@donotdev/functions 0.0.12 → 0.0.13

package/src/shared/billing/__tests__/webhookHandler.test.ts

@@ -80,7 +80,10 @@ vi.mock('../../logger.js', () => ({
 // Reset idempotency store between tests so events are never pre-marked
 import { resetIdempotencyStore } from '../idempotency.js';
 import { processWebhook } from '../webhookHandler.js';
-import type { UpdateSubscriptionFn, WebhookAuthProvider } from '../webhookHandler.js';
+import type {
+  UpdateSubscriptionFn,
+  WebhookAuthProvider,
+} from '../webhookHandler.js';
 
 // ---------------------------------------------------------------------------
 // Shared test fixtures
@@ -217,15 +220,15 @@ describe('processWebhook — signature verification', () => {
     const stripe = {
       webhooks: {
         constructEvent: vi.fn(() => {
-          throw new Error('No signatures found matching the expected signature');
+          throw new Error(
+            'No signatures found matching the expected signature'
+          );
         }),
       },
       subscriptions: { retrieve: vi.fn() },
     };
 
-    await expect(
-      callProcessWebhook({ stripe })
-    ).rejects.toThrow();
+    await expect(callProcessWebhook({ stripe })).rejects.toThrow();
   });
 });
 
@@ -260,7 +263,10 @@ describe('processWebhook — idempotency', () => {
       updateSubscription: updateSubscription2,
     });
 
-    expect(result).toEqual({ success: true, message: 'Event already processed' });
+    expect(result).toEqual({
+      success: true,
+      message: 'Event already processed',
+    });
     expect(updateSubscription2).not.toHaveBeenCalled();
   });
 
@@ -279,8 +285,16 @@ describe('processWebhook — idempotency', () => {
     const updateSubscription1 = makeUpdateSubscription();
     const updateSubscription2 = makeUpdateSubscription();
 
-    await callProcessWebhook({ stripe: makeStripe(event1), config, updateSubscription: updateSubscription1 });
-    await callProcessWebhook({ stripe: makeStripe(event2), config, updateSubscription: updateSubscription2 });
+    await callProcessWebhook({
+      stripe: makeStripe(event1),
+      config,
+      updateSubscription: updateSubscription1,
+    });
+    await callProcessWebhook({
+      stripe: makeStripe(event2),
+      config,
+      updateSubscription: updateSubscription2,
+    });
 
     expect(updateSubscription1).toHaveBeenCalledTimes(1);
     expect(updateSubscription2).toHaveBeenCalledTimes(1);
@@ -349,7 +363,11 @@ describe('event routing — checkout.session.completed (StripeSubscription)', ()
     const config = makeConfig();
     const updateSubscription = makeUpdateSubscription();
 
-    await callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription });
+    await callProcessWebhook({
+      stripe: makeStripe(event),
+      config,
+      updateSubscription,
+    });
 
     expect(updateSubscription).toHaveBeenCalledOnce();
     const [userId, data] = (updateSubscription as any).mock.calls[0];
@@ -370,9 +388,16 @@ describe('event routing — checkout.session.completed (StripeSubscription)', ()
       customer: 'cus_hook',
     });
 
-    await callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription: makeUpdateSubscription() });
+    await callProcessWebhook({
+      stripe: makeStripe(event),
+      config,
+      updateSubscription: makeUpdateSubscription(),
+    });
 
-    expect(onSubscriptionCreated).toHaveBeenCalledWith('u_hook', expect.any(Object));
+    expect(onSubscriptionCreated).toHaveBeenCalledWith(
+      'u_hook',
+      expect.any(Object)
+    );
   });
 
   it('does NOT throw when onSubscriptionCreated hook throws (non-critical)', async () => {
@@ -387,7 +412,11 @@ describe('event routing — checkout.session.completed (StripeSubscription)', ()
     });
 
     await expect(
-      callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription: makeUpdateSubscription() })
+      callProcessWebhook({
+        stripe: makeStripe(event),
+        config,
+        updateSubscription: makeUpdateSubscription(),
+      })
     ).resolves.toEqual({ success: true, message: 'Webhook processed' });
   });
 
