@donotdev/functions 0.0.11 → 0.0.12

package/README.md

@@ -482,7 +482,7 @@ bun run typecheck
 bun run dev:firebase
 
 # Terminal 2: Forward webhooks
-stripe listen --forward-to localhost:5001/your-project/us-central1/stripeWebhook
+stripe listen --forward-to localhost:5001/your-project/europe-west1/stripeWebhook
 ```
 
 #### Vercel

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@donotdev/functions",
-  "version": "0.0.11",
+  "version": "0.0.12",
   "private": false,
   "description": "Backend functions for DoNotDev Framework - Firebase, Vercel, and platform-agnostic implementations for auth, billing, CRUD, and OAuth",
   "main": "./lib/firebase/index.js",
@@ -39,7 +39,7 @@
     "node": ">=18.0.0"
   },
   "scripts": {
-    "type-check": "tsc --noEmit",
+    "type-check": "bunx tsc --noEmit",
     "build": "node build.mjs && tsc -p tsconfig.json",
     "build:types": "tsc -p tsconfig.json",
     "prepublishOnly": "bun run build",
@@ -47,13 +47,13 @@
     "serve": "firebase emulators:start --only functions"
   },
   "dependencies": {
-    "@donotdev/core": "^0.0.24",
-    "@donotdev/firebase": "^0.0.11",
-    "@donotdev/supabase": "^0.0.1"
+    "@donotdev/core": "^0.0.25",
+    "@donotdev/firebase": "^0.0.12",
+    "@donotdev/supabase": "^0.0.2"
   },
   "peerDependencies": {
     "@sentry/node": "^10.39.0",
-    "@supabase/supabase-js": "^2.49.0",
+    "@supabase/supabase-js": "^2.76.11",
     "firebase-admin": "^13.6.1",
     "firebase-functions": "^7.0.5",
     "next": "^16.1.6",
@@ -85,6 +85,9 @@
     "access": "public"
   },
   "peerDependenciesMeta": {
+    "@sentry/node": {
+      "optional": true
+    },
     "@supabase/supabase-js": {
       "optional": true
     },
@@ -96,9 +99,6 @@
     },
     "next": {
       "optional": true
-    },
-    "@sentry/node": {
-      "optional": true
     }
   }
 }

package/src/firebase/billing/createCheckoutSession.ts

@@ -63,7 +63,6 @@ async function createCheckoutSessionLogic(
 
   const {
     priceId,
-    userId,
     customerEmail,
     metadata = {},
     successUrl,
@@ -72,6 +71,9 @@ async function createCheckoutSessionLogic(
     mode = 'payment',
   } = data;
 
+  // Use authenticated uid from context — client no longer sends userId
+  const userId = context.uid;
+
   logger.debug('[createCheckoutSession] Processing request', {
     priceId,
     userId,

package/src/firebase/crud/list.ts

@@ -115,13 +115,40 @@ function listEntitiesLogicFactory(
     // Apply search if provided
     if (search) {
       const { field, query: searchQuery } = search;
+      // Validate search.field against entity schema (listFields as allowlist)
+      if (listFields && listFields.length > 0) {
+        if (!listFields.includes(field)) {
+          throw new DoNotDevError(
+            `Search field '${field}' is not allowed`,
+            'invalid-argument'
+          );
+        }
+      } else if (field.startsWith('_') || field.includes('.')) {
+        throw new DoNotDevError(
+          `Search field '${field}' is not allowed`,
+          'invalid-argument'
+        );
+      }
       query = query
         .where(field, '>=', searchQuery)
         .where(field, '<=', searchQuery + '\uf8ff');
     }
 
-    // Apply where clauses for filtering
+    // Apply where clauses for filtering — validate field names against entity schema
     for (const [field, operator, value] of where) {
+      if (listFields && listFields.length > 0) {
+        if (!listFields.includes(field) && field !== 'status' && field !== 'id') {
+          throw new DoNotDevError(
+            `Where field '${field}' is not allowed`,
+            'invalid-argument'
+          );
+        }
+      } else if (field.startsWith('_') || field.includes('.')) {
+        throw new DoNotDevError(
+          `Where field '${field}' is not allowed`,
+          'invalid-argument'
+        );
+      }
       query = query.where(field, operator, value);
     }
 
@@ -225,7 +252,7 @@ function listEntitiesLogicFactory(
       items: transformFirestoreData(docs),
       lastVisible: snapshot.docs[snapshot.docs.length - 1]?.id || null,
       count: snapshot.docs.length,
-      hasMore: snapshot.docs.length === limit,
+      hasMore: snapshot.docs.length === effectiveLimit,
     };
   };
 }

package/src/shared/errorHandling.ts

@@ -9,7 +9,6 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { HttpsError } from 'firebase-functions/v2/https';
 import * as v from 'valibot';
 
 import { DoNotDevError, EntityHookError } from '@donotdev/core/server';
@@ -26,7 +25,7 @@ export { DoNotDevError };
  * @since 0.0.1
  * @author AMBROISE PARK Consulting
  */
-export function handleError(error: unknown): never {
+export async function handleError(error: unknown): Promise<never> {
   // W11: Log only in development to avoid double-logging with platform loggers.
