@donotdev/functions 0.0.6 → 0.0.8

package/src/shared/utils/external/subscription.ts

@@ -9,15 +9,15 @@
  * @author AMBROISE PARK Consulting
  */
 
-import {
-  getFirebaseAdminAuth,
-  getFirebaseAdminFirestore,
-} from '@donotdev/firebase/server';
-
 import type {
   SubscriptionStatus,
   SubscriptionClaims,
 } from '@donotdev/core/server';
+import { SUBSCRIPTION_STATUS } from '@donotdev/core/server';
+import {
+  getFirebaseAdminAuth,
+  getFirebaseAdminFirestore,
+} from '@donotdev/firebase/server';
 
 /**
  * Maps Stripe price ID to subscription tier
@@ -60,11 +60,24 @@ export async function updateUserSubscription(
   const priceId = subscription.items?.data?.[0]?.price?.id;
   const tier = getTierFromPriceId(priceId);
 
+  // Validate status: must be a framework value OR a valid custom consumer value (non-empty string)
+  // Default to 'incomplete' if invalid/empty
+  const frameworkStatuses = Object.values(SUBSCRIPTION_STATUS);
+  const rawStatus = subscription.status || '';
+  const isValidFrameworkStatus = frameworkStatuses.includes(rawStatus as any);
+  const isValidCustomStatus =
+    typeof rawStatus === 'string' && rawStatus.trim().length > 0;
+
+  const status: SubscriptionStatus =
+    isValidFrameworkStatus || isValidCustomStatus
+      ? (rawStatus as SubscriptionStatus)
+      : SUBSCRIPTION_STATUS.INCOMPLETE;
+
   const subscriptionClaims: SubscriptionClaims = {
     tier,
     subscriptionId: subscription.id,
     customerId: subscription.customer,
-    status: subscription.status as SubscriptionStatus,
+    status,
     subscriptionEnd: subscription.current_period_end
       ? new Date(subscription.current_period_end * 1000).toISOString()
       : null,

package/src/shared/utils/firebaseHelpers.ts

@@ -9,11 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { onCall, type CallableRequest } from 'firebase-functions/v2/https';
+import { onCall } from 'firebase-functions/v2/https';
 import * as v from 'valibot';
 
 import { withSchemaValidation } from './schemaValidation.js';
 
+import type { CallableRequest } from 'firebase-functions/v2/https';
+
 /**
  * Creates a Firebase onCall function with schema validation
  *

package/src/shared/utils/internal/idempotency.ts

@@ -9,9 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 import { logger } from 'firebase-functions/v2';
 
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
+
 export interface IdempotencyResult<T = any> {
   result: T;
   processedAt: string;

package/src/shared/utils/internal/monitoring.ts

@@ -9,9 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 import { logger } from 'firebase-functions/v2';
 
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
+
 /**
  * Payment metrics data structure
  *

package/src/shared/utils/internal/rateLimiter.ts

@@ -9,9 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 import { logger } from 'firebase-functions/v2';
 
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
+
 interface RateLimitConfig {
   maxAttempts: number;
   windowMs: number;

package/src/shared/utils.ts

@@ -12,6 +12,7 @@
 import Stripe from 'stripe';
 
 import { DoNotDevError } from '@donotdev/core/server';
+import type { OAuthPartnerId, UserRole } from '@donotdev/core/server';
 import {
   getFirebaseAdminAuth,
   getFirebaseAdminFirestore,
@@ -20,7 +21,6 @@ import {
 
 // Re-export DoNotDevError for external use
 export { DoNotDevError };
-import type { OAuthPartnerId } from '@donotdev/core/server';
 
 /**
  * Get Firestore instance using @donotdev/firebase/server
@@ -114,6 +114,37 @@ export function assertAuthenticated(auth: any): string {
   return auth.uid;
 }
 
