@prmichaelsen/firebase-admin-sdk-v8 2.0.17 → 2.0.20

package/.github/workflows/e2e-tests.yml

@@ -0,0 +1,41 @@
+name: E2E Tests
+
+on:
+  push:
+    branches: [ mainline ]
+  pull_request:
+    branches: [ mainline ]
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  e2e-tests:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Run unit tests
+        run: npm test
+      
+      - name: Create service account file
+        run: |
+          echo '${{ secrets.FIREBASE_SERVICE_ACCOUNT }}' > service-account.json
+      
+      - name: Run e2e tests
+        run: npm run test:e2e
+        env:
+          NODE_ENV: test
+      
+      - name: Clean up service account file
+        if: always()
+        run: rm -f service-account.json

package/.github/workflows/test.yml

@@ -0,0 +1,44 @@
+name: Unit Tests
+
+on:
+  push:
+    branches: [ mainline, develop ]
+  pull_request:
+    branches: [ mainline, develop ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    
+    strategy:
+      matrix:
+        node-version: [18, 20, 22]
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Run unit tests
+        run: npm test
+      
+      - name: Run build
+        run: npm run build
+      
+      - name: Upload coverage to Codecov (Node 20 only)
+        if: matrix.node-version == 20
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./coverage/lcov.info
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false

package/README.md

@@ -2,8 +2,11 @@
 
 > Firebase Admin SDK for Cloudflare Workers and edge runtimes using REST APIs
 
-[![npm version](https://img.shields.io/npm/v/firebase-admin-sdk-v8.svg)](https://www.npmjs.com/package/firebase-admin-sdk-v8)
+[![npm version](https://img.shields.io/npm/v/@prmichaelsen/firebase-admin-sdk-v8.svg)](https://www.npmjs.com/package/@prmichaelsen/firebase-admin-sdk-v8)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Unit Tests](https://github.com/prmichaelsen/firebase-admin-sdk-v8/actions/workflows/test.yml/badge.svg)](https://github.com/prmichaelsen/firebase-admin-sdk-v8/actions/workflows/test.yml)
+[![E2E Tests](https://github.com/prmichaelsen/firebase-admin-sdk-v8/actions/workflows/e2e-tests.yml/badge.svg)](https://github.com/prmichaelsen/firebase-admin-sdk-v8/actions/workflows/e2e-tests.yml)
+[![codecov](https://codecov.io/gh/prmichaelsen/firebase-admin-sdk-v8/branch/mainline/graph/badge.svg)](https://codecov.io/gh/prmichaelsen/firebase-admin-sdk-v8)
 
 This library provides Firebase Admin SDK functionality for Cloudflare Workers and other edge runtimes. It uses REST APIs and JWT token generation instead of the Node.js Admin SDK, making it compatible with environments that don't support Node.js.
 
@@ -25,7 +28,7 @@ This library provides Firebase Admin SDK functionality for Cloudflare Workers an
 ## 📦 Installation
 
 ```bash
-npm install firebase-admin-sdk-v8
+npm install @prmichaelsen/firebase-admin-sdk-v8
 ```
 
 ## 🚀 Quick Start
@@ -78,7 +81,7 @@ FIREBASE_PROJECT_ID=your-project-id
 ### 2. Verify ID Tokens
 
 ```typescript
-import { verifyIdToken, getUserFromToken } from 'firebase-admin-sdk-v8';
+import { verifyIdToken, getUserFromToken } from '@prmichaelsen/firebase-admin-sdk-v8';
 
 const authHeader = request.headers.get('authorization');
 const idToken = authHeader?.split('Bearer ')[1];
@@ -94,7 +97,7 @@ try {
 ### 3. Basic Firestore Operations
 
 ```typescript
-import { setDocument, getDocument, updateDocument, FieldValue } from 'firebase-admin-sdk-v8';
+import { setDocument, getDocument, updateDocument, FieldValue } from '@prmichaelsen/firebase-admin-sdk-v8';
 
 // Set a document (create or overwrite)
 await setDocument('users', 'user123', {
@@ -116,7 +119,7 @@ await updateDocument('users', 'user123', {
 ### 4. Advanced Queries
 
 ```typescript
-import { queryDocuments } from 'firebase-admin-sdk-v8';
+import { queryDocuments } from '@prmichaelsen/firebase-admin-sdk-v8';
 
 const activeUsers = await queryDocuments('users', {
   where: [
@@ -397,7 +400,7 @@ export default {
 ### Leaderboard Example
 
