@mxpicture/gcp-functions-backend 1.1.37 → 1.1.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/firebase/firebase.express.d.ts +3 -0
- package/dist/firebase/firebase.express.d.ts.map +1 -0
- package/dist/firebase/firebase.express.js +36 -0
- package/dist/firebase/firebase.express.js.map +1 -0
- package/dist/firebase/index.d.ts +1 -0
- package/dist/firebase/index.d.ts.map +1 -1
- package/dist/firebase/index.js +1 -0
- package/dist/firebase/index.js.map +1 -1
- package/dist/function/IBackendFunction.d.ts +12 -2
- package/dist/function/IBackendFunction.d.ts.map +1 -1
- package/dist/function/IBackendFunction.js +23 -2
- package/dist/function/IBackendFunction.js.map +1 -1
- package/package.json +5 -2
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"firebase.express.d.ts","sourceRoot":"","sources":["../../src/firebase/firebase.express.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG1D,eAAO,MAAM,gBAAgB,GAC3B,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,4DAoCnB,CAAC"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { GoogleAuth } from "google-auth-library";
|
|
2
|
+
export const checkServiceAuth = async (req, res, next) => {
|
|
3
|
+
// (Optional) allow only POST to reduce accidental hits
|
|
4
|
+
if (req.method !== "POST")
|
|
5
|
+
return res.status(405).send("Method Not Allowed");
|
|
6
|
+
try {
|
|
7
|
+
const authHeader = req.header("authorization") ?? "";
|
|
8
|
+
const match = authHeader.match(/^Bearer (.+)$/i);
|
|
9
|
+
if (!match)
|
|
10
|
+
return res.status(401).send("Missing Authorization: Bearer <token>");
|
|
11
|
+
const idToken = match[1];
|
|
12
|
+
// Must match what Cloud Scheduler uses as the "audience".
|
|
13
|
+
// Best practice: set this after deploy (see env var note below).
|
|
14
|
+
const audience = process.env.INTERNAL_FUNCTION_URL;
|
|
15
|
+
if (!audience)
|
|
16
|
+
return res
|
|
17
|
+
.status(500)
|
|
18
|
+
.send("No audience found (env: INTERNAL_FUNCTION_URL)");
|
|
19
|
+
const auth = new GoogleAuth();
|
|
20
|
+
const client = await auth.getIdTokenClient(audience);
|
|
21
|
+
const ticket = await client.verifyIdToken({ idToken, audience });
|
|
22
|
+
const payload = ticket.getPayload();
|
|
23
|
+
if (!payload)
|
|
24
|
+
return res.status(401).send("Invalid token payload");
|
|
25
|
+
// Optional: lock down to the exact service account Cloud Scheduler uses
|
|
26
|
+
const allowedCaller = process.env.ALLOWED_CALLER_SA_EMAIL;
|
|
27
|
+
if (allowedCaller && payload.email !== allowedCaller)
|
|
28
|
+
return res.status(403).send("Caller service account not allowed");
|
|
29
|
+
next();
|
|
30
|
+
}
|
|
31
|
+
catch (e) {
|
|
32
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
33
|
+
res.status(401).send(`Unauthorized: ${e?.message ?? String(e)}`);
|
|
34
|
+
}
|
|
35
|
+
};
|
|
36
|
+
//# sourceMappingURL=firebase.express.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"firebase.express.js","sourceRoot":"","sources":["../../src/firebase/firebase.express.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EACnC,GAAY,EACZ,GAAa,EACb,IAAkB,EAClB,EAAE;IACF,uDAAuD;IACvD,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAE7E,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACjD,IAAI,CAAC,KAAK;YACR,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEzB,0DAA0D;QAC1D,iEAAiE;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QACnD,IAAI,CAAC,QAAQ;YACX,OAAO,GAAG;iBACP,MAAM,CAAC,GAAG,CAAC;iBACX,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAE5D,MAAM,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;QACjE,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAEnE,wEAAwE;QACxE,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAC1D,IAAI,aAAa,IAAI,OAAO,CAAC,KAAK,KAAK,aAAa;YAClD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAEpE,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,8DAA8D;QAC9D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,iBAAkB,CAAS,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC,CAAC"}
|
package/dist/firebase/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/firebase/index.ts"],"names":[],"mappings":"AACA,cAAc,uBAAuB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/firebase/index.ts"],"names":[],"mappings":"AACA,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC"}
|
package/dist/firebase/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/firebase/index.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,cAAc,uBAAuB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/firebase/index.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { DocumentData, DocumentKeyAdmin, FunctionRequest, FunctionResponse } from "@mxpicture/gcp-functions-common/types";
|
|
2
2
|
import { BackendApi } from "../api/BackendApi.js";
|
|
3
|
-
import { CallableFunction } from "firebase-functions/v2/https";
|
|
3
|
+
import { CallableFunction, HttpsFunction } from "firebase-functions/v2/https";
|
|
4
4
|
/**
|
|
5
5
|
* Abstract base class for Firebase callable backend functions.