@@ -459,7 +488,11 @@ describe('event routing — checkout.session.completed (StripePayment)', () => {
     const config = makeConfig();
     const updateSubscription = makeUpdateSubscription();
 
-    await callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription });
+    await callProcessWebhook({
+      stripe: makeStripe(event),
+      config,
+      updateSubscription,
+    });
 
     expect(updateSubscription).toHaveBeenCalledOnce();
     const [userId, data] = (updateSubscription as any).mock.calls[0];
@@ -486,9 +519,16 @@ describe('event routing — checkout.session.completed (StripePayment)', () => {
       customer: 'cus_pay_hook',
     });
 
-    await callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription: makeUpdateSubscription() });
+    await callProcessWebhook({
+      stripe: makeStripe(event),
+      config,
+      updateSubscription: makeUpdateSubscription(),
+    });
 
-    expect(onPurchaseSuccess).toHaveBeenCalledWith('u_pay_hook', expect.any(Object));
+    expect(onPurchaseSuccess).toHaveBeenCalledWith(
+      'u_pay_hook',
+      expect.any(Object)
+    );
   });
 
   it('does NOT throw when onPurchaseSuccess hook throws (non-critical)', async () => {
@@ -509,7 +549,11 @@ describe('event routing — checkout.session.completed (StripePayment)', () => {
     });
 
     await expect(
-      callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription: makeUpdateSubscription() })
+      callProcessWebhook({
+        stripe: makeStripe(event),
+        config,
+        updateSubscription: makeUpdateSubscription(),
+      })
     ).resolves.toEqual({ success: true, message: 'Webhook processed' });
   });
 });
@@ -568,9 +612,16 @@ describe('event routing — invoice.payment_succeeded', () => {
       metadata: { userId: 'u_hook_renewal', billingConfigKey: 'pro_monthly' },
     }));
 
-    await callProcessWebhook({ stripe, config, updateSubscription: makeUpdateSubscription() });
+    await callProcessWebhook({
+      stripe,
+      config,
+      updateSubscription: makeUpdateSubscription(),
+    });
 
-    expect(onSubscriptionRenewed).toHaveBeenCalledWith('u_hook_renewal', expect.any(Object));
+    expect(onSubscriptionRenewed).toHaveBeenCalledWith(
+      'u_hook_renewal',
+      expect.any(Object)
+    );
   });
 
   it('does NOT throw when onSubscriptionRenewed hook throws (non-critical)', async () => {
@@ -593,7 +644,11 @@ describe('event routing — invoice.payment_succeeded', () => {
     }));
 
     await expect(
-      callProcessWebhook({ stripe, config, updateSubscription: makeUpdateSubscription() })
+      callProcessWebhook({
+        stripe,
+        config,
+        updateSubscription: makeUpdateSubscription(),
+      })
     ).resolves.toEqual({ success: true, message: 'Webhook processed' });
   });
 
@@ -647,7 +702,10 @@ describe('event routing — invoice.payment_succeeded', () => {
     const stripe = makeStripe(event);
     stripe.subscriptions.retrieve = vi.fn(async () => ({
       id: 'sub_payment_type',
-      metadata: { userId: 'u_payment_type', billingConfigKey: 'lifetime_purchase' },
+      metadata: {
+        userId: 'u_payment_type',
+        billingConfigKey: 'lifetime_purchase',
+      },
     }));
     const updateSubscription = makeUpdateSubscription();
 
@@ -723,9 +781,16 @@ describe('event routing — customer.subscription.deleted', () => {
     };
     const event = makeEvent('customer.subscription.deleted', subscription);
 