 ```typescript
-import { queryDocuments, updateDocument, FieldValue } from 'firebase-admin-sdk-v8';
+import { queryDocuments, updateDocument, FieldValue } from '@prmichaelsen/firebase-admin-sdk-v8';
 
 async function getTopPlayers(limit = 10) {
   return await queryDocuments('players', {
@@ -418,7 +421,7 @@ async function updatePlayerScore(playerId: string, points: number) {
 ### Bulk Operations Example
 
 ```typescript
-import { batchWrite, FieldValue } from 'firebase-admin-sdk-v8';
+import { batchWrite, FieldValue } from '@prmichaelsen/firebase-admin-sdk-v8';
 
 async function bulkUpdateUsers(userIds: string[], updates: any) {
   const operations = userIds.map(userId => ({

package/dist/index.d.mts

@@ -287,18 +287,18 @@ declare function getUserFromToken(idToken: string): Promise<UserInfo>;
 declare function getAuth(): any;
 
 /**
- * Firebase Admin SDK v8 - Firestore REST API
- * Provides CRUD operations for Firestore using REST API
+ * Firebase Admin SDK v8 - Firestore CRUD Operations
+ * All Firestore document operations using REST API
  */
 
 /**
  * Set a document in Firestore (create or overwrite)
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @param {DataObject} data - Document data
- * @param {SetOptions} [options] - Set options (merge, mergeFields)
- * @returns {Promise<void>}
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @param data - Document data
+ * @param options - Set options (merge, mergeFields)
+ * @returns Promise that resolves when document is set
  * @throws {Error} If the operation fails
  *
  * @example
@@ -317,10 +317,10 @@ declare function setDocument(collectionPath: string, documentId: string, data: D
 /**
  * Add a document to Firestore collection
  *
- * @param {string} collectionPath - Collection path (e.g., 'users' or 'users/uid/posts')
- * @param {DataObject} data - Document data
- * @param {string} [documentId] - Optional document ID (auto-generated if not provided)
- * @returns {Promise<DocumentReference>} Document reference with id and path
+ * @param collectionPath - Collection path (e.g., 'users' or 'users/uid/posts')
+ * @param data - Document data
+ * @param documentId - Optional document ID (auto-generated if not provided)
+ * @returns Document reference with id and path
  * @throws {Error} If the operation fails
  *
  * @example
@@ -337,9 +337,9 @@ declare function addDocument(collectionPath: string, data: DataObject, documentI
 /**
  * Get a document from Firestore
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @returns {Promise<DataObject | null>} Document data or null if not found
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @returns Document data or null if not found
  * @throws {Error} If the operation fails
  *
  * @example
@@ -354,10 +354,10 @@ declare function getDocument(collectionPath: string, documentId: string): Promis
 /**
  * Update a document in Firestore
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @param {DataObject} data - Data to update
- * @returns {Promise<void>}
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @param data - Data to update
+ * @returns Promise that resolves when document is updated
  * @throws {Error} If the operation fails
  *
  * @example
@@ -372,9 +372,9 @@ declare function updateDocument(collectionPath: string, documentId: string, data
 /**
  * Delete a document from Firestore
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @returns {Promise<void>}
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @returns Promise that resolves when document is deleted
  * @throws {Error} If the operation fails
  *
  * @example
@@ -386,9 +386,9 @@ declare function deleteDocument(collectionPath: string, documentId: string): Pro
 /**
  * Query documents in a collection with advanced filtering
  *
- * @param {string} collectionPath - Collection path