   // Known DoNotDevError, ValiError, and EntityHookError are handled by callers.
   if (
@@ -97,7 +96,7 @@ export function handleError(error: unknown): never {
 
   // Platform-specific error throwing
   if (isFirebaseEnvironment()) {
-    throwFirebaseError(code, message, details);
+    await throwFirebaseError(code, message, details);
   } else if (isVercelEnvironment()) {
     throwVercelError(code, message, details);
   } else {
@@ -143,12 +142,13 @@ function isVercelEnvironment(): boolean {
  * @since 0.0.1
  * @author AMBROISE PARK Consulting
  */
-function throwFirebaseError(
+async function throwFirebaseError(
   code: string,
   message: string,
   details?: any
-): never {
-  // Static import - Firebase is always available in Firebase functions
+): Promise<never> {
+  // Dynamic import — firebase-functions is only loaded in Firebase environments
+  const { HttpsError } = await import('firebase-functions/v2/https');
   throw new HttpsError(code as any, message, details);
 }
 

package/src/shared/index.ts

@@ -19,8 +19,9 @@ export * from './oauth/index.js';
 export {
   createTimestamp,
   toTimestamp,
-  toISOString,
   isTimestamp,
   transformFirestoreData,
   prepareForFirestore,
 } from './firebase.js';
+// Note: toISOString is exported from ./utils/external/date.js (handles DateValue).
+// The Firebase-specific toISOString (FirestoreTimestamp only) is available via direct import from ./firebase.js.

package/src/shared/logger.ts

@@ -28,10 +28,8 @@ if (typeof globalThis !== 'undefined' && 'window' in globalThis) {
   throw new Error('Server logger cannot be imported on client side');
 }
 
-// ServerShim: Ensure we're in a Node.js environment
-if (typeof process === 'undefined' || !process.versions?.node) {
-  throw new Error('Server logger requires Node.js environment');
-}
+// ServerShim: Warn if not in Node.js (e.g., Deno) but don't throw — allow fallback logging
+const _isNodeEnv = typeof process !== 'undefined' && !!process.versions?.node;
 
 let sentryEnabled = false;
 let sentryClient: any = null;
@@ -247,9 +245,7 @@ export const logger = {
       context,
       error: context?.error,
       metadata: {
-        pid: process.pid,
-        nodeVersion: process.version,
-        platform: process.platform,
+        ...(_isNodeEnv ? { pid: process.pid, nodeVersion: process.version, platform: process.platform } : {}),
         ...context?.metadata,
       },
     };

package/src/shared/utils/external/subscription.ts

@@ -49,7 +49,7 @@ export function getTierFromPriceId(priceId: string): string {
  * @since 0.0.1
  * @author AMBROISE PARK Consulting
  */
-export async function updateUserSubscription(
+export async function updateFirebaseUserSubscription(
   firebaseUid: string,
   subscription: any
 ): Promise<void> {
@@ -171,7 +171,7 @@ export async function cancelUserSubscription(
       .doc(firebaseUid)
       .update({
         ...subscriptionClaims,
-        updatedAt: Date.now(),
+        updatedAt: new Date().toISOString(),
       });
 
     console.log(`Subscription canceled for user ${firebaseUid}:`, {

package/src/shared/utils.ts

@@ -20,6 +20,11 @@ import {
   initFirebaseAdmin,
 } from '@donotdev/firebase/server';
 
+import {
+  assertAuthenticated as internalAssertAuthenticated,
+  assertAdmin as internalAssertAdmin,
+} from './utils/internal/auth.js';
+
 // Re-export DoNotDevError for external use
 export { DoNotDevError };
 
@@ -103,20 +108,24 @@ export const stripe = new Proxy({} as Stripe, {
 
 /**
  * Assert that a user is authenticated from a Firebase callable auth context.
- * For Vercel/Next.js routes, use `verifyAuthToken` from `shared/utils/internal/auth.js` instead.
+ *
+ * @deprecated Use `assertAuthenticated` from `shared/utils/internal/auth.js` instead.
+ * This wrapper extracts uid from a Firebase callable auth context and delegates
+ * to the canonical version.
  *
  * @param auth - Firebase callable request auth context (object with `.uid`)
  * @returns The authenticated user's uid
  *
- * @version 0.0.2
+ * @version 0.0.3
  * @since 0.0.1
  * @author AMBROISE PARK Consulting
  */
 export function assertAuthenticated(auth: any): string {
-  if (!auth || !auth.uid) {
+  const uid = auth?.uid;
+  if (!uid) {
     throw new Error('User must be authenticated');
   }
-  return auth.uid;
+  return internalAssertAuthenticated(uid);
 }
 
 /**
@@ -317,35 +326,15 @@ export async function handleSubscriptionCancellation(
  * Asserts that a user has admin privileges
  * Uses role hierarchy: super > admin > user > guest
  *
- * @version 0.0.2
+ * @deprecated Use `assertAdmin` from `shared/utils/internal/auth.js` instead.