+/**
+ * Get user role from Firebase auth context
+ *
+ * Determines the user's role for visibility filtering based on:
+ * - auth.uid: If missing → 'guest'
+ * - auth.token.isSuper: If true → 'super'
+ * - auth.token.isAdmin: If true → 'admin'
+ * - Otherwise → 'user' (authenticated)
+ *
+ * @param auth - Firebase auth context from callable function
+ * @returns UserRole for visibility filtering
+ *
+ * @version 0.0.1
+ * @since 0.0.1
+ * @author AMBROISE PARK Consulting
+ */
+export function getUserRole(auth: any): UserRole {
+  if (!auth?.uid) return 'guest';
+
+  // Check role claim (standard pattern: auth.token.role = 'admin' | 'super' | etc.)
+  const role = auth.token?.role;
+  if (role === 'super') return 'super';
+  if (role === 'admin') return 'admin';
+
+  // Fallback: check legacy boolean flags for backward compatibility
+  if (auth.token?.isSuper) return 'super';
+  if (auth.token?.isAdmin) return 'admin';
+
+  return 'user';
+}
+
 /**
  * Validates that required Stripe environment variables are set
  *
@@ -256,19 +287,37 @@ export async function handleSubscriptionCancellation(
 
 /**
  * Asserts that a user has admin privileges
+ * Uses role hierarchy: super > admin > user > guest
  *
- * @version 0.0.1
+ * @version 0.0.2
  * @since 0.0.1
  * @author AMBROISE PARK Consulting
  */
-export function assertAdmin(uid: string): string {
+export async function assertAdmin(uid: string): Promise<string> {
   if (!uid) {
-    throw new Error('Authentication required');
+    throw new DoNotDevError('Authentication required', 'unauthenticated');
   }
 
-  // TODO: Implement admin check logic
-  // For now, just return the uid
-  return uid;
+  try {
+    const user = await getFirebaseAdminAuth().getUser(uid);
+    const claims = user.customClaims || {};
+
+    // Check role claim first (standard pattern)
+    const role = claims.role;
+    if (role === 'admin' || role === 'super') {
+      return uid;
+    }
+
+    // Fallback: check legacy boolean flags
+    if (claims.isAdmin === true || claims.isSuper === true) {
+      return uid;
+    }
+
+    throw new DoNotDevError('Admin privileges required', 'permission-denied');
+  } catch (error) {
+    if (error instanceof DoNotDevError) throw error;
+    throw new DoNotDevError('Failed to verify admin status', 'internal');
+  }
 }
 
 /**

package/src/vercel/api/billing/cancel.ts

@@ -9,9 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import * as v from 'valibot';
 
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
+
 import { cancelUserSubscription } from '../../../shared/billing/helpers/subscriptionManagement.js';
 import { createVercelBaseFunction } from '../../baseFunction.js';
 

package/src/vercel/api/billing/change-plan.ts

@@ -9,11 +9,11 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import Stripe from 'stripe';
 import * as v from 'valibot';
 
 import type { StripeBackConfig } from '@donotdev/core/server';
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 
 import { updateUserSubscription } from '../../../shared/billing/helpers/updateUserSubscription.js';
 import { handleError } from '../../../shared/errorHandling.js';

package/src/vercel/api/billing/create-checkout-session.ts

@@ -9,14 +9,14 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import * as v from 'valibot';
 
+import { CreateCheckoutSessionRequestSchema } from '@donotdev/core/server';
 import type {
   CreateCheckoutSessionRequest,
   StripeBackConfig,
 } from '@donotdev/core/server';
-import { CreateCheckoutSessionRequestSchema } from '@donotdev/core/server';
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 
 import { createCheckoutAlgorithm } from '../../../shared/billing/createCheckout.js';
 import { stripe, validateStripeEnvironment } from '../../../shared/utils.js';

package/src/vercel/api/billing/customer-portal.ts

@@ -9,9 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import * as v from 'valibot';
 
