etc will only be applied within the scope of this tenant.
*/
readonly tenantId: string;
/**
* {@inheritdoc BaseAuth.verifyIdToken}
*/
verifyIdToken(idToken: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
/**
* {@inheritdoc BaseAuth.createSessionCookie}
*/
createSessionCookie(idToken: string, sessionCookieOptions: SessionCookieOptions): Promise<string>;
/**
* {@inheritdoc BaseAuth.verifySessionCookie}
*/
verifySessionCookie(sessionCookie: string, checkRevoked?: boolean): Promise<DecodedIdToken>;
}
/**
* Defines the tenant manager used to help manage tenant related operations.
* This includes:
* <ul>
* <li>The ability to create, update, list, get and delete tenants for the underlying
* project.</li>
* <li>Getting a `TenantAwareAuth` instance for running Auth related operations
* (user management, provider configuration management, token verification,
* email link generation, etc) in the context of a specified tenant.</li>
* </ul>
*/
export declare class TenantManager {
private readonly app;
private readonly authRequestHandler;
private readonly tenantsMap;
/**
* Returns a `TenantAwareAuth` instance bound to the given tenant ID.
*
* @param tenantId - The tenant ID whose `TenantAwareAuth` instance is to be returned.
*
* @returns The `TenantAwareAuth` instance corresponding to this tenant identifier.
*/
authForTenant(tenantId: string): TenantAwareAuth;
/**
* Gets the tenant configuration for the tenant corresponding to a given `tenantId`.
*
* @param tenantId - The tenant identifier corresponding to the tenant whose data to fetch.
*
* @returns A promise fulfilled with the tenant configuration to the provided `tenantId`.
*/
getTenant(tenantId: string): Promise<Tenant>;
/**
* Retrieves a list of tenants (single batch only) with a size of `maxResults`
* starting from the offset as specified by `pageToken`. This is used to
* retrieve all the tenants of a specified project in batches.
*
* @param maxResults - The page size, 1000 if undefined. This is also
* the maximum allowed limit.
* @param pageToken - The next page token. If not specified, returns
* tenants starting without any offset.
*
* @returns A promise that resolves with
* a batch of downloaded tenants and the next page token.
*/
listTenants(maxResults?: number, pageToken?: string): Promise<ListTenantsResult>;
/**
* Deletes an existing tenant.
*
* @param tenantId - The `tenantId` corresponding to the tenant to delete.
*
* @returns An empty promise fulfilled once the tenant has been deleted.
*/
deleteTenant(tenantId: string): Promise<void>;
/**
* Creates a new tenant.
* When creating new tenants, tenants that use separate billing and quota will require their
* own project and must be defined as `full_service`.
*
* @param tenantOptions - The properties to set on the new tenant configuration to be created.
*
* @returns A promise fulfilled with the tenant configuration corresponding to the newly
* created tenant.
*/
createTenant(tenantOptions: CreateTenantRequest): Promise<Tenant>;
/**
* Updates an existing tenant configuration.
*
* @param tenantId - The `tenantId` corresponding to the tenant to delete.
* @param tenantOptions - The properties to update on the provided tenant.
*
* @returns A promise fulfilled with the update tenant data.
*/
updateTenant(tenantId: string, tenantOptions: UpdateTenantRequest): Promise<Tenant>;
}

230
server/node_modules/firebase-admin/lib/auth/tenant-manager.js generated vendored Normal file
View File

@@ -0,0 +1,230 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2019 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.TenantManager = exports.TenantAwareAuth = void 0;
const validator = require("../utils/validator");
const utils = require("../utils/index");
const error_1 = require("../utils/error");
const base_auth_1 = require("./base-auth");
const tenant_1 = require("./tenant");
const auth_api_request_1 = require("./auth-api-request");
/**
* Tenant-aware `Auth` interface used for managing users, configuring SAML/OIDC providers,
* generating email links for password reset, email verification, etc for specific tenants.
*
* Multi-tenancy support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* Each tenant contains its own identity providers, settings and sets of users.
* Using `TenantAwareAuth`, users for a specific tenant and corresponding OIDC/SAML
* configurations can also be managed, ID tokens for users signed in to a specific tenant
* can be verified, and email action links can also be generated for users belonging to the
* tenant.
*
* `TenantAwareAuth` instances for a specific `tenantId` can be instantiated by calling
* {@link TenantManager.authForTenant}.
*/
class TenantAwareAuth extends base_auth_1.BaseAuth {
/**
* The TenantAwareAuth class constructor.
*
* @param app - The app that created this tenant.
* @param tenantId - The corresponding tenant ID.
* @constructor
* @internal
*/
constructor(app, tenantId) {
super(app, new auth_api_request_1.TenantAwareAuthRequestHandler(app, tenantId), (0, base_auth_1.createFirebaseTokenGenerator)(app, tenantId));
utils.addReadonlyGetter(this, 'tenantId', tenantId);
}
/**
* {@inheritdoc BaseAuth.verifyIdToken}
*/
verifyIdToken(idToken, checkRevoked = false) {
return super.verifyIdToken(idToken, checkRevoked)
.then((decodedClaims) => {
// Validate tenant ID.
if (decodedClaims.firebase.tenant !== this.tenantId) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISMATCHING_TENANT_ID);
}
return decodedClaims;
});
}
/**
* {@inheritdoc BaseAuth.createSessionCookie}
*/
createSessionCookie(idToken, sessionCookieOptions) {
// Validate arguments before processing.
if (!validator.isNonEmptyString(idToken)) {
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ID_TOKEN));
}
if (!validator.isNonNullObject(sessionCookieOptions) ||
!validator.isNumber(sessionCookieOptions.expiresIn)) {
return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_SESSION_COOKIE_DURATION));
}
// This will verify the ID token and then match the tenant ID before creating the session cookie.
return this.verifyIdToken(idToken)
.then(() => {
return super.createSessionCookie(idToken, sessionCookieOptions);
});
}
/**
* {@inheritdoc BaseAuth.verifySessionCookie}
*/
verifySessionCookie(sessionCookie, checkRevoked = false) {
return super.verifySessionCookie(sessionCookie, checkRevoked)
.then((decodedClaims) => {
if (decodedClaims.firebase.tenant !== this.tenantId) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISMATCHING_TENANT_ID);
}
return decodedClaims;
});
}
}
exports.TenantAwareAuth = TenantAwareAuth;
/**
* Defines the tenant manager used to help manage tenant related operations.
* This includes:
* <ul>
* <li>The ability to create, update, list, get and delete tenants for the underlying
* project.</li>
* <li>Getting a `TenantAwareAuth` instance for running Auth related operations
* (user management, provider configuration management, token verification,
* email link generation, etc) in the context of a specified tenant.</li>
* </ul>
*/
class TenantManager {
/**
* Initializes a TenantManager instance for a specified FirebaseApp.
*
* @param app - The app for this TenantManager instance.
*
* @constructor
* @internal
*/
constructor(app) {
this.app = app;
this.authRequestHandler = new auth_api_request_1.AuthRequestHandler(app);
this.tenantsMap = {};
}
/**
* Returns a `TenantAwareAuth` instance bound to the given tenant ID.
*
* @param tenantId - The tenant ID whose `TenantAwareAuth` instance is to be returned.
*
* @returns The `TenantAwareAuth` instance corresponding to this tenant identifier.
*/
authForTenant(tenantId) {
if (!validator.isNonEmptyString(tenantId)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_TENANT_ID);
}
if (typeof this.tenantsMap[tenantId] === 'undefined') {
this.tenantsMap[tenantId] = new TenantAwareAuth(this.app, tenantId);
}
return this.tenantsMap[tenantId];
}
/**
* Gets the tenant configuration for the tenant corresponding to a given `tenantId`.
*
* @param tenantId - The tenant identifier corresponding to the tenant whose data to fetch.
*
* @returns A promise fulfilled with the tenant configuration to the provided `tenantId`.
*/
getTenant(tenantId) {
return this.authRequestHandler.getTenant(tenantId)
.then((response) => {
return new tenant_1.Tenant(response);
});
}
/**
* Retrieves a list of tenants (single batch only) with a size of `maxResults`
* starting from the offset as specified by `pageToken`. This is used to
* retrieve all the tenants of a specified project in batches.
*
* @param maxResults - The page size, 1000 if undefined. This is also
* the maximum allowed limit.
* @param pageToken - The next page token. If not specified, returns
* tenants starting without any offset.
*
* @returns A promise that resolves with
* a batch of downloaded tenants and the next page token.
*/
listTenants(maxResults, pageToken) {
return this.authRequestHandler.listTenants(maxResults, pageToken)
.then((response) => {
// List of tenants to return.
const tenants = [];
// Convert each user response to a Tenant.
response.tenants.forEach((tenantResponse) => {
tenants.push(new tenant_1.Tenant(tenantResponse));
});
// Return list of tenants and the next page token if available.
const result = {
tenants,
pageToken: response.nextPageToken,
};
// Delete result.pageToken if undefined.
if (typeof result.pageToken === 'undefined') {
delete result.pageToken;
}
return result;
});
}
/**
* Deletes an existing tenant.
*
* @param tenantId - The `tenantId` corresponding to the tenant to delete.
*
* @returns An empty promise fulfilled once the tenant has been deleted.
*/
deleteTenant(tenantId) {
return this.authRequestHandler.deleteTenant(tenantId);
}
/**
* Creates a new tenant.
* When creating new tenants, tenants that use separate billing and quota will require their
* own project and must be defined as `full_service`.
*
* @param tenantOptions - The properties to set on the new tenant configuration to be created.
*
* @returns A promise fulfilled with the tenant configuration corresponding to the newly
* created tenant.
*/
createTenant(tenantOptions) {
return this.authRequestHandler.createTenant(tenantOptions)
.then((response) => {
return new tenant_1.Tenant(response);
});
}
/**
* Updates an existing tenant configuration.
*
* @param tenantId - The `tenantId` corresponding to the tenant to delete.
* @param tenantOptions - The properties to update on the provided tenant.
*
* @returns A promise fulfilled with the update tenant data.
*/
updateTenant(tenantId, tenantOptions) {
return this.authRequestHandler.updateTenant(tenantId, tenantOptions)
.then((response) => {
return new tenant_1.Tenant(response);
});
}
}
exports.TenantManager = TenantManager;

182
server/node_modules/firebase-admin/lib/auth/tenant.d.ts generated vendored Normal file
View File

@@ -0,0 +1,182 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2019 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { EmailSignInConfigServerRequest, MultiFactorAuthServerConfig, MultiFactorConfig, EmailSignInProviderConfig, SmsRegionConfig, RecaptchaConfig, RecaptchaAuthServerConfig, PasswordPolicyConfig, PasswordPolicyAuthServerConfig, EmailPrivacyConfig } from './auth-config';
/**
* Interface representing the properties to update on the provided tenant.
*/
export interface UpdateTenantRequest {
/**
* The tenant display name.
*/
displayName?: string;
/**
* The email sign in configuration.
*/
emailSignInConfig?: EmailSignInProviderConfig;
/**
* Whether the anonymous provider is enabled.
*/
anonymousSignInEnabled?: boolean;
/**
* The multi-factor auth configuration to update on the tenant.
*/
multiFactorConfig?: MultiFactorConfig;
/**
* The updated map containing the test phone number / code pairs for the tenant.
* Passing null clears the previously save phone number / code pairs.
*/
testPhoneNumbers?: {
[phoneNumber: string]: string;
} | null;
/**
* The SMS configuration to update on the project.
*/
smsRegionConfig?: SmsRegionConfig;
/**
* The reCAPTCHA configuration to update on the tenant.
* By enabling reCAPTCHA Enterprise integration, you are
* agreeing to the reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
recaptchaConfig?: RecaptchaConfig;
/**
* The password policy configuration for the tenant
*/
passwordPolicyConfig?: PasswordPolicyConfig;
/**
* The email privacy configuration for the tenant
*/
emailPrivacyConfig?: EmailPrivacyConfig;
}
/**
* Interface representing the properties to set on a new tenant.
*/
export type CreateTenantRequest = UpdateTenantRequest;
/** The corresponding server side representation of a TenantOptions object. */
export interface TenantOptionsServerRequest extends EmailSignInConfigServerRequest {
displayName?: string;
enableAnonymousUser?: boolean;
mfaConfig?: MultiFactorAuthServerConfig;
testPhoneNumbers?: {
[key: string]: string;
};
smsRegionConfig?: SmsRegionConfig;
recaptchaConfig?: RecaptchaAuthServerConfig;
passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
emailPrivacyConfig?: EmailPrivacyConfig;
}
/** The tenant server response interface. */
export interface TenantServerResponse {
name: string;
displayName?: string;
allowPasswordSignup?: boolean;
enableEmailLinkSignin?: boolean;
enableAnonymousUser?: boolean;
mfaConfig?: MultiFactorAuthServerConfig;
testPhoneNumbers?: {
[key: string]: string;
};
smsRegionConfig?: SmsRegionConfig;
recaptchaConfig?: RecaptchaAuthServerConfig;
passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
emailPrivacyConfig?: EmailPrivacyConfig;
}
/**
* Represents a tenant configuration.
*
* Multi-tenancy support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* Before multi-tenancy can be used on a Google Cloud Identity Platform project,
* tenants must be allowed on that project via the Cloud Console UI.
*
* A tenant configuration provides information such as the display name, tenant
* identifier and email authentication configuration.
* For OIDC/SAML provider configuration management, `TenantAwareAuth` instances should
* be used instead of a `Tenant` to retrieve the list of configured IdPs on a tenant.
* When configuring these providers, note that tenants will inherit
* whitelisted domains and authenticated redirect URIs of their parent project.
*
* All other settings of a tenant will also be inherited. These will need to be managed
* from the Cloud Console UI.
*/
export declare class Tenant {
/**
* The tenant identifier.
*/
readonly tenantId: string;
/**
* The tenant display name.
*/
readonly displayName?: string;
readonly anonymousSignInEnabled: boolean;
/**
* The map containing the test phone number / code pairs for the tenant.
*/
readonly testPhoneNumbers?: {
[phoneNumber: string]: string;
};
private readonly emailSignInConfig_?;
private readonly multiFactorConfig_?;
/**
* The map conatining the reCAPTCHA config.
* By enabling reCAPTCHA Enterprise Integration you are
* agreeing to reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
private readonly recaptchaConfig_?;
/**
* The SMS Regions Config to update a tenant.
* Configures the regions where users are allowed to send verification SMS.
* This is based on the calling code of the destination phone number.
*/
readonly smsRegionConfig?: SmsRegionConfig;
/**
* The password policy configuration for the tenant
*/
readonly passwordPolicyConfig?: PasswordPolicyConfig;
/**
* The email privacy configuration for the tenant
*/
readonly emailPrivacyConfig?: EmailPrivacyConfig;
/**
* Validates a tenant options object. Throws an error on failure.
*
* @param request - The tenant options object to validate.
* @param createRequest - Whether this is a create request.
*/
private static validate;
/**
* The email sign in provider configuration.
*/
get emailSignInConfig(): EmailSignInProviderConfig | undefined;
/**
* The multi-factor auth configuration on the current tenant.
*/
get multiFactorConfig(): MultiFactorConfig | undefined;
/**
* The recaptcha config auth configuration of the current tenant.
*/
get recaptchaConfig(): RecaptchaConfig | undefined;
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
}

273
server/node_modules/firebase-admin/lib/auth/tenant.js generated vendored Normal file
View File