-    await callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription: makeUpdateSubscription() });
+    await callProcessWebhook({
+      stripe: makeStripe(event),
+      config,
+      updateSubscription: makeUpdateSubscription(),
+    });
 
-    expect(onSubscriptionCancelled).toHaveBeenCalledWith('u_cancel_hook', expect.any(Object));
+    expect(onSubscriptionCancelled).toHaveBeenCalledWith(
+      'u_cancel_hook',
+      expect.any(Object)
+    );
   });
 
   it('does NOT throw when onSubscriptionCancelled hook throws (non-critical)', async () => {
@@ -744,7 +809,11 @@ describe('event routing — customer.subscription.deleted', () => {
     const event = makeEvent('customer.subscription.deleted', subscription);
 
     await expect(
-      callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription: makeUpdateSubscription() })
+      callProcessWebhook({
+        stripe: makeStripe(event),
+        config,
+        updateSubscription: makeUpdateSubscription(),
+      })
     ).resolves.toEqual({ success: true, message: 'Webhook processed' });
   });
 
@@ -776,7 +845,11 @@ describe('event routing — customer.subscription.deleted', () => {
     const event = makeEvent('customer.subscription.deleted', subscription);
     const updateSubscription = makeUpdateSubscription();
 
-    await callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription });
+    await callProcessWebhook({
+      stripe: makeStripe(event),
+      config,
+      updateSubscription,
+    });
 
     expect(updateSubscription).not.toHaveBeenCalled();
   });
@@ -824,7 +897,10 @@ describe('event routing — invoice.payment_failed', () => {
 
     await callProcessWebhook({ stripe: makeStripe(event), config });
 
-    expect(onPurchaseFailure).toHaveBeenCalledWith('u_fail_pay', expect.any(Object));
+    expect(onPurchaseFailure).toHaveBeenCalledWith(
+      'u_fail_pay',
+      expect.any(Object)
+    );
   });
 
   it('calls onPaymentFailed for StripeSubscription billing items', async () => {
@@ -839,7 +915,10 @@ describe('event routing — invoice.payment_failed', () => {
 
     await callProcessWebhook({ stripe: makeStripe(event), config });
 
-    expect(onPaymentFailed).toHaveBeenCalledWith('u_fail_sub', expect.any(Object));
+    expect(onPaymentFailed).toHaveBeenCalledWith(
+      'u_fail_sub',
+      expect.any(Object)
+    );
   });
 
   it('does NOT throw when onPurchaseFailure hook throws (non-critical)', async () => {
@@ -922,7 +1001,11 @@ describe('event routing — invoice.payment_failed', () => {
     const event = makeEvent('invoice.payment_failed', invoice);
     const updateSubscription = makeUpdateSubscription();
 
-    await callProcessWebhook({ stripe: makeStripe(event), config, updateSubscription });
+    await callProcessWebhook({
+      stripe: makeStripe(event),
+      config,
+      updateSubscription,
+    });
 
     expect(updateSubscription).not.toHaveBeenCalled();
   });
@@ -952,7 +1035,9 @@ describe('event routing — unknown event types', () => {
   });
 
   it('handles payment_intent.succeeded gracefully (not in router)', async () => {
-    const event = makeEvent('payment_intent.succeeded', { id: 'pi_not_routed' });
+    const event = makeEvent('payment_intent.succeeded', {
+      id: 'pi_not_routed',
+    });
 
     const result = await callProcessWebhook({ stripe: makeStripe(event) });
 
@@ -997,7 +1082,10 @@ describe('state machine transitions', () => {
 
   it('checkout.session.completed → status=active (StripePayment)', async () => {
     const event = makeEvent('checkout.session.completed', {
-      metadata: { userId: 'u_sm_pay_active', billingConfigKey: 'lifetime_purchase' },
+      metadata: {
+        userId: 'u_sm_pay_active',
+        billingConfigKey: 'lifetime_purchase',
+      },
       subscription: null,
       customer: 'cus_sm_pay_active',
     });
@@ -1086,6 +1174,9 @@ describe('processWebhook — return value', () => {
     await callProcessWebhook({ stripe: makeStripe(event) });
     const result = await callProcessWebhook({ stripe: makeStripe(event) });
 