- * @param {QueryOptions} [options] - Query options (where, orderBy, limit, etc.)
- * @returns {Promise<Array<{ id: string; data: DataObject }>>} Array of documents
+ * @param collectionPath - Collection path
+ * @param options - Query options (where, orderBy, limit, etc.)
+ * @returns Array of documents with id and data
  * @throws {Error} If the operation fails
  *
  * @example
@@ -410,8 +410,8 @@ declare function queryDocuments(collectionPath: string, options?: QueryOptions):
 /**
  * Perform batch write operations (set, update, delete)
  *
- * @param {BatchWrite[]} operations - Array of batch operations
- * @returns {Promise<BatchWriteResult>} Batch write result
+ * @param operations - Array of batch operations
+ * @returns Batch write result
  * @throws {Error} If the operation fails
  *
  * @example

package/dist/index.d.ts

@@ -287,18 +287,18 @@ declare function getUserFromToken(idToken: string): Promise<UserInfo>;
 declare function getAuth(): any;
 
 /**
- * Firebase Admin SDK v8 - Firestore REST API
- * Provides CRUD operations for Firestore using REST API
+ * Firebase Admin SDK v8 - Firestore CRUD Operations
+ * All Firestore document operations using REST API
  */
 
 /**
  * Set a document in Firestore (create or overwrite)
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @param {DataObject} data - Document data
- * @param {SetOptions} [options] - Set options (merge, mergeFields)
- * @returns {Promise<void>}
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @param data - Document data
+ * @param options - Set options (merge, mergeFields)
+ * @returns Promise that resolves when document is set
  * @throws {Error} If the operation fails
  *
  * @example
@@ -317,10 +317,10 @@ declare function setDocument(collectionPath: string, documentId: string, data: D
 /**
  * Add a document to Firestore collection
  *
- * @param {string} collectionPath - Collection path (e.g., 'users' or 'users/uid/posts')
- * @param {DataObject} data - Document data
- * @param {string} [documentId] - Optional document ID (auto-generated if not provided)
- * @returns {Promise<DocumentReference>} Document reference with id and path
+ * @param collectionPath - Collection path (e.g., 'users' or 'users/uid/posts')
+ * @param data - Document data
+ * @param documentId - Optional document ID (auto-generated if not provided)
+ * @returns Document reference with id and path
  * @throws {Error} If the operation fails
  *
  * @example
@@ -337,9 +337,9 @@ declare function addDocument(collectionPath: string, data: DataObject, documentI
 /**
  * Get a document from Firestore
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @returns {Promise<DataObject | null>} Document data or null if not found
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @returns Document data or null if not found
  * @throws {Error} If the operation fails
  *
  * @example
@@ -354,10 +354,10 @@ declare function getDocument(collectionPath: string, documentId: string): Promis
 /**
  * Update a document in Firestore
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @param {DataObject} data - Data to update
- * @returns {Promise<void>}
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @param data - Data to update
+ * @returns Promise that resolves when document is updated
  * @throws {Error} If the operation fails
  *
  * @example
@@ -372,9 +372,9 @@ declare function updateDocument(collectionPath: string, documentId: string, data
 /**
  * Delete a document from Firestore
  *
- * @param {string} collectionPath - Collection path
- * @param {string} documentId - Document ID
- * @returns {Promise<void>}
+ * @param collectionPath - Collection path
+ * @param documentId - Document ID
+ * @returns Promise that resolves when document is deleted
  * @throws {Error} If the operation fails
  *
  * @example