|
|
6
6
|
*
|
|
@@ -80,6 +80,16 @@ export declare abstract class IBackendFunction<STORE_DOC extends DocumentKeyAdmi
|
|
|
80
80
|
*
|
|
81
81
|
* @returns A Firebase {@link CallableFunction} ready for deployment.
|
|
82
82
|
*/
|
|
83
|
-
|
|
83
|
+
buildCallableFunction(): CallableFunction<FunctionRequest<any>, Promise<FunctionResponse<any>>>;
|
|
84
|
+
/**
|
|
85
|
+
* Build and return a Firebase Https Cloud Function.
|
|
86
|
+
*
|
|
87
|
+
* @remarks
|
|
88
|
+
* Wraps {@link ingress} in a Firebase `onRequest` handler configured with the
|
|
89
|
+
* specified region and service account.
|
|
90
|
+
*
|
|
91
|
+
* @returns A Firebase {@link HttpsFunction} ready for deployment.
|
|
92
|
+
*/
|
|
93
|
+
buildHttpsFunction(): HttpsFunction;
|
|
84
94
|
}
|
|
85
95
|
//# sourceMappingURL=IBackendFunction.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IBackendFunction.d.ts","sourceRoot":"","sources":["../../src/function/IBackendFunction.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAEL,gBAAgB,
|
|
1
|
+
{"version":3,"file":"IBackendFunction.d.ts","sourceRoot":"","sources":["../../src/function/IBackendFunction.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EACjB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAEL,gBAAgB,EAGhB,aAAa,EACd,MAAM,6BAA6B,CAAC;AAQrC;;;;;;;;;;GAUG;AACH,8BAAsB,gBAAgB,CACpC,SAAS,SAAS,gBAAgB,EAClC,GAAG,SAAS,SAAS,EACrB,YAAY,SAAS,YAAY,EACjC,GAAG,SAAS,UAAU,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC;aAclC,IAAI,EAAE,MAAM;aACZ,MAAM,EAAE,MAAM;aACd,cAAc,EAAE,MAAM;IACtC,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE;IAfxC,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC;IACrB,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAE7B;;;;;;;OAOG;gBAEe,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EAAE;IAGxC;;;;OAIG;IACI,MAAM,CAAC,GAAG,EAAE,GAAG,GAAG,IAAI;IAI7B;;;;OAIG;IACI,SAAS,CAAC,MAAM,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,GAAG,MAAM,EAAE,GAAG,IAAI;IAIpE;;;;;OAKG;IACH,SAAS,CAAC,GAAG,IAAI,GAAG;IAMpB;;;;;OAKG;IACH,SAAS,CAAC,MAAM,IAAI,MAAM,EAAE;IAQ5B;;;;;;;;;;;;;OAaG;IACU,OAAO,CAAC,GAAG,EAAE,GAAG,SAAS,YAAY,EAChD,OAAO,EAAE,eAAe,CAAC,GAAG,CAAC,GAC5B,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAsBjC;;;;;;;;OAQG;IACI,qBAAqB,IAAI,gBAAgB,CAE9C,eAAe,CAAC,GAAG,CAAC,EAEpB,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC/B;IAOD;;;;;;;;OAQG;IACI,kBAAkB,IAAI,aAAa;CAc3C"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
|
-
import { onCall, HttpsError, } from "firebase-functions/v2/https";
|
|
1
|
+
import { onCall, HttpsError, onRequest, } from "firebase-functions/v2/https";
|
|
2
|
+
import express from "express";
|
|
2
3
|
import { toDatesDeep, toTimestampsDeep, } from "@mxpicture/gcp-functions-common/helper";
|
|
4
|
+
import { checkServiceAuth } from "../firebase/firebase.express.js";
|
|
3
5
|
/**
|
|
4
6
|
* Abstract base class for Firebase callable backend functions.
|
|
5
7
|
*
|
|
@@ -111,8 +113,27 @@ export class IBackendFunction {
|
|
|
111
113
|
*
|
|
112
114
|
* @returns A Firebase {@link CallableFunction} ready for deployment.
|
|
113
115
|
*/
|
|
114
|
-
|
|
116
|
+
buildCallableFunction() {
|
|
115
117
|
return onCall({ region: this.region, serviceAccount: this.serviceAccount }, async (req) => this.ingress(req.data));
|
|
116
118
|
}
|
|
119
|
+
/**
|
|
120
|
+
* Build and return a Firebase Https Cloud Function.
|
|
121
|
+
*
|
|
122
|
+
* @remarks
|
|
123
|
+
* Wraps {@link ingress} in a Firebase `onRequest` handler configured with the
|
|
124
|
+
* specified region and service account.
|
|
125
|
+
*
|
|
126
|
+
* @returns A Firebase {@link HttpsFunction} ready for deployment.