@@ -0,0 +1,273 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2019 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.Tenant = void 0;
const validator = require("../utils/validator");
const deep_copy_1 = require("../utils/deep-copy");
const error_1 = require("../utils/error");
const auth_config_1 = require("./auth-config");
/**
* Represents a tenant configuration.
*
* Multi-tenancy support requires Google Cloud's Identity Platform
* (GCIP). To learn more about GCIP, including pricing and features,
* see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
*
* Before multi-tenancy can be used on a Google Cloud Identity Platform project,
* tenants must be allowed on that project via the Cloud Console UI.
*
* A tenant configuration provides information such as the display name, tenant
* identifier and email authentication configuration.
* For OIDC/SAML provider configuration management, `TenantAwareAuth` instances should
* be used instead of a `Tenant` to retrieve the list of configured IdPs on a tenant.
* When configuring these providers, note that tenants will inherit
* whitelisted domains and authenticated redirect URIs of their parent project.
*
* All other settings of a tenant will also be inherited. These will need to be managed
* from the Cloud Console UI.
*/
class Tenant {
/**
* Builds the corresponding server request for a TenantOptions object.
*
* @param tenantOptions - The properties to convert to a server request.
* @param createRequest - Whether this is a create request.
* @returns The equivalent server request.
*
* @internal
*/
static buildServerRequest(tenantOptions, createRequest) {
Tenant.validate(tenantOptions, createRequest);
let request = {};
if (typeof tenantOptions.emailSignInConfig !== 'undefined') {
request = auth_config_1.EmailSignInConfig.buildServerRequest(tenantOptions.emailSignInConfig);
}
if (typeof tenantOptions.displayName !== 'undefined') {
request.displayName = tenantOptions.displayName;
}
if (typeof tenantOptions.anonymousSignInEnabled !== 'undefined') {
request.enableAnonymousUser = tenantOptions.anonymousSignInEnabled;
}
if (typeof tenantOptions.multiFactorConfig !== 'undefined') {
request.mfaConfig = auth_config_1.MultiFactorAuthConfig.buildServerRequest(tenantOptions.multiFactorConfig);
}
if (typeof tenantOptions.testPhoneNumbers !== 'undefined') {
// null will clear existing test phone numbers. Translate to empty object.
request.testPhoneNumbers = tenantOptions.testPhoneNumbers ?? {};
}
if (typeof tenantOptions.smsRegionConfig !== 'undefined') {
request.smsRegionConfig = tenantOptions.smsRegionConfig;
}
if (typeof tenantOptions.recaptchaConfig !== 'undefined') {
request.recaptchaConfig = auth_config_1.RecaptchaAuthConfig.buildServerRequest(tenantOptions.recaptchaConfig);
}
if (typeof tenantOptions.passwordPolicyConfig !== 'undefined') {
request.passwordPolicyConfig = auth_config_1.PasswordPolicyAuthConfig.buildServerRequest(tenantOptions.passwordPolicyConfig);
}
if (typeof tenantOptions.emailPrivacyConfig !== 'undefined') {
request.emailPrivacyConfig = tenantOptions.emailPrivacyConfig;
}
return request;
}
/**
* Returns the tenant ID corresponding to the resource name if available.
*
* @param resourceName - The server side resource name
* @returns The tenant ID corresponding to the resource, null otherwise.
*
* @internal
*/
static getTenantIdFromResourceName(resourceName) {
// name is of form projects/project1/tenants/tenant1
const matchTenantRes = resourceName.match(/\/tenants\/(.*)$/);
if (!matchTenantRes || matchTenantRes.length < 2) {
return null;
}
return matchTenantRes[1];
}
/**
* Validates a tenant options object. Throws an error on failure.
*
* @param request - The tenant options object to validate.
* @param createRequest - Whether this is a create request.
*/
static validate(request, createRequest) {
const validKeys = {
displayName: true,
emailSignInConfig: true,
anonymousSignInEnabled: true,
multiFactorConfig: true,
testPhoneNumbers: true,
smsRegionConfig: true,
recaptchaConfig: true,
passwordPolicyConfig: true,
emailPrivacyConfig: true,
};
const label = createRequest ? 'CreateTenantRequest' : 'UpdateTenantRequest';
if (!validator.isNonNullObject(request)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `"${label}" must be a valid non-null object.`);
}
// Check for unsupported top level attributes.
for (const key in request) {
if (!(key in validKeys)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `"${key}" is not a valid ${label} parameter.`);
}
}
// Validate displayName type if provided.
if (typeof request.displayName !== 'undefined' &&
!validator.isNonEmptyString(request.displayName)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `"${label}.displayName" must be a valid non-empty string.`);
}
// Validate emailSignInConfig type if provided.
if (typeof request.emailSignInConfig !== 'undefined') {
// This will throw an error if invalid.
auth_config_1.EmailSignInConfig.buildServerRequest(request.emailSignInConfig);
}
// Validate test phone numbers if provided.
if (typeof request.testPhoneNumbers !== 'undefined' &&
request.testPhoneNumbers !== null) {
(0, auth_config_1.validateTestPhoneNumbers)(request.testPhoneNumbers);
}
else if (request.testPhoneNumbers === null && createRequest) {
// null allowed only for update operations.
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `"${label}.testPhoneNumbers" must be a non-null object.`);
}
// Validate multiFactorConfig type if provided.
if (typeof request.multiFactorConfig !== 'undefined') {
// This will throw an error if invalid.
auth_config_1.MultiFactorAuthConfig.buildServerRequest(request.multiFactorConfig);
}
// Validate SMS Regions Config if provided.
if (typeof request.smsRegionConfig !== 'undefined') {
auth_config_1.SmsRegionsAuthConfig.validate(request.smsRegionConfig);
}
// Validate reCAPTCHAConfig type if provided.
if (typeof request.recaptchaConfig !== 'undefined') {
auth_config_1.RecaptchaAuthConfig.buildServerRequest(request.recaptchaConfig);
}
// Validate passwordPolicyConfig type if provided.
if (typeof request.passwordPolicyConfig !== 'undefined') {
// This will throw an error if invalid.
auth_config_1.PasswordPolicyAuthConfig.buildServerRequest(request.passwordPolicyConfig);
}
// Validate Email Privacy Config if provided.
if (typeof request.emailPrivacyConfig !== 'undefined') {
auth_config_1.EmailPrivacyAuthConfig.validate(request.emailPrivacyConfig);
}
}
/**
* The Tenant object constructor.
*
* @param response - The server side response used to initialize the Tenant object.
* @constructor
* @internal
*/
constructor(response) {
const tenantId = Tenant.getTenantIdFromResourceName(response.name);
if (!tenantId) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid tenant response');
}
this.tenantId = tenantId;
this.displayName = response.displayName;
try {
this.emailSignInConfig_ = new auth_config_1.EmailSignInConfig(response);
}
catch (e) {
// If allowPasswordSignup is undefined, it is disabled by default.
this.emailSignInConfig_ = new auth_config_1.EmailSignInConfig({
allowPasswordSignup: false,
});
}
this.anonymousSignInEnabled = !!response.enableAnonymousUser;
if (typeof response.mfaConfig !== 'undefined') {
this.multiFactorConfig_ = new auth_config_1.MultiFactorAuthConfig(response.mfaConfig);
}
if (typeof response.testPhoneNumbers !== 'undefined') {
this.testPhoneNumbers = (0, deep_copy_1.deepCopy)(response.testPhoneNumbers || {});
}
if (typeof response.smsRegionConfig !== 'undefined') {
this.smsRegionConfig = (0, deep_copy_1.deepCopy)(response.smsRegionConfig);
}
if (typeof response.recaptchaConfig !== 'undefined') {
this.recaptchaConfig_ = new auth_config_1.RecaptchaAuthConfig(response.recaptchaConfig);
}
if (typeof response.passwordPolicyConfig !== 'undefined') {
this.passwordPolicyConfig = new auth_config_1.PasswordPolicyAuthConfig(response.passwordPolicyConfig);
}
if (typeof response.emailPrivacyConfig !== 'undefined') {
this.emailPrivacyConfig = (0, deep_copy_1.deepCopy)(response.emailPrivacyConfig);
}
}
/**
* The email sign in provider configuration.
*/
get emailSignInConfig() {
return this.emailSignInConfig_;
}
/**
* The multi-factor auth configuration on the current tenant.
*/
get multiFactorConfig() {
return this.multiFactorConfig_;
}
/**
* The recaptcha config auth configuration of the current tenant.
*/
get recaptchaConfig() {
return this.recaptchaConfig_;
}
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON() {
const json = {
tenantId: this.tenantId,
displayName: this.displayName,
emailSignInConfig: this.emailSignInConfig_?.toJSON(),
multiFactorConfig: this.multiFactorConfig_?.toJSON(),
anonymousSignInEnabled: this.anonymousSignInEnabled,
testPhoneNumbers: this.testPhoneNumbers,
smsRegionConfig: (0, deep_copy_1.deepCopy)(this.smsRegionConfig),
recaptchaConfig: (0, deep_copy_1.deepCopy)(this.recaptchaConfig),
passwordPolicyConfig: (0, deep_copy_1.deepCopy)(this.passwordPolicyConfig),
emailPrivacyConfig: (0, deep_copy_1.deepCopy)(this.emailPrivacyConfig),
};
if (typeof json.multiFactorConfig === 'undefined') {
delete json.multiFactorConfig;
}
if (typeof json.testPhoneNumbers === 'undefined') {
delete json.testPhoneNumbers;
}
if (typeof json.smsRegionConfig === 'undefined') {
delete json.smsRegionConfig;
}
if (typeof json.recaptchaConfig === 'undefined') {
delete json.recaptchaConfig;
}
if (typeof json.passwordPolicyConfig === 'undefined') {
delete json.passwordPolicyConfig;
}
if (typeof json.emailPrivacyConfig === 'undefined') {
delete json.emailPrivacyConfig;
}
return json;
}
}
exports.Tenant = Tenant;

43
server/node_modules/firebase-admin/lib/auth/token-generator.d.ts generated vendored Normal file
View File

@@ -0,0 +1,43 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { CryptoSigner } from '../utils/crypto-signer';
import { Algorithm } from 'jsonwebtoken';
export declare const BLACKLISTED_CLAIMS: string[];
/**
* A CryptoSigner implementation that is used when communicating with the Auth emulator.
* It produces unsigned tokens.
*/
export declare class EmulatedSigner implements CryptoSigner {
algorithm: Algorithm;
/**
* @inheritDoc
*/
sign(buffer: Buffer): Promise<Buffer>;
/**
* @inheritDoc
*/
getAccountId(): Promise<string>;
}
/**
* Creates a new FirebaseAuthError by extracting the error code, message and other relevant
* details from a CryptoSignerError.
*
* @param err - The Error to convert into a FirebaseAuthError error
* @returns A Firebase Auth error that can be returned to the user.
*/
export declare function handleCryptoSignerError(err: Error): Error;

198
server/node_modules/firebase-admin/lib/auth/token-generator.js generated vendored Normal file
View File

@@ -0,0 +1,198 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseTokenGenerator = exports.EmulatedSigner = exports.BLACKLISTED_CLAIMS = void 0;
exports.handleCryptoSignerError = handleCryptoSignerError;
const error_1 = require("../utils/error");
const crypto_signer_1 = require("../utils/crypto-signer");
const validator = require("../utils/validator");
const utils_1 = require("../utils");
const ALGORITHM_NONE = 'none';
const ONE_HOUR_IN_SECONDS = 60 * 60;
// List of blacklisted claims which cannot be provided when creating a custom token
exports.BLACKLISTED_CLAIMS = [
'acr', 'amr', 'at_hash', 'aud', 'auth_time', 'azp', 'cnf', 'c_hash', 'exp', 'iat', 'iss', 'jti',
'nbf', 'nonce',
];
// Audience to use for Firebase Auth Custom tokens
const FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
/**
* A CryptoSigner implementation that is used when communicating with the Auth emulator.
* It produces unsigned tokens.
*/
class EmulatedSigner {
constructor() {
this.algorithm = ALGORITHM_NONE;
}
/**
* @inheritDoc
*/
// eslint-disable-next-line @typescript-eslint/no-unused-vars
sign(buffer) {
return Promise.resolve(Buffer.from(''));
}
/**
* @inheritDoc
*/
getAccountId() {
return Promise.resolve('firebase-auth-emulator@example.com');
}
}
exports.EmulatedSigner = EmulatedSigner;
/**
* Class for generating different types of Firebase Auth tokens (JWTs).
*
* @internal
*/
class FirebaseTokenGenerator {
/**
* @param tenantId - The tenant ID to use for the generated Firebase Auth
* Custom token. If absent, then no tenant ID claim will be set in the
* resulting JWT.
*/
constructor(signer, tenantId) {
this.tenantId = tenantId;
if (!validator.isNonNullObject(signer)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, 'INTERNAL ASSERT: Must provide a CryptoSigner to use FirebaseTokenGenerator.');
}
if (typeof this.tenantId !== 'undefined' && !validator.isNonEmptyString(this.tenantId)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '`tenantId` argument must be a non-empty string.');
}
this.signer = signer;
}
/**
* Creates a new Firebase Auth Custom token.
*
* @param uid - The user ID to use for the generated Firebase Auth Custom token.
* @param developerClaims - Optional developer claims to include in the generated Firebase
* Auth Custom token.
* @returns A Promise fulfilled with a Firebase Auth Custom token signed with a
* service account key and containing the provided payload.
*/
createCustomToken(uid, developerClaims) {
let errorMessage;
if (!validator.isNonEmptyString(uid)) {
errorMessage = '`uid` argument must be a non-empty string uid.';
}
else if (uid.length > 128) {
errorMessage = '`uid` argument must a uid with less than or equal to 128 characters.';
}
else if (!this.isDeveloperClaimsValid_(developerClaims)) {
errorMessage = '`developerClaims` argument must be a valid, non-null object containing the developer claims.';
}
if (errorMessage) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
}
const claims = {};
if (typeof developerClaims !== 'undefined') {
for (const key in developerClaims) {
/* istanbul ignore else */
if (Object.prototype.hasOwnProperty.call(developerClaims, key)) {
if (exports.BLACKLISTED_CLAIMS.indexOf(key) !== -1) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `Developer claim "${key}" is reserved and cannot be specified.`);
}
claims[key] = developerClaims[key];
}
}
}
return this.signer.getAccountId().then((account) => {
const header = {
alg: this.signer.algorithm,
typ: 'JWT',
};
const iat = Math.floor(Date.now() / 1000);
const body = {
aud: FIREBASE_AUDIENCE,
iat,
exp: iat + ONE_HOUR_IN_SECONDS,
iss: account,
sub: account,
uid,
};
if (this.tenantId) {
body.tenant_id = this.tenantId;
}
if (Object.keys(claims).length > 0) {
body.claims = claims;
}
const token = `${this.encodeSegment(header)}.${this.encodeSegment(body)}`;
const signPromise = this.signer.sign(Buffer.from(token));
return Promise.all([token, signPromise]);
}).then(([token, signature]) => {
return `${token}.${this.encodeSegment(signature)}`;
}).catch((err) => {
throw handleCryptoSignerError(err);
});
}
encodeSegment(segment) {
const buffer = (segment instanceof Buffer) ? segment : Buffer.from(JSON.stringify(segment));
return (0, utils_1.toWebSafeBase64)(buffer).replace(/=+$/, '');
}
/**
* Returns whether or not the provided developer claims are valid.
*
* @param developerClaims - Optional developer claims to validate.
* @returns True if the provided claims are valid; otherwise, false.
*/
// eslint-disable-next-line @typescript-eslint/naming-convention
isDeveloperClaimsValid_(developerClaims) {
if (typeof developerClaims === 'undefined') {
return true;
}
return validator.isNonNullObject(developerClaims);
}
}
exports.FirebaseTokenGenerator = FirebaseTokenGenerator;
/**
* Creates a new FirebaseAuthError by extracting the error code, message and other relevant
* details from a CryptoSignerError.
*
* @param err - The Error to convert into a FirebaseAuthError error
* @returns A Firebase Auth error that can be returned to the user.
*/
function handleCryptoSignerError(err) {
if (!(err instanceof crypto_signer_1.CryptoSignerError)) {
return err;
}
if (err.code === crypto_signer_1.CryptoSignerErrorCode.SERVER_ERROR && validator.isNonNullObject(err.cause)) {
const httpError = err.cause;
const errorResponse = httpError.response.data;
if (validator.isNonNullObject(errorResponse) && errorResponse.error) {
const errorCode = errorResponse.error.status;
const description = 'Please refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens ' +
'for more details on how to use and troubleshoot this feature.';
const errorMsg = `${errorResponse.error.message}; ${description}`;
return error_1.FirebaseAuthError.fromServerError(errorCode, errorMsg, errorResponse);
}
return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'Error returned from server: ' + errorResponse + '. Additionally, an ' +
'internal error occurred while attempting to extract the ' +
'errorcode from the error.');
}
return new error_1.FirebaseAuthError(mapToAuthClientErrorCode(err.code), err.message);
}
function mapToAuthClientErrorCode(code) {
switch (code) {
case crypto_signer_1.CryptoSignerErrorCode.INVALID_CREDENTIAL:
return error_1.AuthClientErrorCode.INVALID_CREDENTIAL;
case crypto_signer_1.CryptoSignerErrorCode.INVALID_ARGUMENT:
return error_1.AuthClientErrorCode.INVALID_ARGUMENT;
default:
return error_1.AuthClientErrorCode.INTERNAL_ERROR;
}
}

219
server/node_modules/firebase-admin/lib/auth/token-verifier.d.ts generated vendored Normal file
View File

@@ -0,0 +1,219 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Interface representing a decoded Firebase ID token, returned from the
* {@link BaseAuth.verifyIdToken} method.
*
* Firebase ID tokens are OpenID Connect spec-compliant JSON Web Tokens (JWTs).
* See the
* [ID Token section of the OpenID Connect spec](http://openid.net/specs/openid-connect-core-1_0.html#IDToken)
* for more information about the specific properties below.
*/
export interface DecodedIdToken {
/**
* The audience for which this token is intended.
*
* This value is a string equal to your Firebase project ID, the unique
* identifier for your Firebase project, which can be found in [your project's
* settings](https://console.firebase.google.com/project/_/settings/general/android:com.random.android).
*/
aud: string;
/**
* Time, in seconds since the Unix epoch, when the end-user authentication
* occurred.
*
* This value is not set when this particular ID token was created, but when the
* user initially logged in to this session. In a single session, the Firebase
* SDKs will refresh a user's ID tokens every hour. Each ID token will have a
* different [`iat`](#iat) value, but the same `auth_time` value.
*/
auth_time: number;
/**
* The email of the user to whom the ID token belongs, if available.
*/
email?: string;
/**
* Whether or not the email of the user to whom the ID token belongs is
* verified, provided the user has an email.
*/
email_verified?: boolean;
/**
* The ID token's expiration time, in seconds since the Unix epoch. That is, the
* time at which this ID token expires and should no longer be considered valid.
*
* The Firebase SDKs transparently refresh ID tokens every hour, issuing a new
* ID token with up to a one hour expiration.
*/
exp: number;
/**
* Information about the sign in event, including which sign in provider was
* used and provider-specific identity details.
*
* This data is provided by the Firebase Authentication service and is a
* reserved claim in the ID token.
*/
firebase: {
/**
* Provider-specific identity details corresponding
* to the provider used to sign in the user.
*/
identities: {
[key: string]: any;
};
/**
* The ID of the provider used to sign in the user.
* One of `"anonymous"`, `"password"`, `"facebook.com"`, `"github.com"`,
* `"google.com"`, `"twitter.com"`, `"apple.com"`, `"microsoft.com"`,
* `"yahoo.com"`, `"phone"`, `"playgames.google.com"`, `"gc.apple.com"`,
* or `"custom"`.
*
* Additional Identity Platform provider IDs include `"linkedin.com"`,
* OIDC and SAML identity providers prefixed with `"saml."` and `"oidc."`
* respectively.
*/
sign_in_provider: string;
/**
* The type identifier or `factorId` of the second factor, provided the
* ID token was obtained from a multi-factor authenticated user.
* For phone, this is `"phone"`.
*/
sign_in_second_factor?: string;
/**
* The `uid` of the second factor used to sign in, provided the
* ID token was obtained from a multi-factor authenticated user.
*/
second_factor_identifier?: string;
/**
* The ID of the tenant the user belongs to, if available.
*/
tenant?: string;
[key: string]: any;
};
/**
* The ID token's issued-at time, in seconds since the Unix epoch. That is, the
* time at which this ID token was issued and should start to be considered
* valid.
*
* The Firebase SDKs transparently refresh ID tokens every hour, issuing a new
* ID token with a new issued-at time. If you want to get the time at which the
* user session corresponding to the ID token initially occurred, see the
* [`auth_time`](#auth_time) property.
*/
iat: number;
/**
* The issuer identifier for the issuer of the response.
*
* This value is a URL with the format
* `https://securetoken.google.com/<PROJECT_ID>`, where `<PROJECT_ID>` is the
* same project ID specified in the [`aud`](#aud) property.
*/
iss: string;
/**
* The phone number of the user to whom the ID token belongs, if available.
*/
phone_number?: string;
/**
* The photo URL for the user to whom the ID token belongs, if available.
*/
picture?: string;
/**
* The `uid` corresponding to the user who the ID token belonged to.
*
* As a convenience, this value is copied over to the [`uid`](#uid) property.
*/
sub: string;
/**
* The `uid` corresponding to the user who the ID token belonged to.
*
* This value is not actually in the JWT token claims itself. It is added as a
* convenience, and is set as the value of the [`sub`](#sub) property.
*/
uid: string;
/**
* Other arbitrary claims included in the ID token.
*/
[key: string]: any;
}
/** @alpha */
export interface DecodedAuthBlockingSharedUserInfo {
uid: string;
display_name?: string;
email?: string;
photo_url?: string;
phone_number?: string;
}
/** @alpha */
export interface DecodedAuthBlockingMetadata {
creation_time?: number;
last_sign_in_time?: number;
}
/** @alpha */
export interface DecodedAuthBlockingUserInfo extends DecodedAuthBlockingSharedUserInfo {
provider_id: string;
}
/** @alpha */
export interface DecodedAuthBlockingMfaInfo {
uid: string;
display_name?: string;
phone_number?: string;
enrollment_time?: string;
factor_id?: string;
}
/** @alpha */
export interface DecodedAuthBlockingEnrolledFactors {
enrolled_factors?: DecodedAuthBlockingMfaInfo[];
}
/** @alpha */
export interface DecodedAuthBlockingUserRecord extends DecodedAuthBlockingSharedUserInfo {
email_verified?: boolean;
disabled?: boolean;
metadata?: DecodedAuthBlockingMetadata;
password_hash?: string;
password_salt?: string;
provider_data?: DecodedAuthBlockingUserInfo[];
multi_factor?: DecodedAuthBlockingEnrolledFactors;
custom_claims?: any;
tokens_valid_after_time?: number;
tenant_id?: string;
[key: string]: any;
}
/** @alpha */
export interface DecodedAuthBlockingToken {
aud: string;
exp: number;
iat: number;
iss: string;
sub: string;
event_id: string;
event_type: string;
ip_address: string;
user_agent?: string;
locale?: string;
sign_in_method?: string;
user_record?: DecodedAuthBlockingUserRecord;
tenant_id?: string;
raw_user_info?: string;
sign_in_attributes?: {
[key: string]: any;
};
oauth_id_token?: string;
oauth_access_token?: string;
oauth_refresh_token?: string;
oauth_token_secret?: string;
oauth_expires_in?: number;
[key: string]: any;
}