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
+
 import { handleError } from '../../../shared/errorHandling.js';
 import { stripe, validateStripeEnvironment } from '../../../shared/utils.js';
 import { createVercelBaseFunction } from '../../baseFunction.js';

package/src/vercel/api/billing/refresh-subscription-status.ts

@@ -9,11 +9,11 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import Stripe from 'stripe';
 import * as v from 'valibot';
 
 import type { RefreshSubscriptionRequest } from '@donotdev/core/server';
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 
 import { stripe, validateStripeEnvironment } from '../../../shared/utils.js';
 import { createVercelBaseFunction } from '../../baseFunction.js';

package/src/vercel/api/crud/create.ts

@@ -9,12 +9,11 @@
  * @author AMBROISE PARK Consulting
  */
 
-import type { CreateEntityData } from '@donotdev/core/server';
 import { DEFAULT_STATUS_VALUE } from '@donotdev/core/server';
-
-import { handleError } from '../../../shared/errorHandling.js';
+import type { CreateEntityData } from '@donotdev/core/server';
 import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
+import { handleError } from '../../../shared/errorHandling.js';
 import {
   prepareForFirestore,
   transformFirestoreData,

package/src/vercel/api/crud/delete.ts

@@ -10,7 +10,6 @@
  */
 
 import type { GetEntityData } from '@donotdev/core/server';
-
 import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
 import { handleError } from '../../../shared/errorHandling.js';

package/src/vercel/api/crud/get.ts

@@ -9,14 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
-import type { GetEntityData } from '@donotdev/core/server';
 import { HIDDEN_STATUSES } from '@donotdev/core/server';
+import type { GetEntityData } from '@donotdev/core/server';
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
 import { handleError } from '../../../shared/errorHandling.js';
 import { transformFirestoreData } from '../../../shared/index.js';
 import { filterVisibleFields } from '../../../shared/index.js';
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
-
 import { assertAuthenticated } from '../../../shared/utils.js';
 
 import type { NextApiRequest, NextApiResponse } from 'next';

package/src/vercel/api/crud/list.ts

@@ -9,14 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
-import type { ListEntityData } from '@donotdev/core/server';
 import { HIDDEN_STATUSES } from '@donotdev/core/server';
+import type { ListEntityData } from '@donotdev/core/server';
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
 import { handleError } from '../../../shared/errorHandling.js';
 import { transformFirestoreData } from '../../../shared/index.js';
 import { filterVisibleFields } from '../../../shared/index.js';
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
-
 import { assertAuthenticated } from '../../../shared/utils.js';
 
 import type { NextApiRequest, NextApiResponse } from 'next';

package/src/vercel/api/crud/update.ts

@@ -9,12 +9,11 @@
  * @author AMBROISE PARK Consulting
  */
 
-import type { UpdateEntityData } from '@donotdev/core/server';
 import { DEFAULT_STATUS_VALUE } from '@donotdev/core/server';
-
-import { handleError } from '../../../shared/errorHandling.js';
+import type { UpdateEntityData } from '@donotdev/core/server';
 import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
+import { handleError } from '../../../shared/errorHandling.js';
 import {
   prepareForFirestore,
   transformFirestoreData,

package/src/vercel/api/oauth/check-github-access.ts

@@ -9,13 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import * as v from 'valibot';
 
 import {
   checkGitHubAccessSchema,
   type CheckGitHubAccessRequest,
 } from '@donotdev/core/server';
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 
 import { GitHubApiService } from '../../../shared/index.js';
 import { createVercelBaseFunction } from '../../baseFunction.js';

package/src/vercel/api/oauth/grant-github-access.ts

@@ -9,13 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import * as v from 'valibot';
 
 import {
   grantGitHubAccessSchema,
   type GrantGitHubAccessRequest,
 } from '@donotdev/core/server';
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 
 import { GitHubApiService } from '../../../shared/index.js';
 import { createVercelBaseFunction } from '../../baseFunction.js';

package/src/vercel/api/oauth/revoke-github-access.ts

@@ -9,13 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import * as v from 'valibot';
 
 import {
   revokeGitHubAccessSchema,
   type RevokeGitHubAccessRequest,
 } from '@donotdev/core/server';
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 
 import { handleError } from '../../../shared/errorHandling.js';
 import { GitHubApiService } from '../../../shared/index.js';