-    expect(result).toEqual({ success: true, message: 'Event already processed' });
+    expect(result).toEqual({
+      success: true,
+      message: 'Event already processed',
+    });
   });
 });

package/src/shared/firebase.ts

@@ -212,4 +212,4 @@ export function prepareForFirestore<T = any>(
 
   // Return primitive values unchanged
   return data;
-}
+}

package/src/shared/logger.ts

@@ -245,7 +245,13 @@ export const logger = {
       context,
       error: context?.error,
       metadata: {
-        ...(_isNodeEnv ? { pid: process.pid, nodeVersion: process.version, platform: process.platform } : {}),
+        ...(_isNodeEnv
+          ? {
+              pid: process.pid,
+              nodeVersion: process.version,
+              platform: process.platform,
+            }
+          : {}),
         ...context?.metadata,
       },
     };

package/src/shared/oauth/__tests__/exchangeToken.test.ts

@@ -11,11 +11,11 @@
 
 import { describe, it, expect, vi } from 'vitest';
 
-import {
-  exchangeTokenAlgorithm,
-  type OAuthProvider,
-} from '../exchangeToken';
-import type { ExchangeTokenRequest, TokenResponse } from '@donotdev/core/server';
+import { exchangeTokenAlgorithm, type OAuthProvider } from '../exchangeToken';
+import type {
+  ExchangeTokenRequest,
+  TokenResponse,
+} from '@donotdev/core/server';
 
 // ---------------------------------------------------------------------------
 // Helpers
@@ -94,9 +94,7 @@ describe('exchangeTokenAlgorithm', () => {
 
   describe('error scenarios', () => {
     it('re-throws errors from provider', async () => {
-      const oauthProvider = makeRejectingProvider(
-        new Error('invalid_grant')
-      );
+      const oauthProvider = makeRejectingProvider(new Error('invalid_grant'));
 
       await expect(
         exchangeTokenAlgorithm(BASE_REQUEST, oauthProvider)

package/src/shared/oauth/__tests__/grantAccess.test.ts

@@ -1,17 +1,15 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 
-import {
-  grantAccessAlgorithm,
-  type OAuthGrantProvider,
-} from '../grantAccess';
+import { grantAccessAlgorithm, type OAuthGrantProvider } from '../grantAccess';
 
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
 
-function makeProvider(
-  result: { success: boolean; message: string }
-): OAuthGrantProvider {
+function makeProvider(result: {
+  success: boolean;
+  message: string;
+}): OAuthGrantProvider {
   return { grantAccess: vi.fn().mockResolvedValue(result) };
 }
 
@@ -187,7 +185,10 @@ describe('grantAccessAlgorithm', () => {
         );
 
         expect(oauthProvider.grantAccess).toHaveBeenCalledWith(
-          expect.objectContaining({ provider: providerName, accessToken: token })
+          expect.objectContaining({
+            provider: providerName,
+            accessToken: token,
+          })
         );
       }
     );
@@ -199,12 +200,16 @@ describe('grantAccessAlgorithm', () => {
 
   describe('error scenarios', () => {
     it('re-throws synchronous errors from provider', async () => {
-      const oauthProvider = makeRejectingProvider(
-        new Error('network failure')
-      );
+      const oauthProvider = makeRejectingProvider(new Error('network failure'));
 
       await expect(
-        grantAccessAlgorithm(userId, provider, accessToken, refreshToken, oauthProvider)
+        grantAccessAlgorithm(
+          userId,
+          provider,
+          accessToken,
+          refreshToken,
+          oauthProvider
+        )
       ).rejects.toThrow('network failure');
     });
 