316
server/node_modules/firebase-admin/lib/auth/token-verifier.js generated vendored Normal file
View File

@@ -0,0 +1,316 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseTokenVerifier = exports.SESSION_COOKIE_INFO = exports.AUTH_BLOCKING_TOKEN_INFO = exports.ID_TOKEN_INFO = void 0;
exports.createIdTokenVerifier = createIdTokenVerifier;
exports.createAuthBlockingTokenVerifier = createAuthBlockingTokenVerifier;
exports.createSessionCookieVerifier = createSessionCookieVerifier;
const error_1 = require("../utils/error");
const util = require("../utils/index");
const validator = require("../utils/validator");
const jwt_1 = require("../utils/jwt");
// Audience to use for Firebase Auth Custom tokens
const FIREBASE_AUDIENCE = 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit';
// URL containing the public keys for the Google certs (whose private keys are used to sign Firebase
// Auth ID tokens)
const CLIENT_CERT_URL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com';
// URL containing the public keys for Firebase session cookies. This will be updated to a different URL soon.
const SESSION_COOKIE_CERT_URL = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys';
const EMULATOR_VERIFIER = new jwt_1.EmulatorSignatureVerifier();
/**
* User facing token information related to the Firebase ID token.
*
* @internal
*/
exports.ID_TOKEN_INFO = {
url: 'https://firebase.google.com/docs/auth/admin/verify-id-tokens',
verifyApiName: 'verifyIdToken()',
jwtName: 'Firebase ID token',
shortName: 'ID token',
expiredErrorCode: error_1.AuthClientErrorCode.ID_TOKEN_EXPIRED,
};
/**
* User facing token information related to the Firebase Auth Blocking token.
*
* @internal
*/
exports.AUTH_BLOCKING_TOKEN_INFO = {
url: 'https://cloud.google.com/identity-platform/docs/blocking-functions',
verifyApiName: '_verifyAuthBlockingToken()',
jwtName: 'Firebase Auth Blocking token',
shortName: 'Auth Blocking token',
expiredErrorCode: error_1.AuthClientErrorCode.AUTH_BLOCKING_TOKEN_EXPIRED,
};
/**
* User facing token information related to the Firebase session cookie.
*
* @internal
*/
exports.SESSION_COOKIE_INFO = {
url: 'https://firebase.google.com/docs/auth/admin/manage-cookies',
verifyApiName: 'verifySessionCookie()',
jwtName: 'Firebase session cookie',
shortName: 'session cookie',
expiredErrorCode: error_1.AuthClientErrorCode.SESSION_COOKIE_EXPIRED,
};
/**
* Class for verifying general purpose Firebase JWTs. This verifies ID tokens and session cookies.
*
* @internal
*/
class FirebaseTokenVerifier {
constructor(clientCertUrl, issuer, tokenInfo, app) {
this.issuer = issuer;
this.tokenInfo = tokenInfo;
this.app = app;
if (!validator.isURL(clientCertUrl)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided public client certificate URL is an invalid URL.');
}
else if (!validator.isURL(issuer)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided JWT issuer is an invalid URL.');
}
else if (!validator.isNonNullObject(tokenInfo)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided JWT information is not an object or null.');
}
else if (!validator.isURL(tokenInfo.url)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The provided JWT verification documentation URL is invalid.');
}
else if (!validator.isNonEmptyString(tokenInfo.verifyApiName)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT verify API name must be a non-empty string.');
}
else if (!validator.isNonEmptyString(tokenInfo.jwtName)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT public full name must be a non-empty string.');
}
else if (!validator.isNonEmptyString(tokenInfo.shortName)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT public short name must be a non-empty string.');
}
else if (!validator.isNonNullObject(tokenInfo.expiredErrorCode) || !('code' in tokenInfo.expiredErrorCode)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'The JWT expiration error code must be a non-null ErrorInfo object.');
}
this.shortNameArticle = tokenInfo.shortName.charAt(0).match(/[aeiou]/i) ? 'an' : 'a';
this.signatureVerifier =
jwt_1.PublicKeySignatureVerifier.withCertificateUrl(clientCertUrl, app.options.httpAgent);
// For backward compatibility, the project ID is validated in the verification call.
}
/**
* Verifies the format and signature of a Firebase Auth JWT token.
*
* @param jwtToken - The Firebase Auth JWT token to verify.
* @param isEmulator - Whether to accept Auth Emulator tokens.
* @returns A promise fulfilled with the decoded claims of the Firebase Auth ID token.
*/
verifyJWT(jwtToken, isEmulator = false) {
if (!validator.isString(jwtToken)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `First argument to ${this.tokenInfo.verifyApiName} must be a ${this.tokenInfo.jwtName} string.`);
}
return this.ensureProjectId()
.then((projectId) => {
return this.decodeAndVerify(jwtToken, projectId, isEmulator);
})
.then((decoded) => {
const decodedIdToken = decoded.payload;
decodedIdToken.uid = decodedIdToken.sub;
return decodedIdToken;
});
}
/** @alpha */
// eslint-disable-next-line @typescript-eslint/naming-convention
_verifyAuthBlockingToken(jwtToken, isEmulator, audience) {
if (!validator.isString(jwtToken)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, `First argument to ${this.tokenInfo.verifyApiName} must be a ${this.tokenInfo.jwtName} string.`);
}
return this.ensureProjectId()
.then((projectId) => {
if (typeof audience === 'undefined') {
audience = `${projectId}.cloudfunctions.net/`;
}
return this.decodeAndVerify(jwtToken, projectId, isEmulator, audience);
})
.then((decoded) => {
const decodedAuthBlockingToken = decoded.payload;
decodedAuthBlockingToken.uid = decodedAuthBlockingToken.sub;
return decodedAuthBlockingToken;
});
}
ensureProjectId() {
return util.findProjectId(this.app)
.then((projectId) => {
if (!validator.isNonEmptyString(projectId)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CREDENTIAL, 'Must initialize app with a cert credential or set your Firebase project ID as the ' +
`GOOGLE_CLOUD_PROJECT environment variable to call ${this.tokenInfo.verifyApiName}.`);
}
return Promise.resolve(projectId);
});
}
decodeAndVerify(token, projectId, isEmulator, audience) {
return this.safeDecode(token)
.then((decodedToken) => {
this.verifyContent(decodedToken, projectId, isEmulator, audience);
return this.verifySignature(token, isEmulator)
.then(() => decodedToken);
});
}
safeDecode(jwtToken) {
return (0, jwt_1.decodeJwt)(jwtToken)
.catch((err) => {
if (err.code === jwt_1.JwtErrorCode.INVALID_ARGUMENT) {
const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
`for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
const errorMessage = `Decoding ${this.tokenInfo.jwtName} failed. Make sure you passed ` +
`the entire string JWT which represents ${this.shortNameArticle} ` +
`${this.tokenInfo.shortName}.` + verifyJwtTokenDocsMessage;
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
}
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, err.message);
});
}
/**
* Verifies the content of a Firebase Auth JWT.
*
* @param fullDecodedToken - The decoded JWT.
* @param projectId - The Firebase Project Id.
* @param isEmulator - Whether the token is an Emulator token.
*/
verifyContent(fullDecodedToken, projectId, isEmulator, audience) {
const header = fullDecodedToken && fullDecodedToken.header;
const payload = fullDecodedToken && fullDecodedToken.payload;
const projectIdMatchMessage = ` Make sure the ${this.tokenInfo.shortName} comes from the same ` +
'Firebase project as the service account used to authenticate this SDK.';
const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
`for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
let errorMessage;
if (!isEmulator && typeof header.kid === 'undefined') {
const isCustomToken = (payload.aud === FIREBASE_AUDIENCE);
const isLegacyCustomToken = (header.alg === 'HS256' && payload.v === 0 && 'd' in payload && 'uid' in payload.d);
if (isCustomToken) {
errorMessage = `${this.tokenInfo.verifyApiName} expects ${this.shortNameArticle} ` +
`${this.tokenInfo.shortName}, but was given a custom token.`;
}
else if (isLegacyCustomToken) {
errorMessage = `${this.tokenInfo.verifyApiName} expects ${this.shortNameArticle} ` +
`${this.tokenInfo.shortName}, but was given a legacy custom token.`;
}
else {
errorMessage = `${this.tokenInfo.jwtName} has no "kid" claim.`;
}
errorMessage += verifyJwtTokenDocsMessage;
}
else if (!isEmulator && header.alg !== jwt_1.ALGORITHM_RS256) {
errorMessage = `${this.tokenInfo.jwtName} has incorrect algorithm. Expected "` + jwt_1.ALGORITHM_RS256 + '" but got ' +
'"' + header.alg + '".' + verifyJwtTokenDocsMessage;
}
else if (typeof audience !== 'undefined' && !payload.aud.includes(audience)) {
errorMessage = `${this.tokenInfo.jwtName} has incorrect "aud" (audience) claim. Expected "` +
audience + '" but got "' + payload.aud + '".' + verifyJwtTokenDocsMessage;
}
else if (typeof audience === 'undefined' && payload.aud !== projectId) {
errorMessage = `${this.tokenInfo.jwtName} has incorrect "aud" (audience) claim. Expected "` +
projectId + '" but got "' + payload.aud + '".' + projectIdMatchMessage +
verifyJwtTokenDocsMessage;
}
else if (payload.iss !== this.issuer + projectId) {
errorMessage = `${this.tokenInfo.jwtName} has incorrect "iss" (issuer) claim. Expected ` +
`"${this.issuer}` + projectId + '" but got "' +
payload.iss + '".' + projectIdMatchMessage + verifyJwtTokenDocsMessage;
}
else if (!(payload.event_type !== undefined &&
(payload.event_type === 'beforeSendSms' || payload.event_type === 'beforeSendEmail'))) {
// excluding `beforeSendSms` and `beforeSendEmail` from processing `sub` as there is no user record available.
// `sub` is the same as `uid` which is part of the user record.
if (typeof payload.sub !== 'string') {
errorMessage = `${this.tokenInfo.jwtName} has no "sub" (subject) claim.` + verifyJwtTokenDocsMessage;
}
else if (payload.sub === '') {
errorMessage = `${this.tokenInfo.jwtName} has an empty "sub" (subject) claim.` +
verifyJwtTokenDocsMessage;
}
else if (payload.sub.length > 128) {
errorMessage = `${this.tokenInfo.jwtName} has a "sub" (subject) claim longer than 128 characters.` +
verifyJwtTokenDocsMessage;
}
}
if (errorMessage) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
}
}
verifySignature(jwtToken, isEmulator) {
const verifier = isEmulator ? EMULATOR_VERIFIER : this.signatureVerifier;
return verifier.verify(jwtToken)
.catch((error) => {
throw this.mapJwtErrorToAuthError(error);
});
}
/**
* Maps JwtError to FirebaseAuthError
*
* @param error - JwtError to be mapped.
* @returns FirebaseAuthError or Error instance.
*/
mapJwtErrorToAuthError(error) {
const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
`for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
if (error.code === jwt_1.JwtErrorCode.TOKEN_EXPIRED) {
const errorMessage = `${this.tokenInfo.jwtName} has expired. Get a fresh ${this.tokenInfo.shortName}` +
` from your client app and try again (auth/${this.tokenInfo.expiredErrorCode.code}).` +
verifyJwtTokenDocsMessage;
return new error_1.FirebaseAuthError(this.tokenInfo.expiredErrorCode, errorMessage);
}
else if (error.code === jwt_1.JwtErrorCode.INVALID_SIGNATURE) {
const errorMessage = `${this.tokenInfo.jwtName} has invalid signature.` + verifyJwtTokenDocsMessage;
return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
}
else if (error.code === jwt_1.JwtErrorCode.NO_MATCHING_KID) {
const errorMessage = `${this.tokenInfo.jwtName} has "kid" claim which does not ` +
`correspond to a known public key. Most likely the ${this.tokenInfo.shortName} ` +
'is expired, so get a fresh token from your client app and try again.';
return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, errorMessage);
}
return new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, error.message);
}
}
exports.FirebaseTokenVerifier = FirebaseTokenVerifier;
/**
* Creates a new FirebaseTokenVerifier to verify Firebase ID tokens.
*
* @internal
* @param app - Firebase app instance.
* @returns FirebaseTokenVerifier
*/
function createIdTokenVerifier(app) {
return new FirebaseTokenVerifier(CLIENT_CERT_URL, 'https://securetoken.google.com/', exports.ID_TOKEN_INFO, app);
}
/**
* Creates a new FirebaseTokenVerifier to verify Firebase Auth Blocking tokens.
*
* @internal
* @param app - Firebase app instance.
* @returns FirebaseTokenVerifier
*/
function createAuthBlockingTokenVerifier(app) {
return new FirebaseTokenVerifier(CLIENT_CERT_URL, 'https://securetoken.google.com/', exports.AUTH_BLOCKING_TOKEN_INFO, app);
}
/**
* Creates a new FirebaseTokenVerifier to verify Firebase session cookies.
*
* @internal
* @param app - Firebase app instance.
* @returns FirebaseTokenVerifier
*/
function createSessionCookieVerifier(app) {
return new FirebaseTokenVerifier(SESSION_COOKIE_CERT_URL, 'https://session.firebase.google.com/', exports.SESSION_COOKIE_INFO, app);
}

321
server/node_modules/firebase-admin/lib/auth/user-import-builder.d.ts generated vendored Normal file
View File