@@ -386,9 +386,9 @@ declare function deleteDocument(collectionPath: string, documentId: string): Pro
 /**
  * Query documents in a collection with advanced filtering
  *
- * @param {string} collectionPath - Collection path
- * @param {QueryOptions} [options] - Query options (where, orderBy, limit, etc.)
- * @returns {Promise<Array<{ id: string; data: DataObject }>>} Array of documents
+ * @param collectionPath - Collection path
+ * @param options - Query options (where, orderBy, limit, etc.)
+ * @returns Array of documents with id and data
  * @throws {Error} If the operation fails
  *
  * @example
@@ -410,8 +410,8 @@ declare function queryDocuments(collectionPath: string, options?: QueryOptions):
 /**
  * Perform batch write operations (set, update, delete)
  *
- * @param {BatchWrite[]} operations - Array of batch operations
- * @returns {Promise<BatchWriteResult>} Batch write result
+ * @param operations - Array of batch operations
+ * @returns Batch write result
  * @throws {Error} If the operation fails
  *
  * @example

package/dist/index.js

@@ -331,78 +331,6 @@ function getAuth() {
   };
 }
 
-// src/token-generation.ts
-function base64UrlEncode(str) {
-  return btoa(str).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-function base64UrlEncodeBuffer(buffer) {
-  return btoa(String.fromCharCode(...buffer)).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-async function createJWT(serviceAccount) {
-  const now = Math.floor(Date.now() / 1e3);
-  const expiry = now + 3600;
-  const header = {
-    alg: "RS256",
-    typ: "JWT"
-  };
-  const payload = {
-    iss: serviceAccount.client_email,
-    sub: serviceAccount.client_email,
-    aud: serviceAccount.token_uri,
-    iat: now,
-    exp: expiry,
-    scope: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/firebase"
-  };
-  const encodedHeader = base64UrlEncode(JSON.stringify(header));
-  const encodedPayload = base64UrlEncode(JSON.stringify(payload));
-  const unsignedToken = `${encodedHeader}.${encodedPayload}`;
-  const pemContents = serviceAccount.private_key.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace(/\s/g, "");
-  const binaryDer = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
-  const cryptoKey = await crypto.subtle.importKey(
-    "pkcs8",
-    binaryDer,
-    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
-    false,
-    ["sign"]
-  );
-  const signature = await crypto.subtle.sign(
-    "RSASSA-PKCS1-v1_5",
-    cryptoKey,
-    new TextEncoder().encode(unsignedToken)
-  );
-  const encodedSignature = base64UrlEncodeBuffer(new Uint8Array(signature));
-  return `${unsignedToken}.${encodedSignature}`;
-}
-var cachedAccessToken = null;
-var tokenExpiry = 0;
-async function getAdminAccessToken() {
-  if (cachedAccessToken && Date.now() < tokenExpiry) {
-    return cachedAccessToken;
-  }
-  const serviceAccount = getServiceAccount();
-  const jwt = await createJWT(serviceAccount);
-  const response = await fetch(serviceAccount.token_uri, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
-      assertion: jwt
-    })
-  });
-  if (!response.ok) {
-    const errorText = await response.text();
-    throw new Error(`Failed to get access token: ${errorText}`);
-  }
-  const data = await response.json();
-  cachedAccessToken = data.access_token;
-  tokenExpiry = Date.now() + data.expires_in * 1e3 - 6e4;
-  return cachedAccessToken;
-}
-function clearTokenCache() {
-  cachedAccessToken = null;
-  tokenExpiry = 0;
-}
-
 // src/field-value.ts
 function serverTimestamp() {
   return {
@@ -679,7 +607,79 @@ function removeFieldTransforms(data) {
   return result;
 }
 
-// src/firestore-rest.ts
+// src/token-generation.ts
+function base64UrlEncode(str) {
+  return btoa(str).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function base64UrlEncodeBuffer(buffer) {
