firebase-admin-sdk 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 943bc48f322900cf959c1a0ec6342f3fbfb8f40af3ef971bf19e63d65b5a0fd4
+  data.tar.gz: fbf64b91cc0a3d98425db69fddf5382086df4652fded37178e87c312ec8d2669
+SHA512:
+  metadata.gz: 05d47f8bdc6b33ba5d3902e42ddc54f4438c3c13f3b5d048237244e3f71ad1006f86798804cb5ad8e5c8e24a5a10996c2033dddea118972ecf6556209e646fbd
+  data.tar.gz: 067d29dc598a88f7825c1b00487bdcb0969c5153962505a935458c9c8c27ff972a8684b99eb7b960b250777335fc31d6a6d4586c26f523f6b50899540401a774

data/.github/workflows/main.yml

@@ -0,0 +1,38 @@
+name: ruby
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - name: Run standard
+        run: bundle exec rake standard
+
+      - name: Run unit tests
+        run: bundle exec rake spec
+
+      - name: Cache firebase tools
+        uses: actions/cache@v2
+        id: cache-firebase
+        with:
+          path: tools/firebase
+          key: ${{ runner.os }}-firebase-tools
+
+      - name: Install firebase tools
+        if: steps.cache-firebase.outputs.cache-hit != 'true'
+        run: |
+          mkdir -p tools
+          curl -o tools/firebase -L https://firebase.tools/bin/linux/latest
+          chmod +rx tools/firebase
+
+      - name: Run integration tests
+        run: tools/firebase emulators:exec --only auth --project test-adminsdk-project 'bundle exec rake integration'

data/.gitignore

@@ -0,0 +1,15 @@
+.idea
+.DS_Store
+Gemfile.lock
+
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.ruby-version

@@ -0,0 +1 @@
+3.0.1

data/Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Cheddar Payments B.V.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,52 @@
+# Firebase Admin Ruby SDK
+
+The Firebase Admin Ruby SDK enables access to Firebase services from privileged environments (such as servers or cloud)
+in Ruby.
+
+For more information, visit the
+[Firebase Admin SDK setup guide](https://firebase.google.com/docs/admin/setup/).
+
+This gem is currently in alpha and not recommended for production use (yet).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'firebase-admin-sdk'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install firebase-admin-sdk
+
+## Usage
+
+### Application Default Credentials
+
+```ruby
+gem 'firebase-admin-sdk'
+
+app = Firebase::Admin::App.new
+```
+
+### Using a service account
+
+```ruby
+gem 'firebase-admin-sdk'
+
+creds = Firebase::Admin::Credentials.from_file('service_account.json')
+app = Firebase::Admin::App.new(credentials: creds)
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/cheddar-me/firebase-admin-sdk.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "standard/rake"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec).pattern = "spec/unit/**{,/*/**}/*_spec.rb"
+RSpec::Core::RakeTask.new(:integration).pattern = "spec/integration/**{,/*/**}/*_spec.rb"
+
+task default: %i[standard spec]

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "firebase-admin-sdk"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/firebase-admin-sdk.gemspec

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative "lib/firebase/admin/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "firebase-admin-sdk"
+  spec.version = Firebase::Admin::VERSION
+  spec.authors = ["Tariq Zaid"]
+  spec.email = ["tariq@cheddar.me"]
+
+  spec.summary = "Firebase Admin SDK for Ruby"
+  spec.homepage = "https://github.com/cheddar-me/firebase-admin-sdk-ruby"
+  spec.license = "MIT"
+  spec.required_ruby_version = "> 2.7"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+  spec.bindir = "bin"
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "googleauth", "~> 0.16.2"
+  spec.add_runtime_dependency "faraday", "< 2"
+  spec.add_runtime_dependency "faraday_middleware", "~> 1.0"
+  spec.add_runtime_dependency "jwt", ">= 1.5", "< 3.0"
+
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "webmock", "~> 3.13"
+  spec.add_development_dependency "fakefs", "~> 1.3.2"
+  spec.add_development_dependency "climate_control"
+  spec.add_development_dependency "standard"
+  spec.add_development_dependency "activesupport"
+end