@@ -0,0 +1,321 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { FirebaseArrayIndexError } from '../app/index';
import { UpdateMultiFactorInfoRequest, MultiFactorUpdateSettings } from './auth-config';
export type HashAlgorithmType = 'SCRYPT' | 'STANDARD_SCRYPT' | 'HMAC_SHA512' | 'HMAC_SHA256' | 'HMAC_SHA1' | 'HMAC_MD5' | 'MD5' | 'PBKDF_SHA1' | 'BCRYPT' | 'PBKDF2_SHA256' | 'SHA512' | 'SHA256' | 'SHA1';
/**
* Interface representing the user import options needed for
* {@link BaseAuth.importUsers} method. This is used to
* provide the password hashing algorithm information.
*/
export interface UserImportOptions {
/**
* The password hashing information.
*/
hash: {
/**
* The password hashing algorithm identifier. The following algorithm
* identifiers are supported:
* `SCRYPT`, `STANDARD_SCRYPT`, `HMAC_SHA512`, `HMAC_SHA256`, `HMAC_SHA1`,
* `HMAC_MD5`, `MD5`, `PBKDF_SHA1`, `BCRYPT`, `PBKDF2_SHA256`, `SHA512`,
* `SHA256` and `SHA1`.
*/
algorithm: HashAlgorithmType;
/**
* The signing key used in the hash algorithm in buffer bytes.
* Required by hashing algorithms `SCRYPT`, `HMAC_SHA512`, `HMAC_SHA256`,
* `HAMC_SHA1` and `HMAC_MD5`.
*/
key?: Buffer;
/**
* The salt separator in buffer bytes which is appended to salt when
* verifying a password. This is only used by the `SCRYPT` algorithm.
*/
saltSeparator?: Buffer;
/**
* The number of rounds for hashing calculation.
* Required for `SCRYPT`, `MD5`, `SHA512`, `SHA256`, `SHA1`, `PBKDF_SHA1` and
* `PBKDF2_SHA256`.
*/
rounds?: number;
/**
* The memory cost required for `SCRYPT` algorithm, or the CPU/memory cost.
* Required for `STANDARD_SCRYPT` algorithm.
*/
memoryCost?: number;
/**
* The parallelization of the hashing algorithm. Required for the
* `STANDARD_SCRYPT` algorithm.
*/
parallelization?: number;
/**
* The block size (normally 8) of the hashing algorithm. Required for the
* `STANDARD_SCRYPT` algorithm.
*/
blockSize?: number;
/**
* The derived key length of the hashing algorithm. Required for the
* `STANDARD_SCRYPT` algorithm.
*/
derivedKeyLength?: number;
};
}
/**
* Interface representing a user to import to Firebase Auth via the
* {@link BaseAuth.importUsers} method.
*/
export interface UserImportRecord {
/**
* The user's `uid`.
*/
uid: string;
/**
* The user's primary email, if set.
*/
email?: string;
/**
* Whether or not the user's primary email is verified.
*/
emailVerified?: boolean;
/**
* The user's display name.
*/
displayName?: string;
/**
* The user's primary phone number, if set.
*/
phoneNumber?: string;
/**
* The user's photo URL.
*/
photoURL?: string;
/**
* Whether or not the user is disabled: `true` for disabled; `false` for
* enabled.
*/
disabled?: boolean;
/**
* Additional metadata about the user.
*/
metadata?: UserMetadataRequest;
/**
* An array of providers (for example, Google, Facebook) linked to the user.
*/
providerData?: UserProviderRequest[];
/**
* The user's custom claims object if available, typically used to define
* user roles and propagated to an authenticated user's ID token.
*/
customClaims?: {
[key: string]: any;
};
/**
* The buffer of bytes representing the user's hashed password.
* When a user is to be imported with a password hash,
* {@link UserImportOptions} are required to be
* specified to identify the hashing algorithm used to generate this hash.
*/
passwordHash?: Buffer;
/**
* The buffer of bytes representing the user's password salt.
*/
passwordSalt?: Buffer;
/**
* The identifier of the tenant where user is to be imported to.
* When not provided in an `admin.auth.Auth` context, the user is uploaded to
* the default parent project.
* When not provided in an `admin.auth.TenantAwareAuth` context, the user is uploaded
* to the tenant corresponding to that `TenantAwareAuth` instance's tenant ID.
*/
tenantId?: string;
/**
* The user's multi-factor related properties.
*/
multiFactor?: MultiFactorUpdateSettings;
}
/**
* User metadata to include when importing a user.
*/
export interface UserMetadataRequest {
/**
* The date the user last signed in, formatted as a UTC string.
*/
lastSignInTime?: string;
/**
* The date the user was created, formatted as a UTC string.
*/
creationTime?: string;
}
/**
* User provider data to include when importing a user.
*/
export interface UserProviderRequest {
/**
* The user identifier for the linked provider.
*/
uid: string;
/**
* The display name for the linked provider.
*/
displayName?: string;
/**
* The email for the linked provider.
*/
email?: string;
/**
* The phone number for the linked provider.
*/
phoneNumber?: string;
/**
* The photo URL for the linked provider.
*/
photoURL?: string;
/**
* The linked provider ID (for example, "google.com" for the Google provider).
*/
providerId: string;
}
/**
* Interface representing the response from the
* {@link BaseAuth.importUsers} method for batch
* importing users to Firebase Auth.
*/
export interface UserImportResult {
/**
* The number of user records that failed to import to Firebase Auth.
*/
failureCount: number;
/**
* The number of user records that successfully imported to Firebase Auth.
*/
successCount: number;
/**
* An array of errors corresponding to the provided users to import. The
* length of this array is equal to [`failureCount`](#failureCount).
*/
errors: FirebaseArrayIndexError[];
}
/** Interface representing an Auth second factor in Auth server format. */
export interface AuthFactorInfo {
mfaEnrollmentId?: string;
displayName?: string;
phoneInfo?: string;
enrolledAt?: string;
[key: string]: any;
}
/** UploadAccount endpoint request user interface. */
interface UploadAccountUser {
localId: string;
email?: string;
emailVerified?: boolean;
displayName?: string;
disabled?: boolean;
photoUrl?: string;
phoneNumber?: string;
providerUserInfo?: Array<{
rawId: string;
providerId: string;
email?: string;
displayName?: string;
photoUrl?: string;
}>;
mfaInfo?: AuthFactorInfo[];
passwordHash?: string;
salt?: string;
lastLoginAt?: number;
createdAt?: number;
customAttributes?: string;
tenantId?: string;
}
/** UploadAccount endpoint request hash options. */
export interface UploadAccountOptions {
hashAlgorithm?: string;
signerKey?: string;
rounds?: number;
memoryCost?: number;
saltSeparator?: string;
cpuMemCost?: number;
parallelization?: number;
blockSize?: number;
dkLen?: number;
}
/** UploadAccount endpoint complete request interface. */
export interface UploadAccountRequest extends UploadAccountOptions {
users?: UploadAccountUser[];
}
/** Callback function to validate an UploadAccountUser object. */
export type ValidatorFunction = (data: UploadAccountUser) => void;
/**
* Converts a client format second factor object to server format.
* @param multiFactorInfo - The client format second factor.
* @returns The corresponding AuthFactorInfo server request format.
*/
export declare function convertMultiFactorInfoToServerFormat(multiFactorInfo: UpdateMultiFactorInfoRequest): AuthFactorInfo;
/**
* Class that provides a helper for building/validating uploadAccount requests and
* UserImportResult responses.
*/
export declare class UserImportBuilder {
private requiresHashOptions;
private validatedUsers;
private validatedOptions;
private indexMap;
private userImportResultErrors;
/**
* @param {UserImportRecord[]} users The list of user records to import.
* @param {UserImportOptions=} options The import options which includes hashing
* algorithm details.
* @param {ValidatorFunction=} userRequestValidator The user request validator function.
* @constructor
*/
constructor(users: UserImportRecord[], options?: UserImportOptions, userRequestValidator?: ValidatorFunction);
/**
* Returns the corresponding constructed uploadAccount request.
* @returns {UploadAccountRequest} The constructed uploadAccount request.
*/
buildRequest(): UploadAccountRequest;
/**
* Populates the UserImportResult using the client side detected errors and the server
* side returned errors.
* @returns {UserImportResult} The user import result based on the returned failed
* uploadAccount response.
*/
buildResponse(failedUploads: Array<{
index: number;
message: string;
}>): UserImportResult;
/**
* Validates and returns the hashing options of the uploadAccount request.
* Throws an error whenever an invalid or missing options is detected.
* @param {UserImportOptions} options The UserImportOptions.
* @param {boolean} requiresHashOptions Whether to require hash options.
* @returns {UploadAccountOptions} The populated UploadAccount options.
*/
private populateOptions;
/**
* Validates and returns the users list of the uploadAccount request.
* Whenever a user with an error is detected, the error is cached and will later be
* merged into the user import result. This allows the processing of valid users without
* failing early on the first error detected.
* @param {UserImportRecord[]} users The UserImportRecords to convert to UnploadAccountUser
* objects.
* @param {ValidatorFunction=} userValidator The user validator function.
* @returns {UploadAccountUser[]} The populated uploadAccount users.
*/
private populateUsers;
}
export {};

384
server/node_modules/firebase-admin/lib/auth/user-import-builder.js generated vendored Normal file
View File

@@ -0,0 +1,384 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.UserImportBuilder = void 0;
exports.convertMultiFactorInfoToServerFormat = convertMultiFactorInfoToServerFormat;
const deep_copy_1 = require("../utils/deep-copy");
const utils = require("../utils");
const validator = require("../utils/validator");
const error_1 = require("../utils/error");
/**
* Converts a client format second factor object to server format.
* @param multiFactorInfo - The client format second factor.
* @returns The corresponding AuthFactorInfo server request format.
*/
function convertMultiFactorInfoToServerFormat(multiFactorInfo) {
let enrolledAt;
if (typeof multiFactorInfo.enrollmentTime !== 'undefined') {
if (validator.isUTCDateString(multiFactorInfo.enrollmentTime)) {
// Convert from UTC date string (client side format) to ISO date string (server side format).
enrolledAt = new Date(multiFactorInfo.enrollmentTime).toISOString();
}
else {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ENROLLMENT_TIME, `The second factor "enrollmentTime" for "${multiFactorInfo.uid}" must be a valid ` +
'UTC date string.');
}
}
// Currently only phone second factors are supported.
if (isPhoneFactor(multiFactorInfo)) {
// If any required field is missing or invalid, validation will still fail later.
const authFactorInfo = {
mfaEnrollmentId: multiFactorInfo.uid,
displayName: multiFactorInfo.displayName,
// Required for all phone second factors.
phoneInfo: multiFactorInfo.phoneNumber,
enrolledAt,
};
for (const objKey in authFactorInfo) {
if (typeof authFactorInfo[objKey] === 'undefined') {
delete authFactorInfo[objKey];
}
}
return authFactorInfo;
}
else {
// Unsupported second factor.
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.UNSUPPORTED_SECOND_FACTOR, `Unsupported second factor "${JSON.stringify(multiFactorInfo)}" provided.`);
}
}
function isPhoneFactor(multiFactorInfo) {
return multiFactorInfo.factorId === 'phone';
}
/**
* @param {any} obj The object to check for number field within.
* @param {string} key The entry key.
* @returns {number} The corresponding number if available. Otherwise, NaN.
*/
function getNumberField(obj, key) {
if (typeof obj[key] !== 'undefined' && obj[key] !== null) {
return parseInt(obj[key].toString(), 10);
}
return NaN;
}
/**
* Converts a UserImportRecord to a UploadAccountUser object. Throws an error when invalid
* fields are provided.
* @param {UserImportRecord} user The UserImportRecord to conver to UploadAccountUser.
* @param {ValidatorFunction=} userValidator The user validator function.
* @returns {UploadAccountUser} The corresponding UploadAccountUser to return.
*/
function populateUploadAccountUser(user, userValidator) {
const result = {
localId: user.uid,
email: user.email,
emailVerified: user.emailVerified,
displayName: user.displayName,
disabled: user.disabled,
photoUrl: user.photoURL,
phoneNumber: user.phoneNumber,
providerUserInfo: [],
mfaInfo: [],
tenantId: user.tenantId,
customAttributes: user.customClaims && JSON.stringify(user.customClaims),
};
if (typeof user.passwordHash !== 'undefined') {
if (!validator.isBuffer(user.passwordHash)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PASSWORD_HASH);
}
result.passwordHash = utils.toWebSafeBase64(user.passwordHash);
}
if (typeof user.passwordSalt !== 'undefined') {
if (!validator.isBuffer(user.passwordSalt)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_PASSWORD_SALT);
}
result.salt = utils.toWebSafeBase64(user.passwordSalt);
}
if (validator.isNonNullObject(user.metadata)) {
if (validator.isNonEmptyString(user.metadata.creationTime)) {
result.createdAt = new Date(user.metadata.creationTime).getTime();
}
if (validator.isNonEmptyString(user.metadata.lastSignInTime)) {
result.lastLoginAt = new Date(user.metadata.lastSignInTime).getTime();
}
}
if (validator.isArray(user.providerData)) {
user.providerData.forEach((providerData) => {
result.providerUserInfo.push({
providerId: providerData.providerId,
rawId: providerData.uid,
email: providerData.email,
displayName: providerData.displayName,
photoUrl: providerData.photoURL,
});
});
}
// Convert user.multiFactor.enrolledFactors to server format.
if (validator.isNonNullObject(user.multiFactor) &&
validator.isNonEmptyArray(user.multiFactor.enrolledFactors)) {
user.multiFactor.enrolledFactors.forEach((multiFactorInfo) => {
result.mfaInfo.push(convertMultiFactorInfoToServerFormat(multiFactorInfo));
});
}
// Remove blank fields.
let key;
for (key in result) {
if (typeof result[key] === 'undefined') {
delete result[key];
}
}
if (result.providerUserInfo.length === 0) {
delete result.providerUserInfo;
}
if (result.mfaInfo.length === 0) {
delete result.mfaInfo;
}
// Validate the constructured user individual request. This will throw if an error
// is detected.
if (typeof userValidator === 'function') {
userValidator(result);
}
return result;
}
/**
* Class that provides a helper for building/validating uploadAccount requests and
* UserImportResult responses.
*/
class UserImportBuilder {
/**
* @param {UserImportRecord[]} users The list of user records to import.
* @param {UserImportOptions=} options The import options which includes hashing
* algorithm details.
* @param {ValidatorFunction=} userRequestValidator The user request validator function.
* @constructor
*/
constructor(users, options, userRequestValidator) {
this.requiresHashOptions = false;
this.validatedUsers = [];
this.userImportResultErrors = [];
this.indexMap = {};
this.validatedUsers = this.populateUsers(users, userRequestValidator);
this.validatedOptions = this.populateOptions(options, this.requiresHashOptions);
}
/**
* Returns the corresponding constructed uploadAccount request.
* @returns {UploadAccountRequest} The constructed uploadAccount request.
*/
buildRequest() {
const users = this.validatedUsers.map((user) => {
return (0, deep_copy_1.deepCopy)(user);
});
return (0, deep_copy_1.deepExtend)({ users }, (0, deep_copy_1.deepCopy)(this.validatedOptions));
}
/**
* Populates the UserImportResult using the client side detected errors and the server
* side returned errors.
* @returns {UserImportResult} The user import result based on the returned failed
* uploadAccount response.
*/
buildResponse(failedUploads) {
// Initialize user import result.
const importResult = {
successCount: this.validatedUsers.length,
failureCount: this.userImportResultErrors.length,
errors: (0, deep_copy_1.deepCopy)(this.userImportResultErrors),
};
importResult.failureCount += failedUploads.length;
importResult.successCount -= failedUploads.length;
failedUploads.forEach((failedUpload) => {
importResult.errors.push({
// Map backend request index to original developer provided array index.
index: this.indexMap[failedUpload.index],
error: new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_USER_IMPORT, failedUpload.message),
});
});
// Sort errors by index.
importResult.errors.sort((a, b) => {
return a.index - b.index;
});
// Return sorted result.
return importResult;
}
/**
* Validates and returns the hashing options of the uploadAccount request.
* Throws an error whenever an invalid or missing options is detected.
* @param {UserImportOptions} options The UserImportOptions.
* @param {boolean} requiresHashOptions Whether to require hash options.
* @returns {UploadAccountOptions} The populated UploadAccount options.
*/
populateOptions(options, requiresHashOptions) {
let populatedOptions;
if (!requiresHashOptions) {
return {};
}
if (!validator.isNonNullObject(options)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"UserImportOptions" are required when importing users with passwords.');
}
if (!validator.isNonNullObject(options.hash)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISSING_HASH_ALGORITHM, '"hash.algorithm" is missing from the provided "UserImportOptions".');
}
if (typeof options.hash.algorithm === 'undefined' ||
!validator.isNonEmptyString(options.hash.algorithm)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ALGORITHM, '"hash.algorithm" must be a string matching the list of supported algorithms.');
}
let rounds;
switch (options.hash.algorithm) {
case 'HMAC_SHA512':
case 'HMAC_SHA256':
case 'HMAC_SHA1':
case 'HMAC_MD5':
if (!validator.isBuffer(options.hash.key)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_KEY, 'A non-empty "hash.key" byte buffer must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
populatedOptions = {
hashAlgorithm: options.hash.algorithm,
signerKey: utils.toWebSafeBase64(options.hash.key),
};
break;
case 'MD5':
case 'SHA1':
case 'SHA256':
case 'SHA512': {
// MD5 is [0,8192] but SHA1, SHA256, and SHA512 are [1,8192]
rounds = getNumberField(options.hash, 'rounds');
const minRounds = options.hash.algorithm === 'MD5' ? 0 : 1;
if (isNaN(rounds) || rounds < minRounds || rounds > 8192) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ROUNDS, `A valid "hash.rounds" number between ${minRounds} and 8192 must be provided for ` +
`hash algorithm ${options.hash.algorithm}.`);
}
populatedOptions = {
hashAlgorithm: options.hash.algorithm,
rounds,
};
break;
}
case 'PBKDF_SHA1':
case 'PBKDF2_SHA256':
rounds = getNumberField(options.hash, 'rounds');
if (isNaN(rounds) || rounds < 0 || rounds > 120000) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ROUNDS, 'A valid "hash.rounds" number between 0 and 120000 must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
populatedOptions = {
hashAlgorithm: options.hash.algorithm,
rounds,
};
break;
case 'SCRYPT': {
if (!validator.isBuffer(options.hash.key)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_KEY, 'A "hash.key" byte buffer must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
rounds = getNumberField(options.hash, 'rounds');
if (isNaN(rounds) || rounds <= 0 || rounds > 8) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ROUNDS, 'A valid "hash.rounds" number between 1 and 8 must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
const memoryCost = getNumberField(options.hash, 'memoryCost');
if (isNaN(memoryCost) || memoryCost <= 0 || memoryCost > 14) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_MEMORY_COST, 'A valid "hash.memoryCost" number between 1 and 14 must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
if (typeof options.hash.saltSeparator !== 'undefined' &&
!validator.isBuffer(options.hash.saltSeparator)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_SALT_SEPARATOR, '"hash.saltSeparator" must be a byte buffer.');
}
populatedOptions = {
hashAlgorithm: options.hash.algorithm,
signerKey: utils.toWebSafeBase64(options.hash.key),
rounds,
memoryCost,
saltSeparator: utils.toWebSafeBase64(options.hash.saltSeparator || Buffer.from('')),
};
break;
}
case 'BCRYPT':
populatedOptions = {
hashAlgorithm: options.hash.algorithm,
};
break;
case 'STANDARD_SCRYPT': {
const cpuMemCost = getNumberField(options.hash, 'memoryCost');
if (isNaN(cpuMemCost)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_MEMORY_COST, 'A valid "hash.memoryCost" number must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
const parallelization = getNumberField(options.hash, 'parallelization');
if (isNaN(parallelization)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_PARALLELIZATION, 'A valid "hash.parallelization" number must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
const blockSize = getNumberField(options.hash, 'blockSize');
if (isNaN(blockSize)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_BLOCK_SIZE, 'A valid "hash.blockSize" number must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
const dkLen = getNumberField(options.hash, 'derivedKeyLength');
if (isNaN(dkLen)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_DERIVED_KEY_LENGTH, 'A valid "hash.derivedKeyLength" number must be provided for ' +
`hash algorithm ${options.hash.algorithm}.`);
}
populatedOptions = {
hashAlgorithm: options.hash.algorithm,
cpuMemCost,
parallelization,
blockSize,
dkLen,
};
break;
}
default:
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_HASH_ALGORITHM, `Unsupported hash algorithm provider "${options.hash.algorithm}".`);
}
return populatedOptions;
}
/**
* Validates and returns the users list of the uploadAccount request.
* Whenever a user with an error is detected, the error is cached and will later be
* merged into the user import result. This allows the processing of valid users without
* failing early on the first error detected.
* @param {UserImportRecord[]} users The UserImportRecords to convert to UnploadAccountUser
* objects.
* @param {ValidatorFunction=} userValidator The user validator function.
* @returns {UploadAccountUser[]} The populated uploadAccount users.
*/
populateUsers(users, userValidator) {
const populatedUsers = [];
users.forEach((user, index) => {
try {
const result = populateUploadAccountUser(user, userValidator);
if (typeof result.passwordHash !== 'undefined') {
this.requiresHashOptions = true;
}
// Only users that pass client screening will be passed to backend for processing.
populatedUsers.push(result);
// Map user's index (the one to be sent to backend) to original developer provided array.
this.indexMap[populatedUsers.length - 1] = index;
}
catch (error) {
// Save the client side error with respect to the developer provided array.
this.userImportResultErrors.push({
index,
error,
});
}
});
return populatedUsers;
}
}
exports.UserImportBuilder = UserImportBuilder;

289
server/node_modules/firebase-admin/lib/auth/user-record.d.ts generated vendored Normal file
View File