+  return btoa(String.fromCharCode(...buffer)).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+async function createJWT(serviceAccount) {
+  const now = Math.floor(Date.now() / 1e3);
+  const expiry = now + 3600;
+  const header = {
+    alg: "RS256",
+    typ: "JWT"
+  };
+  const payload = {
+    iss: serviceAccount.client_email,
+    sub: serviceAccount.client_email,
+    aud: serviceAccount.token_uri,
+    iat: now,
+    exp: expiry,
+    scope: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/firebase"
+  };
+  const encodedHeader = base64UrlEncode(JSON.stringify(header));
+  const encodedPayload = base64UrlEncode(JSON.stringify(payload));
+  const unsignedToken = `${encodedHeader}.${encodedPayload}`;
+  const pemContents = serviceAccount.private_key.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace(/\s/g, "");
+  const binaryDer = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
+  const cryptoKey = await crypto.subtle.importKey(
+    "pkcs8",
+    binaryDer,
+    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign(
+    "RSASSA-PKCS1-v1_5",
+    cryptoKey,
+    new TextEncoder().encode(unsignedToken)
+  );
+  const encodedSignature = base64UrlEncodeBuffer(new Uint8Array(signature));
+  return `${unsignedToken}.${encodedSignature}`;
+}
+var cachedAccessToken = null;
+var tokenExpiry = 0;
+async function getAdminAccessToken() {
+  if (cachedAccessToken && Date.now() < tokenExpiry) {
+    return cachedAccessToken;
+  }
+  const serviceAccount = getServiceAccount();
+  const jwt = await createJWT(serviceAccount);
+  const response = await fetch(serviceAccount.token_uri, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
+      assertion: jwt
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get access token: ${errorText}`);
+  }
+  const data = await response.json();
+  cachedAccessToken = data.access_token;
+  tokenExpiry = Date.now() + data.expires_in * 1e3 - 6e4;
+  return cachedAccessToken;
+}
+function clearTokenCache() {
+  cachedAccessToken = null;
+  tokenExpiry = 0;
+}
+
+// src/firestore/operations.ts
 var FIRESTORE_API = "https://firestore.googleapis.com/v1";
 async function commitWrites(writes) {
   const accessToken = await getAdminAccessToken();

package/dist/index.mjs

@@ -288,78 +288,6 @@ function getAuth() {
   };
 }
 
-// src/token-generation.ts
-function base64UrlEncode(str) {
-  return btoa(str).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-function base64UrlEncodeBuffer(buffer) {
-  return btoa(String.fromCharCode(...buffer)).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-async function createJWT(serviceAccount) {
-  const now = Math.floor(Date.now() / 1e3);
-  const expiry = now + 3600;
-  const header = {
-    alg: "RS256",
-    typ: "JWT"
-  };
-  const payload = {
-    iss: serviceAccount.client_email,
-    sub: serviceAccount.client_email,
-    aud: serviceAccount.token_uri,
-    iat: now,
-    exp: expiry,
-    scope: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/firebase"
-  };
-  const encodedHeader = base64UrlEncode(JSON.stringify(header));
-  const encodedPayload = base64UrlEncode(JSON.stringify(payload));
-  const unsignedToken = `${encodedHeader}.${encodedPayload}`;
-  const pemContents = serviceAccount.private_key.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace(/\s/g, "");
-  const binaryDer = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
-  const cryptoKey = await crypto.subtle.importKey(
-    "pkcs8",
-    binaryDer,
-    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
-    false,
-    ["sign"]
-  );
-  const signature = await crypto.subtle.sign(
-    "RSASSA-PKCS1-v1_5",
-    cryptoKey,
-    new TextEncoder().encode(unsignedToken)
-  );
-  const encodedSignature = base64UrlEncodeBuffer(new Uint8Array(signature));