data/lib/firebase-admin-sdk.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require_relative "firebase/admin/version"
+require_relative "firebase/admin/error"
+require_relative "firebase/admin/config"
+require_relative "firebase/admin/gce"
+require_relative "firebase/admin/credentials"
+require_relative "firebase/admin/internal/http_client"
+require_relative "firebase/admin/auth/error"
+require_relative "firebase/admin/auth/utils"
+require_relative "firebase/admin/auth/certificates_fetcher"
+require_relative "firebase/admin/auth/token_verifier"
+require_relative "firebase/admin/auth/user_info"
+require_relative "firebase/admin/auth/user_record"
+require_relative "firebase/admin/auth/user_manager"
+require_relative "firebase/admin/auth/client"
+require_relative "firebase/admin/app"

data/lib/firebase/admin/app.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative "error"
+require_relative "config"
+require_relative "credentials"
+require_relative "auth/client"
+
+module Firebase
+  module Admin
+    # An App holds configuration and state common to all Firebase services that are exposed from the SDK.
+    class App
+      attr_reader :project_id, :service_account_id, :credentials
+
+      # Constructs a new App.
+      #
+      # @param [Credentials] credentials
+      #   Credentials for authenticating with Firebase.
+      # @param [Config] config
+      #   Firebase configuration options.
+      def initialize(credentials: nil, config: nil)
+        @config = config || Config.from_env
+        @credentials = credentials || Credentials.from_default
+        @service_account_id = @config.service_account_id
+        @project_id = @config.project_id || @credentials.project_id
+      end
+
+      # Gets the auth client for this App.
+      # @return [Firebase::Admin::Auth::Client]
+      def auth
+        @auth_client ||= Auth::Client.new(self)
+      end
+    end
+  end
+end

data/lib/firebase/admin/auth/certificates_fetcher.rb

@@ -0,0 +1,62 @@
+require "time"
+require "monitor"
+
+module Firebase
+  module Admin
+    module Auth
+      # Fetches public key certificates used for signature verification.
+      class CertificatesFetcher
+        include Utils
+
+        # Constructs a new certificates fetcher.
+        #
+        # @param [String] url
+        #   The certificates url to use when fetching public keys.
+        def initialize(url)
+          raise ArgumentError "url is invalid" unless validate_url(url)
+          @url = url
+          @certificates = {}
+          @certificates_expire_at = Time.now
+          @monitor = Monitor.new
+          @client = Firebase::Admin::Internal::HTTPClient.new
+        end
+
+        # Fetches certificates.
+        #
+        # @note
+        #   Certificates are cached in memory and refreshed according to the cache-control header if present
+        #   in the response.
+        #
+        # @return [Hash]
+        def fetch_certificates!
+          @monitor.synchronize do
+            return @certificates unless should_refresh?
+            keys, ttl = refresh
+            @certificates_expire_at = Time.now + ttl
+            @certificates = keys
+          end
+        end
+
+        private
+
+        # Refreshes and returns the certificates
+        def refresh
+          res = @client.get(@url)
+          match = res.headers["cache-control"]&.match(/max-age=([0-9]+)/)
+          ttl = match&.captures&.first&.to_i || 0
+          certificates = res.body
+          [certificates, ttl]
+        rescue => e
+          raise CertificateRequestError, e.message
+        end
+
+        # Checks if keys need to be refreshed.
+        #
+        # @return [Boolean]
+        def should_refresh?
+          @certificates.nil? || @certificates.empty? || @certificates_expire_at < Time.now
+        end
+      end
+    end
+  end
+end