@@ -0,0 +1,289 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
export interface MultiFactorInfoResponse {
mfaEnrollmentId: string;
displayName?: string;
phoneInfo?: string;
totpInfo?: TotpInfoResponse;
enrolledAt?: string;
[key: string]: unknown;
}
export interface TotpInfoResponse {
[key: string]: unknown;
}
export interface ProviderUserInfoResponse {
rawId: string;
displayName?: string;
email?: string;
photoUrl?: string;
phoneNumber?: string;
providerId: string;
federatedId?: string;
}
export interface GetAccountInfoUserResponse {
localId: string;
email?: string;
emailVerified?: boolean;
phoneNumber?: string;
displayName?: string;
photoUrl?: string;
disabled?: boolean;
passwordHash?: string;
salt?: string;
customAttributes?: string;
validSince?: string;
tenantId?: string;
providerUserInfo?: ProviderUserInfoResponse[];
mfaInfo?: MultiFactorInfoResponse[];
createdAt?: string;
lastLoginAt?: string;
lastRefreshAt?: string;
[key: string]: any;
}
/**
* Interface representing the common properties of a user-enrolled second factor.
*/
export declare abstract class MultiFactorInfo {
/**
* The ID of the enrolled second factor. This ID is unique to the user.
*/
readonly uid: string;
/**
* The optional display name of the enrolled second factor.
*/
readonly displayName?: string;
/**
* The type identifier of the second factor.
* For SMS second factors, this is `phone`.
* For TOTP second factors, this is `totp`.
*/
readonly factorId: string;
/**
* The optional date the second factor was enrolled, formatted as a UTC string.
*/
readonly enrollmentTime?: string;
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
/**
* Initializes the MultiFactorInfo object using the provided server response.
*
* @param response - The server side response.
*/
private initFromServerResponse;
}
/**
* Interface representing a phone specific user-enrolled second factor.
*/
export declare class PhoneMultiFactorInfo extends MultiFactorInfo {
/**
* The phone number associated with a phone second factor.
*/
readonly phoneNumber: string;
/**
* {@inheritdoc MultiFactorInfo.toJSON}
*/
toJSON(): object;
}
/**
* `TotpInfo` struct associated with a second factor
*/
export declare class TotpInfo {
}
/**
* Interface representing a TOTP specific user-enrolled second factor.
*/
export declare class TotpMultiFactorInfo extends MultiFactorInfo {
/**
* `TotpInfo` struct associated with a second factor
*/
readonly totpInfo: TotpInfo;
/**
* {@inheritdoc MultiFactorInfo.toJSON}
*/
toJSON(): object;
}
/**
* The multi-factor related user settings.
*/
export declare class MultiFactorSettings {
/**
* List of second factors enrolled with the current user.
* Currently only phone and TOTP second factors are supported.
*/
enrolledFactors: MultiFactorInfo[];
/**
* Returns a JSON-serializable representation of this multi-factor object.
*
* @returns A JSON-serializable representation of this multi-factor object.
*/
toJSON(): object;
}
/**
* Represents a user's metadata.
*/
export declare class UserMetadata {
/**
* The date the user was created, formatted as a UTC string.
*/
readonly creationTime: string;
/**
* The date the user last signed in, formatted as a UTC string.
*/
readonly lastSignInTime: string;
/**
* The time at which the user was last active (ID token refreshed),
* formatted as a UTC Date string (eg 'Sat, 03 Feb 2001 04:05:06 GMT').
* Returns null if the user was never active.
*/
readonly lastRefreshTime?: string | null;
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
}
/**
* Represents a user's info from a third-party identity provider
* such as Google or Facebook.
*/
export declare class UserInfo {
/**
* The user identifier for the linked provider.
*/
readonly uid: string;
/**
* The display name for the linked provider.
*/
readonly displayName: string;
/**
* The email for the linked provider.
*/
readonly email: string;
/**
* The photo URL for the linked provider.
*/
readonly photoURL: string;
/**
* The linked provider ID (for example, "google.com" for the Google provider).
*/
readonly providerId: string;
/**
* The phone number for the linked provider.
*/
readonly phoneNumber: string;
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
}
/**
* Represents a user.
*/
export declare class UserRecord {
/**
* The user's `uid`.
*/
readonly uid: string;
/**
* The user's primary email, if set.
*/
readonly email?: string;
/**
* Whether or not the user's primary email is verified.
*/
readonly emailVerified: boolean;
/**
* The user's display name.
*/
readonly displayName?: string;
/**
* The user's photo URL.
*/
readonly photoURL?: string;
/**
* The user's primary phone number, if set.
*/
readonly phoneNumber?: string;
/**
* Whether or not the user is disabled: `true` for disabled; `false` for
* enabled.
*/
readonly disabled: boolean;
/**
* Additional metadata about the user.
*/
readonly metadata: UserMetadata;
/**
* An array of providers (for example, Google, Facebook) linked to the user.
*/
readonly providerData: UserInfo[];
/**
* The user's hashed password (base64-encoded), only if Firebase Auth hashing
* algorithm (SCRYPT) is used. If a different hashing algorithm had been used
* when uploading this user, as is typical when migrating from another Auth
* system, this will be an empty string. If no password is set, this is
* null. This is only available when the user is obtained from
* {@link BaseAuth.listUsers}.
*/
readonly passwordHash?: string;
/**
* The user's password salt (base64-encoded), only if Firebase Auth hashing
* algorithm (SCRYPT) is used. If a different hashing algorithm had been used to
* upload this user, typical when migrating from another Auth system, this will
* be an empty string. If no password is set, this is null. This is only
* available when the user is obtained from {@link BaseAuth.listUsers}.
*/
readonly passwordSalt?: string;
/**
* The user's custom claims object if available, typically used to define
* user roles and propagated to an authenticated user's ID token.
* This is set via {@link BaseAuth.setCustomUserClaims}
*/
readonly customClaims?: {
[key: string]: any;
};
/**
* The ID of the tenant the user belongs to, if available.
*/
readonly tenantId?: string | null;
/**
* The date the user's tokens are valid after, formatted as a UTC string.
* This is updated every time the user's refresh token are revoked either
* from the {@link BaseAuth.revokeRefreshTokens}
* API or from the Firebase Auth backend on big account changes (password
* resets, password or email updates, etc).
*/
readonly tokensValidAfterTime?: string;
/**
* The multi-factor related properties for the current user, if available.
*/
readonly multiFactor?: MultiFactorSettings;
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON(): object;
}

411
server/node_modules/firebase-admin/lib/auth/user-record.js generated vendored Normal file
View File

@@ -0,0 +1,411 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.UserRecord = exports.UserInfo = exports.UserMetadata = exports.MultiFactorSettings = exports.TotpMultiFactorInfo = exports.TotpInfo = exports.PhoneMultiFactorInfo = exports.MultiFactorInfo = void 0;
const deep_copy_1 = require("../utils/deep-copy");
const validator_1 = require("../utils/validator");
const utils = require("../utils");
const error_1 = require("../utils/error");
/**
* 'REDACTED', encoded as a base64 string.
*/
const B64_REDACTED = Buffer.from('REDACTED').toString('base64');
/**
* Parses a time stamp string or number and returns the corresponding date if valid.
*
* @param time - The unix timestamp string or number in milliseconds.
* @returns The corresponding date as a UTC string, if valid. Otherwise, null.
*/
function parseDate(time) {
try {
const date = new Date(parseInt(time, 10));
if (!isNaN(date.getTime())) {
return date.toUTCString();
}
}
catch (e) {
// Do nothing. null will be returned.
}
return null;
}
var MultiFactorId;
(function (MultiFactorId) {
MultiFactorId["Phone"] = "phone";
MultiFactorId["Totp"] = "totp";
})(MultiFactorId || (MultiFactorId = {}));
/**
* Interface representing the common properties of a user-enrolled second factor.
*/
class MultiFactorInfo {
/**
* Initializes the MultiFactorInfo associated subclass using the server side.
* If no MultiFactorInfo is associated with the response, null is returned.
*
* @param response - The server side response.
* @internal
*/
static initMultiFactorInfo(response) {
let multiFactorInfo = null;
// PhoneMultiFactorInfo, TotpMultiFactorInfo currently available.
try {
if (response.phoneInfo !== undefined) {
multiFactorInfo = new PhoneMultiFactorInfo(response);
}
else if (response.totpInfo !== undefined) {
multiFactorInfo = new TotpMultiFactorInfo(response);
}
else {
// Ignore the other SDK unsupported MFA factors to prevent blocking developers using the current SDK.
}
}
catch (e) {
// Ignore error.
}
return multiFactorInfo;
}
/**
* Initializes the MultiFactorInfo object using the server side response.
*
* @param response - The server side response.
* @constructor
* @internal
*/
constructor(response) {
this.initFromServerResponse(response);
}
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON() {
return {
uid: this.uid,
displayName: this.displayName,
factorId: this.factorId,
enrollmentTime: this.enrollmentTime,
};
}
/**
* Initializes the MultiFactorInfo object using the provided server response.
*
* @param response - The server side response.
*/
initFromServerResponse(response) {
const factorId = response && this.getFactorId(response);
if (!factorId || !response || !response.mfaEnrollmentId) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid multi-factor info response');
}
utils.addReadonlyGetter(this, 'uid', response.mfaEnrollmentId);
utils.addReadonlyGetter(this, 'factorId', factorId);
utils.addReadonlyGetter(this, 'displayName', response.displayName);
// Encoded using [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format.
// For example, "2017-01-15T01:30:15.01Z".
// This can be parsed directly via Date constructor.
// This can be computed using Data.prototype.toISOString.
if (response.enrolledAt) {
utils.addReadonlyGetter(this, 'enrollmentTime', new Date(response.enrolledAt).toUTCString());
}
else {
utils.addReadonlyGetter(this, 'enrollmentTime', null);
}
}
}
exports.MultiFactorInfo = MultiFactorInfo;
/**
* Interface representing a phone specific user-enrolled second factor.
*/
class PhoneMultiFactorInfo extends MultiFactorInfo {
/**
* Initializes the PhoneMultiFactorInfo object using the server side response.
*
* @param response - The server side response.
* @constructor
* @internal
*/
constructor(response) {
super(response);
utils.addReadonlyGetter(this, 'phoneNumber', response.phoneInfo);
}
/**
* {@inheritdoc MultiFactorInfo.toJSON}
*/
toJSON() {
return Object.assign(super.toJSON(), {
phoneNumber: this.phoneNumber,
});
}
/**
* Returns the factor ID based on the response provided.
*
* @param response - The server side response.
* @returns The multi-factor ID associated with the provided response. If the response is
* not associated with any known multi-factor ID, null is returned.
*
* @internal
*/
getFactorId(response) {
return (response && response.phoneInfo) ? MultiFactorId.Phone : null;
}
}
exports.PhoneMultiFactorInfo = PhoneMultiFactorInfo;
/**
* `TotpInfo` struct associated with a second factor
*/
class TotpInfo {
}
exports.TotpInfo = TotpInfo;
/**
* Interface representing a TOTP specific user-enrolled second factor.
*/
class TotpMultiFactorInfo extends MultiFactorInfo {
/**
* Initializes the `TotpMultiFactorInfo` object using the server side response.
*
* @param response - The server side response.
* @constructor
* @internal
*/
constructor(response) {
super(response);
utils.addReadonlyGetter(this, 'totpInfo', response.totpInfo);
}
/**
* {@inheritdoc MultiFactorInfo.toJSON}
*/
toJSON() {
return Object.assign(super.toJSON(), {
totpInfo: this.totpInfo,
});
}
/**
* Returns the factor ID based on the response provided.
*
* @param response - The server side response.
* @returns The multi-factor ID associated with the provided response. If the response is
* not associated with any known multi-factor ID, `null` is returned.
*
* @internal
*/
getFactorId(response) {
return (response && response.totpInfo) ? MultiFactorId.Totp : null;
}
}
exports.TotpMultiFactorInfo = TotpMultiFactorInfo;
/**
* The multi-factor related user settings.
*/
class MultiFactorSettings {
/**
* Initializes the `MultiFactor` object using the server side or JWT format response.
*
* @param response - The server side response.
* @constructor
* @internal
*/
constructor(response) {
const parsedEnrolledFactors = [];
if (!(0, validator_1.isNonNullObject)(response)) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid multi-factor response');
}
else if (response.mfaInfo) {
response.mfaInfo.forEach((factorResponse) => {
const multiFactorInfo = MultiFactorInfo.initMultiFactorInfo(factorResponse);
if (multiFactorInfo) {
parsedEnrolledFactors.push(multiFactorInfo);
}
});
}
// Make enrolled factors immutable.
utils.addReadonlyGetter(this, 'enrolledFactors', Object.freeze(parsedEnrolledFactors));
}
/**
* Returns a JSON-serializable representation of this multi-factor object.
*
* @returns A JSON-serializable representation of this multi-factor object.
*/
toJSON() {
return {
enrolledFactors: this.enrolledFactors.map((info) => info.toJSON()),
};
}
}
exports.MultiFactorSettings = MultiFactorSettings;
/**
* Represents a user's metadata.
*/
class UserMetadata {
/**
* @param response - The server side response returned from the `getAccountInfo`
* endpoint.
* @constructor
* @internal
*/
constructor(response) {
// Creation date should always be available but due to some backend bugs there
// were cases in the past where users did not have creation date properly set.
// This included legacy Firebase migrating project users and some anonymous users.
// These bugs have already been addressed since then.
utils.addReadonlyGetter(this, 'creationTime', parseDate(response.createdAt));
utils.addReadonlyGetter(this, 'lastSignInTime', parseDate(response.lastLoginAt));
const lastRefreshAt = response.lastRefreshAt ? new Date(response.lastRefreshAt).toUTCString() : null;
utils.addReadonlyGetter(this, 'lastRefreshTime', lastRefreshAt);
}
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON() {
return {
lastSignInTime: this.lastSignInTime,
creationTime: this.creationTime,
lastRefreshTime: this.lastRefreshTime,
};
}
}
exports.UserMetadata = UserMetadata;
/**
* Represents a user's info from a third-party identity provider
* such as Google or Facebook.
*/
class UserInfo {
/**
* @param response - The server side response returned from the `getAccountInfo`
* endpoint.
* @constructor
* @internal
*/
constructor(response) {
// Provider user id and provider id are required.
if (!response.rawId || !response.providerId) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid user info response');
}
utils.addReadonlyGetter(this, 'uid', response.rawId);
utils.addReadonlyGetter(this, 'displayName', response.displayName);
utils.addReadonlyGetter(this, 'email', response.email);
utils.addReadonlyGetter(this, 'photoURL', response.photoUrl);
utils.addReadonlyGetter(this, 'providerId', response.providerId);
utils.addReadonlyGetter(this, 'phoneNumber', response.phoneNumber);
}
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON() {
return {
uid: this.uid,
displayName: this.displayName,
email: this.email,
photoURL: this.photoURL,
providerId: this.providerId,
phoneNumber: this.phoneNumber,
};
}
}
exports.UserInfo = UserInfo;
/**
* Represents a user.
*/
class UserRecord {
/**
* @param response - The server side response returned from the getAccountInfo
* endpoint.
* @constructor
* @internal
*/
constructor(response) {
// The Firebase user id is required.
if (!response.localId) {
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid user response');
}
utils.addReadonlyGetter(this, 'uid', response.localId);
utils.addReadonlyGetter(this, 'email', response.email);
utils.addReadonlyGetter(this, 'emailVerified', !!response.emailVerified);
utils.addReadonlyGetter(this, 'displayName', response.displayName);
utils.addReadonlyGetter(this, 'photoURL', response.photoUrl);
utils.addReadonlyGetter(this, 'phoneNumber', response.phoneNumber);
// If disabled is not provided, the account is enabled by default.
utils.addReadonlyGetter(this, 'disabled', response.disabled || false);
utils.addReadonlyGetter(this, 'metadata', new UserMetadata(response));
const providerData = [];
for (const entry of (response.providerUserInfo || [])) {
providerData.push(new UserInfo(entry));
}
utils.addReadonlyGetter(this, 'providerData', providerData);
// If the password hash is redacted (probably due to missing permissions)
// then clear it out, similar to how the salt is returned. (Otherwise, it
// *looks* like a b64-encoded hash is present, which is confusing.)
if (response.passwordHash === B64_REDACTED) {
utils.addReadonlyGetter(this, 'passwordHash', undefined);
}
else {
utils.addReadonlyGetter(this, 'passwordHash', response.passwordHash);
}
utils.addReadonlyGetter(this, 'passwordSalt', response.salt);
if (response.customAttributes) {
utils.addReadonlyGetter(this, 'customClaims', JSON.parse(response.customAttributes));
}
let validAfterTime = null;
// Convert validSince first to UTC milliseconds and then to UTC date string.
if (typeof response.validSince !== 'undefined') {
validAfterTime = parseDate(parseInt(response.validSince, 10) * 1000);
}
utils.addReadonlyGetter(this, 'tokensValidAfterTime', validAfterTime || undefined);
utils.addReadonlyGetter(this, 'tenantId', response.tenantId);
const multiFactor = new MultiFactorSettings(response);
if (multiFactor.enrolledFactors.length > 0) {
utils.addReadonlyGetter(this, 'multiFactor', multiFactor);
}
}
/**
* Returns a JSON-serializable representation of this object.
*
* @returns A JSON-serializable representation of this object.
*/
toJSON() {
const json = {
uid: this.uid,
email: this.email,
emailVerified: this.emailVerified,
displayName: this.displayName,
photoURL: this.photoURL,
phoneNumber: this.phoneNumber,
disabled: this.disabled,
// Convert metadata to json.
metadata: this.metadata.toJSON(),
passwordHash: this.passwordHash,
passwordSalt: this.passwordSalt,
customClaims: (0, deep_copy_1.deepCopy)(this.customClaims),
tokensValidAfterTime: this.tokensValidAfterTime,
tenantId: this.tenantId,
};
if (this.multiFactor) {
json.multiFactor = this.multiFactor.toJSON();
}
json.providerData = [];
for (const entry of this.providerData) {
// Convert each provider data to json.
json.providerData.push(entry.toJSON());
}
return json;
}
}
exports.UserRecord = UserRecord;