+ * This is a thin wrapper that delegates to the canonical provider-agnostic version.
+ *
+ * @version 0.0.3
  * @since 0.0.1
  * @author AMBROISE PARK Consulting
  */
 export async function assertAdmin(uid: string): Promise<string> {
-  if (!uid) {
-    throw new DoNotDevError('Authentication required', 'unauthenticated');
-  }
-
-  try {
-    const user = await getFirebaseAdminAuth().getUser(uid);
-    const claims = user.customClaims || {};
-
-    // Check role claim first (standard pattern)
-    const role = claims.role;
-    if (role === 'admin' || role === 'super') {
-      return uid;
-    }
-
-    // Fallback: check legacy boolean flags
-    if (claims.isAdmin === true || claims.isSuper === true) {
-      return uid;
-    }
-
-    throw new DoNotDevError('Admin privileges required', 'permission-denied');
-  } catch (error) {
-    if (error instanceof DoNotDevError) throw error;
-    throw new DoNotDevError('Failed to verify admin status', 'internal');
-  }
+  return internalAssertAdmin(uid);
 }
 
 /**

package/src/supabase/auth/deleteAccount.ts

@@ -17,9 +17,7 @@ import { createSupabaseHandler } from '../baseFunction.js';
 // Schema
 // =============================================================================
 
-const deleteAccountSchema = v.object({
-  userId: v.pipe(v.string(), v.minLength(1, 'User ID is required')),
-});
+const deleteAccountSchema = v.object({});
 
 // =============================================================================
 // Handler
@@ -44,13 +42,8 @@ export function createDeleteAccount() {
   return createSupabaseHandler(
     'delete-account',
     deleteAccountSchema,
-    async (data, ctx) => {
-      // Guard: users can only delete their own account
-      if (data.userId !== ctx.uid) {
-        throw new Error('Forbidden: cannot delete another user');
-      }
-
-      const { error } = await ctx.supabaseAdmin.auth.admin.deleteUser(data.userId);
+    async (_data, ctx) => {
+      const { error } = await ctx.supabaseAdmin.auth.admin.deleteUser(ctx.uid);
       if (error) throw error;
 
       return { success: true };

package/src/supabase/baseFunction.ts

@@ -122,7 +122,11 @@ export function createSupabaseHandler<TReq, TRes>(
 
       // Create admin client
       const supabaseUrl = getEnvOrThrow('SUPABASE_URL');
-      const secretKey = getEnvOrThrow('SUPABASE_SECRET_KEY') || getEnvOrThrow('SUPABASE_SERVICE_ROLE_KEY'); // New: sb_secret_..., Legacy: service_role
+      // Try new env var first, fall back to legacy name
+      const secretKey = getEnv('SUPABASE_SECRET_KEY') || getEnv('SUPABASE_SERVICE_ROLE_KEY');
+      if (!secretKey) {
+        throw new Error('Missing environment variable: SUPABASE_SECRET_KEY or SUPABASE_SERVICE_ROLE_KEY');
+      }
       const supabaseAdmin = createClient(supabaseUrl, secretKey, {
         auth: { autoRefreshToken: false, persistSession: false },
       });

package/src/supabase/crud/list.ts

@@ -182,10 +182,41 @@ export function createSupabaseListEntities(
       }
 
       if (search) {
-        query = query.ilike(toBackendColumn(search.field), `%${search.query}%`);
+        // Validate search.field against entity schema (listFields as allowlist)
+        if (safeListFields && safeListFields.length > 0) {
+          if (!safeListFields.includes(search.field)) {
+            throw new DoNotDevError(
+              `Search field '${search.field}' is not allowed`,
+              'invalid-argument'
+            );
+          }
+        } else if (search.field.startsWith('_') || search.field.includes('.')) {
+          // No schema available — reject obviously unsafe field names
+          throw new DoNotDevError(
+            `Search field '${search.field}' is not allowed`,
+            'invalid-argument'
+          );
+        }
+        // Escape SQL ILIKE wildcards to prevent wildcard injection
+        const escapedQuery = search.query.replace(/%/g, '\\%').replace(/_/g, '\\_');
+        query = query.ilike(toBackendColumn(search.field), `%${escapedQuery}%`);
       }
 
+      // Validate where clause fields against entity schema
       for (const [field, operator, value] of where) {
+        if (safeListFields && safeListFields.length > 0) {
+          if (!safeListFields.includes(field) && field !== 'status' && field !== 'id') {
+            throw new DoNotDevError(
+              `Where field '${field}' is not allowed`,
+              'invalid-argument'
+            );
+          }
+        } else if (field.startsWith('_') || field.includes('.')) {
+          throw new DoNotDevError(
+            `Where field '${field}' is not allowed`,
+            'invalid-argument'
+          );
+        }
         query = applyOperator(query, toBackendColumn(field), operator, value);
       }