-  return `${unsignedToken}.${encodedSignature}`;
-}
-var cachedAccessToken = null;
-var tokenExpiry = 0;
-async function getAdminAccessToken() {
-  if (cachedAccessToken && Date.now() < tokenExpiry) {
-    return cachedAccessToken;
-  }
-  const serviceAccount = getServiceAccount();
-  const jwt = await createJWT(serviceAccount);
-  const response = await fetch(serviceAccount.token_uri, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
-      assertion: jwt
-    })
-  });
-  if (!response.ok) {
-    const errorText = await response.text();
-    throw new Error(`Failed to get access token: ${errorText}`);
-  }
-  const data = await response.json();
-  cachedAccessToken = data.access_token;
-  tokenExpiry = Date.now() + data.expires_in * 1e3 - 6e4;
-  return cachedAccessToken;
-}
-function clearTokenCache() {
-  cachedAccessToken = null;
-  tokenExpiry = 0;
-}
-
 // src/field-value.ts
 function serverTimestamp() {
   return {
@@ -636,7 +564,79 @@ function removeFieldTransforms(data) {
   return result;
 }
 
-// src/firestore-rest.ts
+// src/token-generation.ts
+function base64UrlEncode(str) {
+  return btoa(str).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function base64UrlEncodeBuffer(buffer) {
+  return btoa(String.fromCharCode(...buffer)).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+async function createJWT(serviceAccount) {
+  const now = Math.floor(Date.now() / 1e3);
+  const expiry = now + 3600;
+  const header = {
+    alg: "RS256",
+    typ: "JWT"
+  };
+  const payload = {
+    iss: serviceAccount.client_email,
+    sub: serviceAccount.client_email,
+    aud: serviceAccount.token_uri,
+    iat: now,
+    exp: expiry,
+    scope: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/datastore https://www.googleapis.com/auth/firebase"
+  };
+  const encodedHeader = base64UrlEncode(JSON.stringify(header));
+  const encodedPayload = base64UrlEncode(JSON.stringify(payload));
+  const unsignedToken = `${encodedHeader}.${encodedPayload}`;
+  const pemContents = serviceAccount.private_key.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace(/\s/g, "");
+  const binaryDer = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
+  const cryptoKey = await crypto.subtle.importKey(
+    "pkcs8",
+    binaryDer,
+    { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign(
+    "RSASSA-PKCS1-v1_5",
+    cryptoKey,
+    new TextEncoder().encode(unsignedToken)
+  );
+  const encodedSignature = base64UrlEncodeBuffer(new Uint8Array(signature));
+  return `${unsignedToken}.${encodedSignature}`;
+}
+var cachedAccessToken = null;
+var tokenExpiry = 0;
+async function getAdminAccessToken() {
+  if (cachedAccessToken && Date.now() < tokenExpiry) {
+    return cachedAccessToken;
+  }
+  const serviceAccount = getServiceAccount();
+  const jwt = await createJWT(serviceAccount);
+  const response = await fetch(serviceAccount.token_uri, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
+      assertion: jwt
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get access token: ${errorText}`);
+  }
+  const data = await response.json();
+  cachedAccessToken = data.access_token;
+  tokenExpiry = Date.now() + data.expires_in * 1e3 - 6e4;
+  return cachedAccessToken;
+}
+function clearTokenCache() {
+  cachedAccessToken = null;
+  tokenExpiry = 0;
+}
+
+// src/firestore/operations.ts
 var FIRESTORE_API = "https://firestore.googleapis.com/v1";
 async function commitWrites(writes) {
   const accessToken = await getAdminAccessToken();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/firebase-admin-sdk-v8",
-  "version": "2.0.17",
+  "version": "2.0.20",
   "description": "Firebase Admin SDK for Cloudflare Workers and edge runtimes using REST APIs",
   "main": "dist/index.js",
   "module": "dist/index.mjs",

package/firebase.json

@@ -1,9 +0,0 @@
-{
-  "projects": {