127
server/node_modules/firebase-admin/lib/credential/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,127 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Credential as TCredential, applicationDefault as applicationDefaultFn, cert as certFn, refreshToken as refreshTokenFn } from '../app/index';
export { ServiceAccount, GoogleOAuthAccessToken } from '../app/index';
export declare namespace credential {
/**
* Interface that provides Google OAuth2 access tokens used to authenticate
* with Firebase services.
*
* In most cases, you will not need to implement this yourself and can instead
* use the default implementations provided by the `admin.credential` namespace.
*/
type Credential = TCredential;
/**
* Returns a credential created from the
* {@link https://developers.google.com/identity/protocols/application-default-credentials |
* Google Application Default Credentials}
* that grants admin access to Firebase services. This credential can be used
* in the call to {@link firebase-admin.app#initializeApp}.
*
* Google Application Default Credentials are available on any Google
* infrastructure, such as Google App Engine and Google Compute Engine.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* admin.initializeApp({
* credential: admin.credential.applicationDefault(),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via Google
* Application Default Credentials that can be used to initialize an app.
*/
const applicationDefault: typeof applicationDefaultFn;
/**
* Returns a credential created from the provided service account that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a service account key JSON file
* var serviceAccount = require("path/to/serviceAccountKey.json");
* admin.initializeApp({
* credential: admin.credential.cert(serviceAccount),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @example
* ```javascript
* // Providing a service account object inline
* admin.initializeApp({
* credential: admin.credential.cert({
* projectId: "<PROJECT_ID>",
* clientEmail: "foo@<PROJECT_ID>.iam.gserviceaccount.com",
* privateKey: "-----BEGIN PRIVATE KEY-----<KEY>-----END PRIVATE KEY-----\n"
* }),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param serviceAccountPathOrObject - The path to a service
* account key JSON file or an object representing a service account key.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
const cert: typeof certFn;
/**
* Returns a credential created from the provided refresh token that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a refresh token JSON file
* var refreshToken = require("path/to/refreshToken.json");
* admin.initializeApp({
* credential: admin.credential.refreshToken(refreshToken),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param refreshTokenPathOrObject - The path to a Google
* OAuth2 refresh token JSON file or an object representing a Google OAuth2
* refresh token.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
const refreshToken: typeof refreshTokenFn;
}

123
server/node_modules/firebase-admin/lib/credential/index.js generated vendored Normal file
View File

@@ -0,0 +1,123 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.credential = void 0;
const index_1 = require("../app/index");
/* eslint-disable @typescript-eslint/no-namespace */
var credential;
(function (credential) {
/**
* Returns a credential created from the
* {@link https://developers.google.com/identity/protocols/application-default-credentials |
* Google Application Default Credentials}
* that grants admin access to Firebase services. This credential can be used
* in the call to {@link firebase-admin.app#initializeApp}.
*
* Google Application Default Credentials are available on any Google
* infrastructure, such as Google App Engine and Google Compute Engine.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* admin.initializeApp({
* credential: admin.credential.applicationDefault(),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via Google
* Application Default Credentials that can be used to initialize an app.
*/
credential.applicationDefault = index_1.applicationDefault;
/**
* Returns a credential created from the provided service account that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a service account key JSON file
* var serviceAccount = require("path/to/serviceAccountKey.json");
* admin.initializeApp({
* credential: admin.credential.cert(serviceAccount),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @example
* ```javascript
* // Providing a service account object inline
* admin.initializeApp({
* credential: admin.credential.cert({
* projectId: "<PROJECT_ID>",
* clientEmail: "foo@<PROJECT_ID>.iam.gserviceaccount.com",
* privateKey: "-----BEGIN PRIVATE KEY-----<KEY>-----END PRIVATE KEY-----\n"
* }),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param serviceAccountPathOrObject - The path to a service
* account key JSON file or an object representing a service account key.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
credential.cert = index_1.cert;
/**
* Returns a credential created from the provided refresh token that grants
* admin access to Firebase services. This credential can be used in the call
* to {@link firebase-admin.app#initializeApp}.
*
* See
* {@link https://firebase.google.com/docs/admin/setup#initialize_the_sdk | Initialize the SDK}
* for more details.
*
* @example
* ```javascript
* // Providing a path to a refresh token JSON file
* var refreshToken = require("path/to/refreshToken.json");
* admin.initializeApp({
* credential: admin.credential.refreshToken(refreshToken),
* databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
* });
* ```
*
* @param refreshTokenPathOrObject - The path to a Google
* OAuth2 refresh token JSON file or an object representing a Google OAuth2
* refresh token.
* @param httpAgent - Optional {@link https://nodejs.org/api/http.html#http_class_http_agent | HTTP Agent}
* to be used when retrieving access tokens from Google token servers.
*
* @returns A credential authenticated via the
* provided service account that can be used to initialize an app.
*/
credential.refreshToken = index_1.refreshToken;
})(credential || (exports.credential = credential = {}));

37
server/node_modules/firebase-admin/lib/data-connect/data-connect-api-client-internal.d.ts generated vendored Normal file
View File

@@ -0,0 +1,37 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { PrefixedFirebaseError } from '../utils/error';
/**
* When true the SDK should communicate with the Data Connect Emulator for all API
* calls and also produce unsigned tokens.
*/
export declare function useEmulator(): boolean;
export declare const DATA_CONNECT_ERROR_CODE_MAPPING: {
[key: string]: DataConnectErrorCode;
};
export type DataConnectErrorCode = 'aborted' | 'invalid-argument' | 'invalid-credential' | 'internal-error' | 'permission-denied' | 'unauthenticated' | 'not-found' | 'unknown-error' | 'query-error';
/**
* Firebase Data Connect error code structure. This extends PrefixedFirebaseError.
*
* @param code - The error code.
* @param message - The error message.
* @constructor
*/
export declare class FirebaseDataConnectError extends PrefixedFirebaseError {
constructor(code: DataConnectErrorCode, message: string);
}

361
server/node_modules/firebase-admin/lib/data-connect/data-connect-api-client-internal.js generated vendored Normal file
View File

@@ -0,0 +1,361 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseDataConnectError = exports.DATA_CONNECT_ERROR_CODE_MAPPING = exports.DataConnectApiClient = void 0;
exports.useEmulator = useEmulator;
const api_request_1 = require("../utils/api-request");
const error_1 = require("../utils/error");
const utils = require("../utils/index");
const validator = require("../utils/validator");
const API_VERSION = 'v1alpha';
/** The Firebase Data Connect backend base URL format. */
const FIREBASE_DATA_CONNECT_BASE_URL_FORMAT = 'https://firebasedataconnect.googleapis.com/{version}/projects/{projectId}/locations/{locationId}/services/{serviceId}:{endpointId}';
/** Firebase Data Connect base URl format when using the Data Connect emultor. */
const FIREBASE_DATA_CONNECT_EMULATOR_BASE_URL_FORMAT = 'http://{host}/{version}/projects/{projectId}/locations/{locationId}/services/{serviceId}:{endpointId}';
const EXECUTE_GRAPH_QL_ENDPOINT = 'executeGraphql';
const EXECUTE_GRAPH_QL_READ_ENDPOINT = 'executeGraphqlRead';
const DATA_CONNECT_CONFIG_HEADERS = {
'X-Firebase-Client': `fire-admin-node/${utils.getSdkVersion()}`
};
/**
* Class that facilitates sending requests to the Firebase Data Connect backend API.
*
* @internal
*/
class DataConnectApiClient {
constructor(connectorConfig, app) {
this.connectorConfig = connectorConfig;
this.app = app;
if (!validator.isNonNullObject(app) || !('options' in app)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'First argument passed to getDataConnect() must be a valid Firebase app instance.');
}
this.httpClient = new DataConnectHttpClient(app);
}
/**
* Execute arbitrary GraphQL, including both read and write queries
*
* @param query - The GraphQL string to be executed.
* @param options - GraphQL Options
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
async executeGraphql(query, options) {
return this.executeGraphqlHelper(query, EXECUTE_GRAPH_QL_ENDPOINT, options);
}
/**
* Execute arbitrary read-only GraphQL queries
*
* @param query - The GraphQL (read-only) string to be executed.
* @param options - GraphQL Options
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
* @throws FirebaseDataConnectError
*/
async executeGraphqlRead(query, options) {
return this.executeGraphqlHelper(query, EXECUTE_GRAPH_QL_READ_ENDPOINT, options);
}
async executeGraphqlHelper(query, endpoint, options) {
if (!validator.isNonEmptyString(query)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`query` must be a non-empty string.');
}
if (typeof options !== 'undefined') {
if (!validator.isNonNullObject(options)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, 'GraphqlOptions must be a non-null object');
}
}
const data = {
query,
...(options?.variables && { variables: options?.variables }),
...(options?.operationName && { operationName: options?.operationName }),
...(options?.impersonate && { extensions: { impersonate: options?.impersonate } }),
};
return this.getUrl(API_VERSION, this.connectorConfig.location, this.connectorConfig.serviceId, endpoint)
.then(async (url) => {
const request = {
method: 'POST',
url,
headers: DATA_CONNECT_CONFIG_HEADERS,
data,
};
const resp = await this.httpClient.send(request);
if (resp.data.errors && validator.isNonEmptyArray(resp.data.errors)) {
const allMessages = resp.data.errors.map((error) => error.message).join(' ');
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.QUERY_ERROR, allMessages);
}
return Promise.resolve({
data: resp.data.data,
});
})
.then((resp) => {
return resp;
})
.catch((err) => {
throw this.toFirebaseError(err);
});
}
async getUrl(version, locationId, serviceId, endpointId) {
return this.getProjectId()
.then((projectId) => {
const urlParams = {
version,
projectId,
locationId,
serviceId,
endpointId
};
let urlFormat;
if (useEmulator()) {
urlFormat = utils.formatString(FIREBASE_DATA_CONNECT_EMULATOR_BASE_URL_FORMAT, {
host: emulatorHost()
});
}
else {
urlFormat = FIREBASE_DATA_CONNECT_BASE_URL_FORMAT;
}
return utils.formatString(urlFormat, urlParams);
});
}
getProjectId() {
if (this.projectId) {
return Promise.resolve(this.projectId);
}
return utils.findProjectId(this.app)
.then((projectId) => {
if (!validator.isNonEmptyString(projectId)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.UNKNOWN, 'Failed to determine project ID. Initialize the '
+ 'SDK with service account credentials or set project ID as an app option. '
+ 'Alternatively, set the GOOGLE_CLOUD_PROJECT environment variable.');
}
this.projectId = projectId;
return projectId;
});
}
toFirebaseError(err) {
if (err instanceof error_1.PrefixedFirebaseError) {
return err;
}
const response = err.response;
if (!response.isJson()) {
return new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.UNKNOWN, `Unexpected response with status: ${response.status} and body: ${response.text}`);
}
const error = response.data.error || {};
let code = exports.DATA_CONNECT_ERROR_CODE_MAPPING.UNKNOWN;
if (error.status && error.status in exports.DATA_CONNECT_ERROR_CODE_MAPPING) {
code = exports.DATA_CONNECT_ERROR_CODE_MAPPING[error.status];
}
const message = error.message || `Unknown server error: ${response.text}`;
return new FirebaseDataConnectError(code, message);
}
/**
* Converts JSON data into a GraphQL literal string.
* Handles nested objects, arrays, strings, numbers, and booleans.
* Ensures strings are properly escaped.
*/
objectToString(data) {
if (typeof data === 'string') {
const escapedString = data
.replace(/\\/g, '\\\\') // Replace \ with \\
.replace(/"/g, '\\"'); // Replace " with \"
return `"${escapedString}"`;
}
if (typeof data === 'number' || typeof data === 'boolean' || data === null) {
return String(data);
}
if (validator.isArray(data)) {
const elements = data.map(item => this.objectToString(item)).join(', ');
return `[${elements}]`;
}
if (typeof data === 'object' && data !== null) {
// Filter out properties where the value is undefined BEFORE mapping
const kvPairs = Object.entries(data)
.filter(([, val]) => val !== undefined)
.map(([key, val]) => {
// GraphQL object keys are typically unquoted.
return `${key}: ${this.objectToString(val)}`;
});
if (kvPairs.length === 0) {
return '{}'; // Represent an object with no defined properties as {}
}
return `{ ${kvPairs.join(', ')} }`;
}
// If value is undefined (and not an object property, which is handled above,
// e.g., if objectToString(undefined) is called directly or for an array element)
// it should be represented as 'null'.
if (typeof data === 'undefined') {
return 'null';
}
// Fallback for any other types (e.g., Symbol, BigInt - though less common in GQL contexts)
// Consider how these should be handled or if an error should be thrown.
// For now, simple string conversion.
return String(data);
}
formatTableName(tableName) {
// Format tableName: first character to lowercase
if (tableName && tableName.length > 0) {
return tableName.charAt(0).toLowerCase() + tableName.slice(1);
}
return tableName;
}
handleBulkImportErrors(err) {
if (err.code === `data-connect/${exports.DATA_CONNECT_ERROR_CODE_MAPPING.QUERY_ERROR}`) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.QUERY_ERROR, `${err.message}. Make sure that your table name passed in matches the type name in your GraphQL schema file.`);
}
throw err;
}
/**
* Insert a single row into the specified table.
*/
async insert(tableName, data) {
if (!validator.isNonEmptyString(tableName)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`tableName` must be a non-empty string.');
}
if (validator.isArray(data)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`data` must be an object, not an array, for single insert. For arrays, please use `insertMany` function.');
}
if (!validator.isNonNullObject(data)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`data` must be a non-null object.');
}
try {
tableName = this.formatTableName(tableName);
const gqlDataString = this.objectToString(data);
const mutation = `mutation { ${tableName}_insert(data: ${gqlDataString}) }`;
// Use internal executeGraphql
return this.executeGraphql(mutation).catch(this.handleBulkImportErrors);
}
catch (e) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INTERNAL, `Failed to construct insert mutation: ${e.message}`);
}
}
/**
* Insert multiple rows into the specified table.
*/
async insertMany(tableName, data) {
if (!validator.isNonEmptyString(tableName)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`tableName` must be a non-empty string.');
}
if (!validator.isNonEmptyArray(data)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`data` must be a non-empty array for insertMany.');
}
try {
tableName = this.formatTableName(tableName);
const gqlDataString = this.objectToString(data);
const mutation = `mutation { ${tableName}_insertMany(data: ${gqlDataString}) }`;
// Use internal executeGraphql
return this.executeGraphql(mutation).catch(this.handleBulkImportErrors);
}
catch (e) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INTERNAL, `Failed to construct insertMany mutation: ${e.message}`);
}
}
/**
* Insert a single row into the specified table, or update it if it already exists.
*/
async upsert(tableName, data) {
if (!validator.isNonEmptyString(tableName)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`tableName` must be a non-empty string.');
}
if (validator.isArray(data)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`data` must be an object, not an array, for single upsert. For arrays, please use `upsertMany` function.');
}
if (!validator.isNonNullObject(data)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`data` must be a non-null object.');
}
try {
tableName = this.formatTableName(tableName);
const gqlDataString = this.objectToString(data);
const mutation = `mutation { ${tableName}_upsert(data: ${gqlDataString}) }`;
// Use internal executeGraphql
return this.executeGraphql(mutation).catch(this.handleBulkImportErrors);
}
catch (e) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INTERNAL, `Failed to construct upsert mutation: ${e.message}`);
}
}
/**
* Insert multiple rows into the specified table, or update them if they already exist.
*/
async upsertMany(tableName, data) {
if (!validator.isNonEmptyString(tableName)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`tableName` must be a non-empty string.');
}
if (!validator.isNonEmptyArray(data)) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INVALID_ARGUMENT, '`data` must be a non-empty array for upsertMany.');
}
try {
tableName = this.formatTableName(tableName);
const gqlDataString = this.objectToString(data);
const mutation = `mutation { ${tableName}_upsertMany(data: ${gqlDataString}) }`;
// Use internal executeGraphql
return this.executeGraphql(mutation).catch(this.handleBulkImportErrors);
}
catch (e) {
throw new FirebaseDataConnectError(exports.DATA_CONNECT_ERROR_CODE_MAPPING.INTERNAL, `Failed to construct upsertMany mutation: ${e.message}`);
}
}
}
exports.DataConnectApiClient = DataConnectApiClient;
/**
* Data Connect-specific HTTP client which uses the special "owner" token
* when communicating with the Data Connect Emulator.
*/
class DataConnectHttpClient extends api_request_1.AuthorizedHttpClient {
getToken() {
if (useEmulator()) {
return Promise.resolve('owner');
}
return super.getToken();
}
}
function emulatorHost() {
return process.env.DATA_CONNECT_EMULATOR_HOST;
}
/**
* When true the SDK should communicate with the Data Connect Emulator for all API
* calls and also produce unsigned tokens.
*/
function useEmulator() {
return !!emulatorHost();
}
exports.DATA_CONNECT_ERROR_CODE_MAPPING = {
ABORTED: 'aborted',
INVALID_ARGUMENT: 'invalid-argument',
INVALID_CREDENTIAL: 'invalid-credential',
INTERNAL: 'internal-error',
PERMISSION_DENIED: 'permission-denied',
UNAUTHENTICATED: 'unauthenticated',
NOT_FOUND: 'not-found',
UNKNOWN: 'unknown-error',
QUERY_ERROR: 'query-error',
};
/**
* Firebase Data Connect error code structure. This extends PrefixedFirebaseError.
*
* @param code - The error code.
* @param message - The error message.
* @constructor
*/
class FirebaseDataConnectError extends error_1.PrefixedFirebaseError {
constructor(code, message) {
super('data-connect', code, message);
/* tslint:disable:max-line-length */
// Set the prototype explicitly. See the following link for more details:
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
/* tslint:enable:max-line-length */
this.__proto__ = FirebaseDataConnectError.prototype;
}
}
exports.FirebaseDataConnectError = FirebaseDataConnectError;

95
server/node_modules/firebase-admin/lib/data-connect/data-connect-api.d.ts generated vendored Normal file
View File

@@ -0,0 +1,95 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { DecodedIdToken } from '../auth/token-verifier';
/**
* Interface representing a Data Connect connector configuration.
*/
export interface ConnectorConfig {
/**
* Location ID of the Data Connect service.
*/
location: string;
/**
* Service ID of the Data Connect service.
*/
serviceId: string;
}
/**
* Interface representing GraphQL response.
*/
export interface ExecuteGraphqlResponse<GraphqlResponse> {
/**
* Data payload of the GraphQL response.
*/
data: GraphqlResponse;
}
/**
* Interface representing GraphQL options.
*/
export interface GraphqlOptions<Variables> {
/**
* Values for GraphQL variables provided in this query or mutation.
*/
variables?: Variables;
/**
* The name of the GraphQL operation. Required only if `query` contains multiple operations.
*/
operationName?: string;
/**
* If set, impersonate a request with given Firebase Auth context and evaluate the auth
* policies on the operation. If omitted, bypass any defined auth policies.
*/
impersonate?: ImpersonateAuthenticated | ImpersonateUnauthenticated;
}
/**
* Type representing the partial claims of a Firebase Auth token used to evaluate the
* Data Connect auth policy.
*/
export type AuthClaims = Partial<DecodedIdToken>;
/**
* Interface representing the impersonation of an authenticated user.
*/
export interface ImpersonateAuthenticated {
/**
* Evaluate the auth policy with a customized JWT auth token. Should follow the Firebase Auth token format.
* https://firebase.google.com/docs/data-connect/cel-reference#auth-token-contents
*
* @example A verified user may have the following `authClaims`:
* ```json
* { "sub": "uid", "email_verified": true }
* ```
*/
authClaims: AuthClaims;
/**
* Both `authClaims` and `unauthenticated` are mutually exclusive fields and should not be both set.
*/
unauthenticated?: never;
}
/**
* Interface representing the impersonation of an unauthenticated user.
*/
export interface ImpersonateUnauthenticated {
/**
* Both `authClaims` and `unauthenticated` are mutually exclusive fields and should not be both set.
*/
authClaims?: never;
/**
* Evaluates the auth policy as an unauthenticated request. Can only be set to true.
*/
unauthenticated: true;
}

19
server/node_modules/firebase-admin/lib/data-connect/data-connect-api.js generated vendored Normal file
View File

@@ -0,0 +1,19 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

89
server/node_modules/firebase-admin/lib/data-connect/data-connect.d.ts generated vendored Normal file
View File