data/lib/firebase/admin/auth/client.rb

@@ -0,0 +1,116 @@
+module Firebase
+  module Admin
+    module Auth
+      # A client for communicating with the Firebase Auth service.
+      class Client
+        # Constructs a new client
+        #
+        # @param [Firebase::Admin::App] app The app the client is configured with.
+        def initialize(app)
+          @project_id = app.project_id
+          @service_account_id = app.service_account_id
+          @credentials = app.credentials
+
+          @emulated = Utils.is_emulated?
+          v1_url_override = Utils.get_emulator_v1_url
+          @credentials = EmulatorCredentials.new if @emulated
+
+          @id_token_verifier = IDTokenVerifier.new(app)
+          @user_manager = UserManager.new(@project_id, @credentials, v1_url_override)
+        end
+
+        # Checks if the auth client is configured to use the Firebase Auth Emulator.
+        # @ return [Boolean] true if configured for the auth emulator, false otherwise.
+        def emulated?
+          @emulated
+        end
+
+        # Creates a new user account with the specified properties.
+        #
+        # @param [String, nil] uid The id to assign to the newly created user.
+        # @param [String, nil] display_name The user’s display name.
+        # @param [String, nil] email The user’s primary email.
+        # @param [Boolean, nil] email_verified A boolean indicating whether or not the user’s primary email is verified.
+        # @param [String, nil] phone_number The user’s primary phone number.
+        # @param [String, nil] photo_url The user’s photo URL.
+        # @param [String, nil] password The user’s raw, unhashed password.
+        # @param [Boolean, nil] disabled A boolean indicating whether or not the user account is disabled.
+        #
+        # @raise [CreateUserError] if a user cannot be created.
+        #
+        # @return [UserRecord]
+        def create_user(uid: nil, display_name: nil, email: nil, email_verified: nil, phone_number: nil, photo_url: nil, password: nil, disabled: nil)
+          @user_manager.create_user(
+            uid: uid,
+            display_name: display_name,
+            email: email,
+            email_verified: email_verified,
+            phone_number: phone_number,
+            photo_url: photo_url,
+            password: password,
+            disabled: disabled
+          )
+        end
+
+        # Gets the user corresponding to the specified user id.
+        #
+        # @param [String] uid
+        #   The id of the user.
+        #
+        # @return [UserRecord]
+        def get_user(uid)
+          @user_manager.get_user_by(uid: uid)
+        end
+
+        # Gets the user corresponding to the specified email address.
+        #
+        # @param [String] email
+        #   An email address.
+        #
+        # @return [UserRecord]
+        def get_user_by_email(email)
+          @user_manager.get_user_by(email: email)
+        end
+
+        # Gets the user corresponding to the specified phone number.
+        #
+        # @param [String] phone_number A phone number, in international E.164 format.
+        def get_user_by_phone_number(phone_number)
+          @user_manager.get_user_by(phone_number: phone_number)
+        end
+
+        # Deletes the user corresponding to the specified user id.
+        #
+        # @param [String] uid
+        #   The id of the user.
+        def delete_user(uid)
+          @user_manager.delete_user(uid)
+        end
+
+        # Verifies the signature and data for the provided JWT.
+        #
+        # Accepts a signed token string, verifies that it is current, was issued to this project, and that
+        # it was correctly signed by Google.
+        #
+        # @param [String] token A string of the encoded JWT.
+        # @param [Boolean] check_revoked (false) If true, checks whether the token has been revoked.
+        # @return [Hash] A hash of key-value pairs parsed from the decoded JWT.
+        def verify_id_token(token, check_revoked = false)
+          verified_claims = @id_token_verifier.verify(token, is_emulator: emulated?)
+          revoked = check_revoked && !id_token_revoked?(verified_claims)
+          verified_claims unless revoked
+        end
+
+        private
+
+        # Checks if an ID token has been revoked.
+        #
+        # @param [Hash] claims The verified claims needed to perform the check.
+        # @return [Boolean] true if the id token has been revoked, false otherwise.
+        def id_token_revoked?(claims)
+          raise NotImplementedError
+        end
+      end
+    end
+  end
+end