@@ -220,7 +225,13 @@ describe('grantAccessAlgorithm', () => {
       const oauthProvider = makeRejectingProvider(originalError);
 
       await expect(
-        grantAccessAlgorithm(userId, provider, accessToken, refreshToken, oauthProvider)
+        grantAccessAlgorithm(
+          userId,
+          provider,
+          accessToken,
+          refreshToken,
+          oauthProvider
+        )
       ).rejects.toThrow('token expired');
     });
 
@@ -228,7 +239,13 @@ describe('grantAccessAlgorithm', () => {
       const oauthProvider = makeRejectingProvider(new Error('boom'));
 
       await expect(
-        grantAccessAlgorithm(userId, provider, accessToken, refreshToken, oauthProvider)
+        grantAccessAlgorithm(
+          userId,
+          provider,
+          accessToken,
+          refreshToken,
+          oauthProvider
+        )
       ).rejects.toThrow('boom');
 
       expect(oauthProvider.grantAccess).toHaveBeenCalledOnce();

package/src/shared/utils/internal/auth.ts

@@ -74,7 +74,10 @@ export async function assertAdmin(uid: string): Promise<string> {
   } catch (error) {
     // C4: Re-throw permission-denied as-is so callers can distinguish it from
     // infrastructure failures. Only wrap genuine unexpected errors.
-    if (error instanceof Error && error.message === 'Admin privileges required') {
+    if (
+      error instanceof Error &&
+      error.message === 'Admin privileges required'
+    ) {
       throw error;
     }
     throw new Error('Failed to verify admin status');
@@ -161,7 +164,8 @@ async function verifySupabaseToken(token: string): Promise<{ uid: string }> {
   const { createClient } = await import('@supabase/supabase-js');
 
   const supabaseUrl = process.env.SUPABASE_URL;
-  const secretKey = process.env.SUPABASE_SECRET_KEY || process.env.SUPABASE_SERVICE_ROLE_KEY;
+  const secretKey =
+    process.env.SUPABASE_SECRET_KEY || process.env.SUPABASE_SERVICE_ROLE_KEY;
 
   if (!supabaseUrl || !secretKey) {
     throw new Error(
@@ -173,7 +177,10 @@ async function verifySupabaseToken(token: string): Promise<{ uid: string }> {
     auth: { autoRefreshToken: false, persistSession: false },
   });
 
-  const { data: { user }, error } = await supabaseAdmin.auth.getUser(token);
+  const {
+    data: { user },
+    error,
+  } = await supabaseAdmin.auth.getUser(token);
 
   if (error || !user) {
     throw new Error('Invalid or expired token');

package/src/shared/utils/internal/rateLimiter.ts

@@ -12,7 +12,10 @@
 import { logger } from 'firebase-functions/v2';
 
 import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
-import type { ServerRateLimitConfig as RateLimitConfig, ServerRateLimitResult as RateLimitResult } from '@donotdev/core';
+import type {
+  ServerRateLimitConfig as RateLimitConfig,
+  ServerRateLimitResult as RateLimitResult,
+} from '@donotdev/core';
 
 export type { RateLimitConfig, RateLimitResult };
 
@@ -204,7 +207,10 @@ export async function checkRateLimitWithFirestore(
       }
 
       // Increment attempts
-      tx.update(rateLimitRef, { attempts: data.attempts + 1, lastUpdated: now });
+      tx.update(rateLimitRef, {
+        attempts: data.attempts + 1,
+        lastUpdated: now,
+      });
       result = {
         allowed: true,
         remaining: config.maxAttempts - (data.attempts + 1),

package/src/shared/utils.ts

@@ -439,7 +439,11 @@ export async function findReferences(
     }>;
   }
 ): Promise<Array<{ collection: string; field: string; count: number }>> {
-  const references: Array<{ collection: string; field: string; count: number }> = [];
+  const references: Array<{
+    collection: string;
+    field: string;
+    count: number;
+  }> = [];
 