@@ -0,0 +1,89 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { App } from '../app';
import { ConnectorConfig, ExecuteGraphqlResponse, GraphqlOptions } from './data-connect-api';
export declare class DataConnectService {
private readonly appInternal;
private dataConnectInstances;
constructor(app: App);
getDataConnect(connectorConfig: ConnectorConfig): DataConnect;
/**
* Returns the app associated with this `DataConnectService` instance.
*
* @returns The app associated with this `DataConnectService` instance.
*/
get app(): App;
}
/**
* The Firebase `DataConnect` service interface.
*/
export declare class DataConnect {
readonly connectorConfig: ConnectorConfig;
readonly app: App;
private readonly client;
/**
* Execute an arbitrary GraphQL query or mutation
*
* @param query - The GraphQL query or mutation.
* @param options - Optional {@link GraphqlOptions} when executing a GraphQL query or mutation.
*
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
executeGraphql<GraphqlResponse, Variables>(query: string, options?: GraphqlOptions<Variables>): Promise<ExecuteGraphqlResponse<GraphqlResponse>>;
/**
* Execute an arbitrary read-only GraphQL query
*
* @param query - The GraphQL read-only query.
* @param options - Optional {@link GraphqlOptions} when executing a read-only GraphQL query.
*
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
executeGraphqlRead<GraphqlResponse, Variables>(query: string, options?: GraphqlOptions<Variables>): Promise<ExecuteGraphqlResponse<GraphqlResponse>>;
/**
* Insert a single row into the specified table.
*
* @param tableName - The name of the table to insert data into.
* @param variables - The data object to insert. The keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
insert<GraphQlResponse, Variables extends object>(tableName: string, variables: Variables): Promise<ExecuteGraphqlResponse<GraphQlResponse>>;
/**
* Insert multiple rows into the specified table.
*
* @param tableName - The name of the table to insert data into.
* @param variables - An array of data objects to insert. Each object's keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
insertMany<GraphQlResponse, Variables extends Array<unknown>>(tableName: string, variables: Variables): Promise<ExecuteGraphqlResponse<GraphQlResponse>>;
/**
* Insert a single row into the specified table, or update it if it already exists.
*
* @param tableName - The name of the table to upsert data into.
* @param variables - The data object to upsert. The keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
upsert<GraphQlResponse, Variables extends object>(tableName: string, variables: Variables): Promise<ExecuteGraphqlResponse<GraphQlResponse>>;
/**
* Insert multiple rows into the specified table, or update them if they already exist.
*
* @param tableName - The name of the table to upsert data into.
* @param variables - An array of data objects to upsert. Each object's keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
upsertMany<GraphQlResponse, Variables extends Array<unknown>>(tableName: string, variables: Variables): Promise<ExecuteGraphqlResponse<GraphQlResponse>>;
}

125
server/node_modules/firebase-admin/lib/data-connect/data-connect.js generated vendored Normal file
View File

@@ -0,0 +1,125 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.DataConnect = exports.DataConnectService = void 0;
const data_connect_api_client_internal_1 = require("./data-connect-api-client-internal");
class DataConnectService {
constructor(app) {
this.dataConnectInstances = new Map();
this.appInternal = app;
}
getDataConnect(connectorConfig) {
const id = `${connectorConfig.location}-${connectorConfig.serviceId}`;
const dc = this.dataConnectInstances.get(id);
if (typeof dc !== 'undefined') {
return dc;
}
const newInstance = new DataConnect(connectorConfig, this.appInternal);
this.dataConnectInstances.set(id, newInstance);
return newInstance;
}
/**
* Returns the app associated with this `DataConnectService` instance.
*
* @returns The app associated with this `DataConnectService` instance.
*/
get app() {
return this.appInternal;
}
}
exports.DataConnectService = DataConnectService;
/**
* The Firebase `DataConnect` service interface.
*/
class DataConnect {
/**
* @param connectorConfig - The connector configuration.
* @param app - The app for this `DataConnect` service.
* @constructor
* @internal
*/
constructor(connectorConfig, app) {
this.connectorConfig = connectorConfig;
this.app = app;
this.client = new data_connect_api_client_internal_1.DataConnectApiClient(connectorConfig, app);
}
/**
* Execute an arbitrary GraphQL query or mutation
*
* @param query - The GraphQL query or mutation.
* @param options - Optional {@link GraphqlOptions} when executing a GraphQL query or mutation.
*
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
executeGraphql(query, options) {
return this.client.executeGraphql(query, options);
}
/**
* Execute an arbitrary read-only GraphQL query
*
* @param query - The GraphQL read-only query.
* @param options - Optional {@link GraphqlOptions} when executing a read-only GraphQL query.
*
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
executeGraphqlRead(query, options) {
return this.client.executeGraphqlRead(query, options);
}
/**
* Insert a single row into the specified table.
*
* @param tableName - The name of the table to insert data into.
* @param variables - The data object to insert. The keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
insert(tableName, variables) {
return this.client.insert(tableName, variables);
}
/**
* Insert multiple rows into the specified table.
*
* @param tableName - The name of the table to insert data into.
* @param variables - An array of data objects to insert. Each object's keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
insertMany(tableName, variables) {
return this.client.insertMany(tableName, variables);
}
/**
* Insert a single row into the specified table, or update it if it already exists.
*
* @param tableName - The name of the table to upsert data into.
* @param variables - The data object to upsert. The keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
upsert(tableName, variables) {
return this.client.upsert(tableName, variables);
}
/**
* Insert multiple rows into the specified table, or update them if they already exist.
*
* @param tableName - The name of the table to upsert data into.
* @param variables - An array of data objects to upsert. Each object's keys should correspond to the column names.
* @returns A promise that fulfills with a `ExecuteGraphqlResponse`.
*/
upsertMany(tableName, variables) {
return this.client.upsertMany(tableName, variables);
}
}
exports.DataConnect = DataConnect;

61
server/node_modules/firebase-admin/lib/data-connect/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,61 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Firebase Data Connect service.
*
* @packageDocumentation
*/
import { App } from '../app';
import { DataConnect } from './data-connect';
import { ConnectorConfig } from './data-connect-api';
export { GraphqlOptions, ExecuteGraphqlResponse, ConnectorConfig, ImpersonateAuthenticated, ImpersonateUnauthenticated, AuthClaims } from './data-connect-api';
export { DataConnect, } from './data-connect';
/**
* Gets the {@link DataConnect} service with the provided connector configuration
* for the default app or a given app.
*
* `getDataConnect(connectorConfig)` can be called with no app argument to access the default
* app's `DataConnect` service or as `getDataConnect(connectorConfig, app)` to access the
* `DataConnect` service associated with a specific app.
*
* @example
* ```javascript
* const connectorConfig: ConnectorConfig = {
* location: 'us-west2',
* serviceId: 'my-service',
* };
*
* // Get the `DataConnect` service for the default app
* const defaultDataConnect = getDataConnect(connectorConfig);
* ```
*
* @example
* ```javascript
* // Get the `DataConnect` service for a given app
* const otherDataConnect = getDataConnect(connectorConfig, otherApp);
* ```
*
* @param connectorConfig - Connector configuration for the `DataConnect` service.
*
* @param app - Optional app for which to return the `DataConnect` service.
* If not provided, the default `DataConnect` service is returned.
*
* @returns The default `DataConnect` service with the provided connector configuration
* if no app is provided, or the `DataConnect` service associated with the provided app.
*/
export declare function getDataConnect(connectorConfig: ConnectorConfig, app?: App): DataConnect;

71
server/node_modules/firebase-admin/lib/data-connect/index.js generated vendored Normal file
View File

@@ -0,0 +1,71 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2024 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.DataConnect = void 0;
exports.getDataConnect = getDataConnect;
/**
* Firebase Data Connect service.
*
* @packageDocumentation
*/
const app_1 = require("../app");
const data_connect_1 = require("./data-connect");
var data_connect_2 = require("./data-connect");
Object.defineProperty(exports, "DataConnect", { enumerable: true, get: function () { return data_connect_2.DataConnect; } });
/**
* Gets the {@link DataConnect} service with the provided connector configuration
* for the default app or a given app.
*
* `getDataConnect(connectorConfig)` can be called with no app argument to access the default
* app's `DataConnect` service or as `getDataConnect(connectorConfig, app)` to access the
* `DataConnect` service associated with a specific app.
*
* @example
* ```javascript
* const connectorConfig: ConnectorConfig = {
* location: 'us-west2',
* serviceId: 'my-service',
* };
*
* // Get the `DataConnect` service for the default app
* const defaultDataConnect = getDataConnect(connectorConfig);
* ```
*
* @example
* ```javascript
* // Get the `DataConnect` service for a given app
* const otherDataConnect = getDataConnect(connectorConfig, otherApp);
* ```
*
* @param connectorConfig - Connector configuration for the `DataConnect` service.
*
* @param app - Optional app for which to return the `DataConnect` service.
* If not provided, the default `DataConnect` service is returned.
*
* @returns The default `DataConnect` service with the provided connector configuration
* if no app is provided, or the `DataConnect` service associated with the provided app.
*/
function getDataConnect(connectorConfig, app) {
if (typeof app === 'undefined') {
app = (0, app_1.getApp)();
}
const firebaseApp = app;
const dataConnectService = firebaseApp.getOrInitService('dataConnect', (app) => new data_connect_1.DataConnectService(app));
return dataConnectService.getDataConnect(connectorConfig);
}

95
server/node_modules/firebase-admin/lib/database/database-namespace.d.ts generated vendored Normal file
View File

@@ -0,0 +1,95 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import * as rtdb from '@firebase/database-types';
import { App } from '../app';
import { Database as TDatabase } from './database';
/**
* Gets the {@link firebase-admin.database#Database} service for the default
* app or a given app.
*
* `admin.database()` can be called with no arguments to access the default
* app's `Database` service or as `admin.database(app)` to access the
* `Database` service associated with a specific app.
*
* `admin.database` is also a namespace that can be used to access global
* constants and methods associated with the `Database` service.
*
* @example
* ```javascript
* // Get the Database service for the default app
* var defaultDatabase = admin.database();
* ```
*
* @example
* ```javascript
* // Get the Database service for a specific app
* var otherDatabase = admin.database(app);
* ```
*
* @param App - whose `Database` service to
* return. If not provided, the default `Database` service will be returned.
*
* @returns The default `Database` service if no app
* is provided or the `Database` service associated with the provided app.
*/
export declare function database(app?: App): database.Database;
export declare namespace database {
/**
* Type alias to {@link firebase-admin.database#Database}.
*/
type Database = TDatabase;
/**
* Type alias to {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.DataSnapshot | DataSnapshot}
* type from the `@firebase/database-compat` package.
*/
type DataSnapshot = rtdb.DataSnapshot;
/**
* Type alias to the {@link https://firebase.google.com/docs/reference/js/v8/firebase.database#eventtype | EventType}
* type from the `@firebase/database-compat` package.
*/
type EventType = rtdb.EventType;
/**
* Type alias to {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.OnDisconnect | OnDisconnect}
* type from the `@firebase/database-compat` package.
*/
type OnDisconnect = rtdb.OnDisconnect;
/**
* Type alias to {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.Query | Query}
* type from the `@firebase/database-compat` package.
*/
type Query = rtdb.Query;
/**
* Type alias to {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.Reference | Reference}
* type from the `@firebase/database-compat` package.
*/
type Reference = rtdb.Reference;
/**
* Type alias to {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.ThenableReference |
* ThenableReference} type from the `@firebase/database-compat` package.
*/
type ThenableReference = rtdb.ThenableReference;
/**
* {@link https://firebase.google.com/docs/reference/js/v8/firebase.database#enablelogging | enableLogging}
* function from the `@firebase/database-compat` package.
*/
const enableLogging: typeof rtdb.enableLogging;
/**
* {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.ServerValue | ServerValue}
* constant from the `@firebase/database-compat` package.
*/
const ServerValue: rtdb.ServerValue;
}

23
server/node_modules/firebase-admin/lib/database/database-namespace.js generated vendored Normal file
View File

@@ -0,0 +1,23 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.database = void 0;
/* eslint-disable @typescript-eslint/no-namespace */
var database;
(function (database) {
})(database || (exports.database = database = {}));

65
server/node_modules/firebase-admin/lib/database/database.d.ts generated vendored Normal file
View File

@@ -0,0 +1,65 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { FirebaseDatabase } from '@firebase/database-types';
import { App } from '../app';
/**
* The Firebase Database service interface. Extends the
* {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.Database | Database}
* interface provided by the `@firebase/database-compat` package.
*/
export interface Database extends FirebaseDatabase {
/**
* Gets the currently applied security rules as a string. The return value consists of
* the rules source including comments.
*
* @returns A promise fulfilled with the rules as a raw string.
*/
getRules(): Promise<string>;
/**
* Gets the currently applied security rules as a parsed JSON object. Any comments in
* the original source are stripped away.
*
* @returns A promise fulfilled with the parsed rules object.
*/
getRulesJSON(): Promise<object>;
/**
* Sets the specified rules on the Firebase Realtime Database instance. If the rules source is
* specified as a string or a Buffer, it may include comments.
*
* @param source - Source of the rules to apply. Must not be `null` or empty.
* @returns Resolves when the rules are set on the Realtime Database.
*/
setRules(source: string | Buffer | object): Promise<void>;
}
export declare class DatabaseService {
private readonly appInternal;
private tokenListener;
private tokenRefreshTimeout;
private databases;
constructor(app: App);
private get firebaseApp();
/**
* Returns the app associated with this DatabaseService instance.
*
* @returns The app associated with this DatabaseService instance.
*/
get app(): App;
getDatabase(url?: string): Database;
private onTokenChange;
private scheduleTokenRefresh;
private ensureUrl;
}

257
server/node_modules/firebase-admin/lib/database/database.js generated vendored Normal file
View File

@@ -0,0 +1,257 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.DatabaseService = void 0;
const url_1 = require("url");
const path = require("path");
const error_1 = require("../utils/error");
const validator = require("../utils/validator");
const api_request_1 = require("../utils/api-request");
const index_1 = require("../utils/index");
const TOKEN_REFRESH_THRESHOLD_MILLIS = 5 * 60 * 1000;
class DatabaseService {
constructor(app) {
this.databases = {};
if (!validator.isNonNullObject(app) || !('options' in app)) {
throw new error_1.FirebaseDatabaseError({
code: 'invalid-argument',
message: 'First argument passed to admin.database() must be a valid Firebase app instance.',
});
}
this.appInternal = app;
}
get firebaseApp() {
return this.app;
}
/**
* @internal
*/
delete() {
if (this.tokenListener) {
this.firebaseApp.INTERNAL.removeAuthTokenListener(this.tokenListener);
clearTimeout(this.tokenRefreshTimeout);
}
const promises = [];
for (const dbUrl of Object.keys(this.databases)) {
const db = this.databases[dbUrl];
promises.push(db.INTERNAL.delete());
}
return Promise.all(promises).then(() => {
this.databases = {};
});
}
/**
* Returns the app associated with this DatabaseService instance.
*
* @returns The app associated with this DatabaseService instance.
*/
get app() {
return this.appInternal;
}
getDatabase(url) {
const dbUrl = this.ensureUrl(url);
if (!validator.isNonEmptyString(dbUrl)) {
throw new error_1.FirebaseDatabaseError({
code: 'invalid-argument',
message: 'Database URL must be a valid, non-empty URL string.',
});
}
let db = this.databases[dbUrl];
if (typeof db === 'undefined') {
// eslint-disable-next-line @typescript-eslint/no-var-requires
const rtdb = require('@firebase/database-compat/standalone');
db = rtdb.initStandalone(this.appInternal, dbUrl, (0, index_1.getSdkVersion)()).instance;
const rulesClient = new DatabaseRulesClient(this.app, dbUrl);
db.getRules = () => {
return rulesClient.getRules();
};
db.getRulesJSON = () => {
return rulesClient.getRulesJSON();
};
db.setRules = (source) => {
return rulesClient.setRules(source);
};
this.databases[dbUrl] = db;
}
if (!this.tokenListener) {
this.tokenListener = this.onTokenChange.bind(this);
this.firebaseApp.INTERNAL.addAuthTokenListener(this.tokenListener);
}
return db;
}
// eslint-disable-next-line @typescript-eslint/no-unused-vars
onTokenChange(_) {
const token = this.firebaseApp.INTERNAL.getCachedToken();
if (token) {
const delayMillis = token.expirationTime - TOKEN_REFRESH_THRESHOLD_MILLIS - Date.now();
// If the new token is set to expire soon (unlikely), do nothing. Somebody will eventually
// notice and refresh the token, at which point this callback will fire again.
if (delayMillis > 0) {
this.scheduleTokenRefresh(delayMillis);
}
}
}
scheduleTokenRefresh(delayMillis) {
clearTimeout(this.tokenRefreshTimeout);
this.tokenRefreshTimeout = setTimeout(() => {
this.firebaseApp.INTERNAL.getToken(/*forceRefresh=*/ true)
.catch(() => {
// Ignore the error since this might just be an intermittent failure. If we really cannot
// refresh the token, an error will be logged once the existing token expires and we try
// to fetch a fresh one.
});
}, delayMillis);
}
ensureUrl(url) {
if (typeof url !== 'undefined') {
return url;
}
else if (typeof this.appInternal.options.databaseURL !== 'undefined') {
return this.appInternal.options.databaseURL;
}
throw new error_1.FirebaseDatabaseError({
code: 'invalid-argument',
message: 'Can\'t determine Firebase Database URL.',
});
}
}
exports.DatabaseService = DatabaseService;
const RULES_URL_PATH = '.settings/rules.json';
/**
* A helper client for managing RTDB security rules.
*/
class DatabaseRulesClient {
constructor(app, dbUrl) {
let parsedUrl = new url_1.URL(dbUrl);
const emulatorHost = process.env.FIREBASE_DATABASE_EMULATOR_HOST;
if (emulatorHost) {
const namespace = extractNamespace(parsedUrl);
parsedUrl = new url_1.URL(`http://${emulatorHost}?ns=${namespace}`);
}
parsedUrl.pathname = path.join(parsedUrl.pathname, RULES_URL_PATH);
this.dbUrl = parsedUrl.toString();
this.httpClient = new api_request_1.AuthorizedHttpClient(app);
}
/**
* Gets the currently applied security rules as a string. The return value consists of
* the rules source including comments.
*
* @returns A promise fulfilled with the rules as a raw string.
*/
getRules() {
const req = {
method: 'GET',
url: this.dbUrl,
};
return this.httpClient.send(req)
.then((resp) => {
if (!resp.text) {
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INTERNAL_ERROR, 'HTTP response missing data.');
}
return resp.text;
})
.catch((err) => {
throw this.handleError(err);
});
}
/**
* Gets the currently applied security rules as a parsed JSON object. Any comments in
* the original source are stripped away.
*
* @returns {Promise<object>} A promise fulfilled with the parsed rules source.
*/
getRulesJSON() {
const req = {
method: 'GET',
url: this.dbUrl,
data: { format: 'strict' },
};
return this.httpClient.send(req)
.then((resp) => {
return resp.data;
})
.catch((err) => {
throw this.handleError(err);
});
}
/**
* Sets the specified rules on the Firebase Database instance. If the rules source is
* specified as a string or a Buffer, it may include comments.
*
* @param {string|Buffer|object} source Source of the rules to apply. Must not be `null`
* or empty.
* @returns {Promise<void>} Resolves when the rules are set on the Database.
*/
setRules(source) {
if (!validator.isNonEmptyString(source) &&
!validator.isBuffer(source) &&
!validator.isNonNullObject(source)) {
const error = new error_1.FirebaseDatabaseError({
code: 'invalid-argument',
message: 'Source must be a non-empty string, Buffer or an object.',
});
return Promise.reject(error);
}
const req = {
method: 'PUT',
url: this.dbUrl,
data: source,
headers: {
'content-type': 'application/json; charset=utf-8',
},
};
return this.httpClient.send(req)
.then(() => {
return;
})
.catch((err) => {
throw this.handleError(err);
});
}
handleError(err) {
if (err instanceof api_request_1.RequestResponseError) {
return new error_1.FirebaseDatabaseError({
code: error_1.AppErrorCodes.INTERNAL_ERROR,
message: this.getErrorMessage(err),
});
}
return err;
}
getErrorMessage(err) {
const intro = 'Error while accessing security rules';
try {
const body = err.response.data;
if (body && body.error) {
return `${intro}: ${body.error.trim()}`;
}
}
catch {
// Ignore parsing errors
}
return `${intro}: ${err.response.text}`;
}
}
function extractNamespace(parsedUrl) {
const ns = parsedUrl.searchParams.get('ns');
if (ns) {
return ns;
}
const hostname = parsedUrl.hostname;
const dotIndex = hostname.indexOf('.');
return hostname.substring(0, dotIndex).toLowerCase();
}