|
|
127
|
+
*/
|
|
128
|
+
buildHttpsFunction() {
|
|
129
|
+
const app = express();
|
|
130
|
+
app.use(express.json());
|
|
131
|
+
app.use(checkServiceAuth);
|
|
132
|
+
app.post("/", async (req, res) => {
|
|
133
|
+
const result = await this.ingress(req.body.data);
|
|
134
|
+
return res.status(200).json(result);
|
|
135
|
+
});
|
|
136
|
+
return onRequest({ region: this.region, serviceAccount: this.serviceAccount }, app);
|
|
137
|
+
}
|
|
117
138
|
}
|
|
118
139
|
//# sourceMappingURL=IBackendFunction.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IBackendFunction.js","sourceRoot":"","sources":["../../src/function/IBackendFunction.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,MAAM,EAEN,UAAU,
|
|
1
|
+
{"version":3,"file":"IBackendFunction.js","sourceRoot":"","sources":["../../src/function/IBackendFunction.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,MAAM,EAEN,UAAU,EACV,SAAS,GAEV,MAAM,6BAA6B,CAAC;AACrC,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EACL,WAAW,EACX,gBAAgB,GACjB,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAEnE;;;;;;;;;;GAUG;AACH,MAAM,OAAgB,gBAAgB;IAkBlB;IACA;IACA;IACG;IAfX,IAAI,CAAO;IACX,OAAO,CAAY;IAE7B;;;;;;;OAOG;IACH,YACkB,IAAY,EACZ,MAAc,EACd,cAAsB,EACnB,SAAmB;QAHtB,SAAI,GAAJ,IAAI,CAAQ;QACZ,WAAM,GAAN,MAAM,CAAQ;QACd,mBAAc,GAAd,cAAc,CAAQ;QACnB,cAAS,GAAT,SAAS,CAAU;IACrC,CAAC;IAEJ;;;;OAIG;IACI,MAAM,CAAC,GAAQ;QACpB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACI,SAAS,CAAC,MAA4C;QAC3D,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACxE,CAAC;IAED;;;;;OAKG;IACO,GAAG;QACX,IAAI,CAAC,IAAI,CAAC,IAAI;YACZ,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,yCAAyC,CAAC,CAAC;QACzE,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED;;;;;OAKG;IACO,MAAM;QACd,IAAI,CAAC,IAAI,CAAC,OAAO;YACf,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,CAAC,IAAI,+CAA+C,CAC5D,CAAC;QACJ,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;;;;;;;;;;;OAaG;IACI,KAAK,CAAC,OAAO,CAClB,OAA6B;QAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,OAAO,CAAC,KAAK,CAAC;YAC1C,MAAM,IAAI,UAAU,CAClB,kBAAkB,EAClB,SAAS,OAAO,CAAC,KAAK,gBAAgB,CACvC,CAAC;QAEJ,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAE9D,8DAA8D;YAC9D,MAAM,OAAO,GAAG,MAAO,IAAI,CAAC,GAAG,EAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,CAAC;YACtE,OAAO,EAAE,IAAI,EAAE,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,UAAU;gBAAE,MAAM,KAAK,CAAC;YAC7C,8DAA8D;YAC9D,MAAM,IAAI,UAAU,CAAC,UAAU,EAAG,KAAa,EAAE,OAAO,IAAI,SAAS,CAAC,CAAC;YACvE,IAAI;QACN,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACI,qBAAqB;QAM1B,OAAO,MAAM,CACX,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,EAC5D,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CACtC,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACI,kBAAkB;QACvB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACxB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC1B,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,OAAO,SAAS,CACd,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,EAC5D,GAAG,CACJ,CAAC;IACJ,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mxpicture/gcp-functions-backend",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.39",
|
|
4
4
|
"description": "Utils for google cloud functions, publishing both CommonJS and ESM builds",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"author": "MXPicture",
|
|
@@ -33,13 +33,16 @@
|
|
|
33
33
|
"access": "public"
|
|
34
34
|
},
|
|
35
35
|
"dependencies": {
|
|
36
|
-
"@mxpicture/gcp-functions-common": "^1.1.
|
|
36
|
+
"@mxpicture/gcp-functions-common": "^1.1.39",
|
|
37
|
+
"express": "^5.2.1",
|
|
37
38
|
"firebase-admin": "^13.7.0",
|
|
38
39
|
"firebase-functions": "^7.0.6",
|
|
40
|
+
"google-auth-library": "^10.6.2",
|
|
39
41
|
"short-uuid": "^6.0.3",
|
|
40
42
|
"zod": "^4.3.6"
|
|
41
43
|
},
|
|
42
44
|
"devDependencies": {
|
|
45
|
+
"@types/express": "^5.0.6",
|
|
43
46
|
"@types/node": "^25.2.3",
|
|
44
47
|
"firebase-tools": "^15.8.0",
|
|
45
48
|
"typescript": "^5.9.3"
|