   if (!referenceMetadata?.incoming?.length) {
     return references;

package/src/supabase/auth/deleteAccount.ts

@@ -47,6 +47,6 @@ export function createDeleteAccount() {
       if (error) throw error;
 
       return { success: true };
-    },
+    }
   );
 }

package/src/supabase/auth/getCustomClaims.ts

@@ -43,14 +43,16 @@ export function createGetCustomClaims() {
     'get-custom-claims',
     getCustomClaimsSchema,
     async (_data, ctx) => {
-      const { data: { user }, error } =
-        await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
+      const {
+        data: { user },
+        error,
+      } = await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
       if (error || !user) {
         throw new Error('User not found');
       }
 
       return { customClaims: user.app_metadata ?? {} };
     },
-    'user',
+    'user'
   );
 }

package/src/supabase/auth/getUserAuthStatus.ts

@@ -45,8 +45,10 @@ export function createGetUserAuthStatus() {
     'get-user-auth-status',
     getUserAuthStatusSchema,
     async (_data, ctx) => {
-      const { data: { user }, error } =
-        await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
+      const {
+        data: { user },
+        error,
+      } = await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
       if (error || !user) {
         throw new Error('User not found');
       }
@@ -59,6 +61,6 @@ export function createGetUserAuthStatus() {
         disabled: user.banned_until != null,
       };
     },
-    'user',
+    'user'
   );
 }

package/src/supabase/auth/removeCustomClaims.ts

@@ -20,7 +20,7 @@ import { createSupabaseHandler } from '../baseFunction.js';
 const removeCustomClaimsSchema = v.object({
   claimsToRemove: v.pipe(
     v.array(v.string()),
-    v.minLength(1, 'At least one claim key is required'),
+    v.minLength(1, 'At least one claim key is required')
   ),
 });
 
@@ -49,14 +49,19 @@ export function createRemoveCustomClaims() {
     removeCustomClaimsSchema,
     async (data, ctx) => {
       // Get current app_metadata
-      const { data: { user }, error: getUserError } =
-        await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
+      const {
+        data: { user },
+        error: getUserError,
+      } = await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
       if (getUserError || !user) {
         throw new Error('User not found');
       }
 
       // Remove specified keys
-      const existingClaims = { ...(user.app_metadata ?? {}) } as Record<string, unknown>;
+      const existingClaims = { ...(user.app_metadata ?? {}) } as Record<
+        string,
+        unknown
+      >;
       for (const key of data.claimsToRemove) {
         delete existingClaims[key];
       }
@@ -70,6 +75,6 @@ export function createRemoveCustomClaims() {
 
       return { success: true, customClaims: existingClaims };
     },
-    'user',
+    'user'
   );
 }

package/src/supabase/auth/setCustomClaims.ts

@@ -49,14 +49,19 @@ export function createSetCustomClaims() {
     setCustomClaimsSchema,
     async (data, ctx) => {
       // Get current app_metadata
-      const { data: { user }, error: getUserError } =
-        await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
+      const {
+        data: { user },
+        error: getUserError,
+      } = await ctx.supabaseAdmin.auth.admin.getUserById(ctx.uid);
       if (getUserError || !user) {
         throw new Error('User not found');
       }
 
       // Merge new claims with existing app_metadata
-      const existingClaims = (user.app_metadata ?? {}) as Record<string, unknown>;
+      const existingClaims = (user.app_metadata ?? {}) as Record<
+        string,
+        unknown
+      >;
       const updatedClaims = { ...existingClaims, ...data.customClaims };
 
       // Update app_metadata
@@ -68,6 +73,6 @@ export function createSetCustomClaims() {
 
       return { success: true, customClaims: updatedClaims };
     },
-    'user',
+    'user'
   );
 }