91
server/node_modules/firebase-admin/lib/database/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,91 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Firebase Realtime Database.
*
* @packageDocumentation
*/
import * as rtdb from '@firebase/database-types';
import { App } from '../app';
import { Database } from './database';
export { Database };
export { DataSnapshot, EventType, OnDisconnect, Query, Reference, ThenableReference, } from '@firebase/database-types';
/**
* {@link https://firebase.google.com/docs/reference/js/v8/firebase.database#enablelogging | enableLogging}
* function from the `@firebase/database-compat` package.
*/
export declare const enableLogging: typeof rtdb.enableLogging;
/**
* {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.ServerValue | ServerValue}
* constant from the `@firebase/database-compat` package.
*/
export declare const ServerValue: rtdb.ServerValue;
/**
* Gets the {@link Database} service for the default
* app or a given app.
*
* `getDatabase()` can be called with no arguments to access the default
* app's `Database` service or as `getDatabase(app)` to access the
* `Database` service associated with a specific app.
*
* @example
* ```javascript
* // Get the Database service for the default app
* const defaultDatabase = getDatabase();
* ```
*
* @example
* ```javascript
* // Get the Database service for a specific app
* const otherDatabase = getDatabase(app);
* ```
*
* @param App - whose `Database` service to
* return. If not provided, the default `Database` service will be returned.
*
* @returns The default `Database` service if no app
* is provided or the `Database` service associated with the provided app.
*/
export declare function getDatabase(app?: App): Database;
/**
* Gets the {@link Database} service for the default
* app or a given app.
*
* `getDatabaseWithUrl()` can be called with no arguments to access the default
* app's {@link Database} service or as `getDatabaseWithUrl(app)` to access the
* {@link Database} service associated with a specific app.
*
* @example
* ```javascript
* // Get the Database service for the default app
* const defaultDatabase = getDatabaseWithUrl('https://example.firebaseio.com');
* ```
*
* @example
* ```javascript
* // Get the Database service for a specific app
* const otherDatabase = getDatabaseWithUrl('https://example.firebaseio.com', app);
* ```
*
* @param App - whose `Database` service to
* return. If not provided, the default `Database` service will be returned.
*
* @returns The default `Database` service if no app
* is provided or the `Database` service associated with the provided app.
*/
export declare function getDatabaseWithUrl(url: string, app?: App): Database;
export { FirebaseDatabaseError } from '../utils/error';

105
server/node_modules/firebase-admin/lib/database/index.js generated vendored Normal file
View File

@@ -0,0 +1,105 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.FirebaseDatabaseError = exports.ServerValue = exports.enableLogging = void 0;
exports.getDatabase = getDatabase;
exports.getDatabaseWithUrl = getDatabaseWithUrl;
const standalone_1 = require("@firebase/database-compat/standalone");
const app_1 = require("../app");
const database_1 = require("./database");
// TODO: Remove the following any-cast once the typins in @firebase/database-types are fixed.
/**
* {@link https://firebase.google.com/docs/reference/js/v8/firebase.database#enablelogging | enableLogging}
* function from the `@firebase/database-compat` package.
*/
exports.enableLogging = standalone_1.enableLogging;
/**
* {@link https://firebase.google.com/docs/reference/js/v8/firebase.database.ServerValue | ServerValue}
* constant from the `@firebase/database-compat` package.
*/
// eslint-disable-next-line @typescript-eslint/naming-convention
exports.ServerValue = standalone_1.ServerValue;
/**
* Gets the {@link Database} service for the default
* app or a given app.
*
* `getDatabase()` can be called with no arguments to access the default
* app's `Database` service or as `getDatabase(app)` to access the
* `Database` service associated with a specific app.
*
* @example
* ```javascript
* // Get the Database service for the default app
* const defaultDatabase = getDatabase();
* ```
*
* @example
* ```javascript
* // Get the Database service for a specific app
* const otherDatabase = getDatabase(app);
* ```
*
* @param App - whose `Database` service to
* return. If not provided, the default `Database` service will be returned.
*
* @returns The default `Database` service if no app
* is provided or the `Database` service associated with the provided app.
*/
function getDatabase(app) {
return getDatabaseInstance({ app });
}
/**
* Gets the {@link Database} service for the default
* app or a given app.
*
* `getDatabaseWithUrl()` can be called with no arguments to access the default
* app's {@link Database} service or as `getDatabaseWithUrl(app)` to access the
* {@link Database} service associated with a specific app.
*
* @example
* ```javascript
* // Get the Database service for the default app
* const defaultDatabase = getDatabaseWithUrl('https://example.firebaseio.com');
* ```
*
* @example
* ```javascript
* // Get the Database service for a specific app
* const otherDatabase = getDatabaseWithUrl('https://example.firebaseio.com', app);
* ```
*
* @param App - whose `Database` service to
* return. If not provided, the default `Database` service will be returned.
*
* @returns The default `Database` service if no app
* is provided or the `Database` service associated with the provided app.
*/
function getDatabaseWithUrl(url, app) {
return getDatabaseInstance({ url, app });
}
function getDatabaseInstance(options) {
let { app } = options;
if (typeof app === 'undefined') {
app = (0, app_1.getApp)();
}
const firebaseApp = app;
const dbService = firebaseApp.getOrInitService('database', (app) => new database_1.DatabaseService(app));
return dbService.getDatabase(options.url);
}
var error_1 = require("../utils/error");
Object.defineProperty(exports, "FirebaseDatabaseError", { enumerable: true, get: function () { return error_1.FirebaseDatabaseError; } });

24
server/node_modules/firebase-admin/lib/default-namespace.d.ts generated vendored Normal file
View File

@@ -0,0 +1,24 @@
/*! firebase-admin v13.5.0 */
/*!
* Copyright 2020 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Firebase namespaced API (legacy).
*
* @packageDocumentation
*/
export * from './firebase-namespace-api';

30
server/node_modules/firebase-admin/lib/default-namespace.js generated vendored Normal file
View File

@@ -0,0 +1,30 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2017 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
const firebase_namespace_1 = require("./app/firebase-namespace");
// Inject a circular default export to allow users to use both:
//
// import firebaseAdmin from 'firebase-admin';
// which becomes: var firebaseAdmin = require('firebase-admin').default;
//
// as well as the more correct:
//
// import * as firebaseAdmin from 'firebase-admin';
// which becomes: var firebaseAdmin = require('firebase-admin');
firebase_namespace_1.defaultNamespace.default = firebase_namespace_1.defaultNamespace;
module.exports = firebase_namespace_1.defaultNamespace;

4
server/node_modules/firebase-admin/lib/esm/app-check/index.js generated vendored Normal file
View File

@@ -0,0 +1,4 @@
import mod from "../../app-check/index.js";
export const AppCheck = mod.AppCheck;
export const getAppCheck = mod.getAppCheck;

12
server/node_modules/firebase-admin/lib/esm/app/index.js generated vendored Normal file
View File

@@ -0,0 +1,12 @@
import mod from "../../app/index.js";
export const AppErrorCodes = mod.AppErrorCodes;
export const FirebaseAppError = mod.FirebaseAppError;
export const SDK_VERSION = mod.SDK_VERSION;
export const applicationDefault = mod.applicationDefault;
export const cert = mod.cert;
export const deleteApp = mod.deleteApp;
export const getApp = mod.getApp;
export const getApps = mod.getApps;
export const initializeApp = mod.initializeApp;
export const refreshToken = mod.refreshToken;

18
server/node_modules/firebase-admin/lib/esm/auth/index.js generated vendored Normal file
View File

@@ -0,0 +1,18 @@
import mod from "../../auth/index.js";
export const Auth = mod.Auth;
export const AuthClientErrorCode = mod.AuthClientErrorCode;
export const BaseAuth = mod.BaseAuth;
export const FirebaseAuthError = mod.FirebaseAuthError;
export const MultiFactorInfo = mod.MultiFactorInfo;
export const MultiFactorSettings = mod.MultiFactorSettings;
export const PhoneMultiFactorInfo = mod.PhoneMultiFactorInfo;
export const ProjectConfig = mod.ProjectConfig;
export const ProjectConfigManager = mod.ProjectConfigManager;
export const Tenant = mod.Tenant;
export const TenantAwareAuth = mod.TenantAwareAuth;
export const TenantManager = mod.TenantManager;
export const UserInfo = mod.UserInfo;
export const UserMetadata = mod.UserMetadata;
export const UserRecord = mod.UserRecord;
export const getAuth = mod.getAuth;

4
server/node_modules/firebase-admin/lib/esm/data-connect/index.js generated vendored Normal file
View File

@@ -0,0 +1,4 @@
import mod from "../../data-connect/index.js";
export const DataConnect = mod.DataConnect;
export const getDataConnect = mod.getDataConnect;

7
server/node_modules/firebase-admin/lib/esm/database/index.js generated vendored Normal file
View File

@@ -0,0 +1,7 @@
import mod from "../../database/index.js";
export const FirebaseDatabaseError = mod.FirebaseDatabaseError;
export const ServerValue = mod.ServerValue;
export const enableLogging = mod.enableLogging;
export const getDatabase = mod.getDatabase;
export const getDatabaseWithUrl = mod.getDatabaseWithUrl;

5
server/node_modules/firebase-admin/lib/esm/eventarc/index.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
import mod from "../../eventarc/index.js";
export const Channel = mod.Channel;
export const Eventarc = mod.Eventarc;
export const getEventarc = mod.getEventarc;

5
server/node_modules/firebase-admin/lib/esm/extensions/index.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
import mod from "../../extensions/index.js";
export const Extensions = mod.Extensions;
export const Runtime = mod.Runtime;
export const getExtensions = mod.getExtensions;

30
server/node_modules/firebase-admin/lib/esm/firestore/index.js generated vendored Normal file
View File

@@ -0,0 +1,30 @@
import mod from "../../firestore/index.js";
export const AggregateField = mod.AggregateField;
export const AggregateQuery = mod.AggregateQuery;
export const AggregateQuerySnapshot = mod.AggregateQuerySnapshot;
export const BulkWriter = mod.BulkWriter;
export const BundleBuilder = mod.BundleBuilder;
export const CollectionGroup = mod.CollectionGroup;
export const CollectionReference = mod.CollectionReference;
export const DocumentReference = mod.DocumentReference;
export const DocumentSnapshot = mod.DocumentSnapshot;
export const FieldPath = mod.FieldPath;
export const FieldValue = mod.FieldValue;
export const Filter = mod.Filter;
export const FirebaseFirestoreError = mod.FirebaseFirestoreError;
export const Firestore = mod.Firestore;
export const GeoPoint = mod.GeoPoint;
export const GrpcStatus = mod.GrpcStatus;
export const Query = mod.Query;
export const QueryDocumentSnapshot = mod.QueryDocumentSnapshot;
export const QueryPartition = mod.QueryPartition;
export const QuerySnapshot = mod.QuerySnapshot;
export const Timestamp = mod.Timestamp;
export const Transaction = mod.Transaction;
export const WriteBatch = mod.WriteBatch;
export const WriteResult = mod.WriteResult;
export const getFirestore = mod.getFirestore;
export const initializeFirestore = mod.initializeFirestore;
export const setLogFunction = mod.setLogFunction;
export const v1 = mod.v1;

5
server/node_modules/firebase-admin/lib/esm/functions/index.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
import mod from "../../functions/index.js";
export const Functions = mod.Functions;
export const TaskQueue = mod.TaskQueue;
export const getFunctions = mod.getFunctions;

6
server/node_modules/firebase-admin/lib/esm/installations/index.js generated vendored Normal file
View File

@@ -0,0 +1,6 @@
import mod from "../../installations/index.js";
export const FirebaseInstallationsError = mod.FirebaseInstallationsError;
export const Installations = mod.Installations;
export const InstallationsClientErrorCode = mod.InstallationsClientErrorCode;
export const getInstallations = mod.getInstallations;

6
server/node_modules/firebase-admin/lib/esm/instance-id/index.js generated vendored Normal file
View File

@@ -0,0 +1,6 @@
import mod from "../../instance-id/index.js";
export const FirebaseInstanceIdError = mod.FirebaseInstanceIdError;
export const InstanceId = mod.InstanceId;
export const InstanceIdClientErrorCode = mod.InstanceIdClientErrorCode;
export const getInstanceId = mod.getInstanceId;

5
server/node_modules/firebase-admin/lib/esm/machine-learning/index.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
import mod from "../../machine-learning/index.js";
export const MachineLearning = mod.MachineLearning;
export const Model = mod.Model;
export const getMachineLearning = mod.getMachineLearning;

6
server/node_modules/firebase-admin/lib/esm/messaging/index.js generated vendored Normal file
View File

@@ -0,0 +1,6 @@
import mod from "../../messaging/index.js";
export const FirebaseMessagingError = mod.FirebaseMessagingError;
export const Messaging = mod.Messaging;
export const MessagingClientErrorCode = mod.MessagingClientErrorCode;
export const getMessaging = mod.getMessaging;

1
server/node_modules/firebase-admin/lib/esm/package.json generated vendored Normal file
View File

@@ -0,0 +1 @@
{"type":"module"}

9
server/node_modules/firebase-admin/lib/esm/project-management/index.js generated vendored Normal file
View File

@@ -0,0 +1,9 @@
import mod from "../../project-management/index.js";
export const AndroidApp = mod.AndroidApp;
export const AppPlatform = mod.AppPlatform;
export const FirebaseProjectManagementError = mod.FirebaseProjectManagementError;
export const IosApp = mod.IosApp;
export const ProjectManagement = mod.ProjectManagement;
export const ShaCertificate = mod.ShaCertificate;
export const getProjectManagement = mod.getProjectManagement;

7
server/node_modules/firebase-admin/lib/esm/remote-config/index.js generated vendored Normal file
View File

@@ -0,0 +1,7 @@
import mod from "../../remote-config/index.js";
export const CustomSignalOperator = mod.CustomSignalOperator;
export const PercentConditionOperator = mod.PercentConditionOperator;
export const RemoteConfig = mod.RemoteConfig;
export const RemoteConfigFetchResponse = mod.RemoteConfigFetchResponse;
export const getRemoteConfig = mod.getRemoteConfig;

6
server/node_modules/firebase-admin/lib/esm/security-rules/index.js generated vendored Normal file
View File

@@ -0,0 +1,6 @@
import mod from "../../security-rules/index.js";
export const Ruleset = mod.Ruleset;
export const RulesetMetadataList = mod.RulesetMetadataList;
export const SecurityRules = mod.SecurityRules;
export const getSecurityRules = mod.getSecurityRules;

5
server/node_modules/firebase-admin/lib/esm/storage/index.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
import mod from "../../storage/index.js";
export const Storage = mod.Storage;
export const getDownloadURL = mod.getDownloadURL;
export const getStorage = mod.getStorage;

84
server/node_modules/firebase-admin/lib/eventarc/cloudevent.d.ts generated vendored Normal file
View File

@@ -0,0 +1,84 @@
/*! firebase-admin v13.5.0 */
/*!
* @license
* Copyright 2022 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* A CloudEvent version.
*/
export type CloudEventVersion = '1.0';
/**
* A CloudEvent describes event data.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md
*/
export interface CloudEvent {
/**
* Identifier for the event. If not provided, it is auto-populated with a UUID.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#id
*/
id?: string;
/**
* Identifies the context in which an event happened. If not provided, the value of `EVENTARC_CLOUD_EVENT_SOURCE`
* environment variable is used and if that is not set, a validation error is thrown.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#source-1
*/
source?: string;
/**
* The version of the CloudEvents specification which the event uses. If not provided, is set to `1.0` --
* the only supported value.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#specversion
*/
specversion?: CloudEventVersion;
/**
* Type of the event. Should be prefixed with a reverse-DNS name (`com.my-org.v1.something.happended`).
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#type
*/
type: string;
/**
* Subject (context) of the event in the context of the event producer.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#subject
*/
subject?: string;
/**
* MIME type of the data being sent with the event in the `data` field. Only `application/json` and `text/plain`
* are currently supported. If not specified, it is automatically inferred from the type of provided data.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#datacontenttype
*/
datacontenttype?: string;
/**
* Timestamp of the event. Must be in ISO time format. If not specified, current time (at the moment of publishing)
* is used.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#time
*/
time?: string;
/**
* Data payload of the event. Objects are stringified with JSON and strings are be passed along as-is.
*/
data?: object | string;
/**
* Custom attributes/extensions. Must be strings. Added to the event as is.
*
* @see https://github.com/cloudevents/spec/blob/v1.0/spec.md#extension-context-attributes
*/
[key: string]: any;
}

19
server/node_modules/firebase-admin/lib/eventarc/cloudevent.js generated vendored Normal file
View File

@@ -0,0 +1,19 @@
/*! firebase-admin v13.5.0 */
"use strict";
/*!
* @license
* Copyright 2022 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

Some files were not shown because too many files have changed in this diff Show More