-    "default": "prmichaelsen-firebase-e2e"
-  },
-  "firestore": {
-    "rules": "firestore.rules",
-    "indexes": "firestore.indexes.json"
-  }
-}

package/firestore.indexes.json

@@ -1,33 +0,0 @@
-{
-  "indexes": [
-    {
-      "collectionGroup": "e2e-tests",
-      "queryScope": "COLLECTION",
-      "fields": [
-        {
-          "fieldPath": "_test",
-          "order": "ASCENDING"
-        },
-        {
-          "fieldPath": "age",
-          "order": "ASCENDING"
-        }
-      ]
-    },
-    {
-      "collectionGroup": "messages",
-      "queryScope": "COLLECTION",
-      "fields": [
-        {
-          "fieldPath": "_test",
-          "order": "ASCENDING"
-        },
-        {
-          "fieldPath": "timestamp",
-          "order": "ASCENDING"
-        }
-      ]
-    }
-  ],
-  "fieldOverrides": []
-}

package/firestore.rules

@@ -1,11 +0,0 @@
-rules_version = '2';
-
-service cloud.firestore {
-  match /databases/{database}/documents {
-    // Allow all reads and writes for testing
-    // WARNING: These rules are for testing only!
-    match /{document=**} {
-      allow read, write: if true;
-    }
-  }
-}

package/jest.config.js

@@ -1,12 +0,0 @@
-module.exports = {
-  preset: 'ts-jest',
-  testEnvironment: 'node',
-  roots: ['<rootDir>/src'],
-  testMatch: ['**/*.spec.ts'],
-  moduleFileExtensions: ['ts', 'js'],
-  collectCoverageFrom: [
-    'src/**/*.ts',
-    '!src/**/*.d.ts',
-    '!src/**/*.spec.ts',
-  ],
-};

package/jest.e2e.config.js

@@ -1,14 +0,0 @@
-module.exports = {
-  preset: 'ts-jest',
-  testEnvironment: 'node',
-  testMatch: ['**/*.e2e.ts'],
-  testTimeout: 30000, // 30 seconds for real API calls
-  roots: ['<rootDir>/src'],
-  collectCoverageFrom: [
-    'src/**/*.ts',
-    '!src/**/*.spec.ts',
-    '!src/**/*.e2e.ts',
-    '!src/types.ts',
-    '!src/index.ts',
-  ],
-};

package/service-account.json

@@ -1,13 +0,0 @@
-{
-  "type": "service_account",
-  "project_id": "prmichaelsen-firebase-e2e",
-  "private_key_id": "84caabb8515ec5fab4caa53a0f85405c270d5cd4",
-  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/0n8V7m7vCQ9/\n5FGYL5V20pQxliUMF/ycNBSV/xHrXAvTMxyMEjFK8Tg9sBLdYhuxC488lnwm3/o+\nn5JkckQ2AyzXX6mi+camwxdLXmT97kXqdFLisO4PY7Fv6HvvMgRQqysj7aJkyiz7\nrAs0DpQq1L70sBFdVLiScPH9FFnuV0EeyOTuVgYwGYk1L76/U7bb3WLNCmcmtG+Y\nt4BNzyMqFgtIdXCQFVBQf9HXy3x5xk8a1rrkf7pEuiwK0PXCDIVH7GYX4xCiQ1qs\nYF4IunNFhcwu1hk5XTIDSVrIn/qLPMZvEcBqHxIJd5JvePjx5hPP81b1mrGUVske\nsaRimjxxAgMBAAECggEAAWNKVG7KslkMRH5y5q56yYbMLVsAPp5SehDYZfNtU5jG\nucr2CxS7SDxcOKS0UOdmUDlyBQaztED3mbS5hZeGuHtSZjvaHtnpdDMXe+NIHhw3\nY520LHwKOjtG69/bPFz4x1qjBRoG4Zgi4NlFpXqbhinO4zdTkNYi6xBSd+R0oshP\nSo59lQvs8e3bMD4f4uTl7JxUifjVM64R3gCkH6AbGqU01wg8UzsllCf0fQM04w8i\nq1oVjhBVWYYVE7w2H+EU+LdiRSRET+Vrk5dtBL3vI6yckvGmxTBMnkK2gTFAAR6F\nnN4NKlUsiFol9WVRY3tdRNOnStjlORDyerSEFQaqhwKBgQDfAa5ddxBVbxUS3E2a\nnGJRA44fYlRyZf9KnJdz8uWsCvuG7UYbe2bp7TxlpEXdTG6Vqu/hhYWd/msmhupZ\nc+YFg1HWE1Ee+nQv7iwAD+okfncnKGIC65XjwaSEMRGrmtxBL6Qq4yxn/Yug/8YR\nniGRQKuMtJ2ZA0p41vI6Mkt7kwKBgQDcM7eQQ5482FcXuOfUlPoiWnd+pF5mNrU1\ngKoxdsXMYRKyTGMPLrOKqsf6kisQUlA48vWRCQOa9QBSjHktfOt2EZ3mNQz5k3AR\n/dIjCGf+ATr2P9Sc0uo7sA20XB62wmG+t2A/vxf9WzBAgdDk6nENB4nz6lL9xcak\ngvVt2vXSawKBgQCV6JRk4f/J3oVFC3DjaRKyMPid4kSwLh6B8mfhGrwHfc59cgz5\ntmeFAuPh057fV1zTIXhlmpMqlPdEi9cHUOCkfhVKGewjLetiuPE9DXWxGI5SdVQF\ncIZu9yH3duDRAaXj7/mklteoBAmTrbxg5XLdKKLpUBTM4ihyuNNWCa8yHwKBgCYK\noTnBFMM6NMGaZiKpohTxQBeW2eAar2+QzNZCyKUoWAyJecuTq9zW6Dl3qwzky4sr\nHhVyUzcgAHBCaGTdYehB3t94ZsdvGztgeD8pIp4VJFSKbnaxUVoCbjusdnnoVu6V\ny4D3yHMyn8FlK+uAPQudM835u2CwHEMrhK731uQFAoGBAKO0crVWuY1EP1RLSyLK\nIS3uUgbauBbQlE4ZPBTi84vXCZjN/53obFgkPHJ5tdjxj6C8x58jgHg/Hufyvbib\ngOQQxadM90UBumlzA8lV7A9jvL2ryfop9ketnVO5hPvB4O8iw9Z1R+25FeM9ZFJI\nqmEjiy9Nhmvpvur+FZ85qcRm\n-----END PRIVATE KEY-----\n",
-  "client_email": "firebase-adminsdk-fbsvc@prmichaelsen-firebase-e2e.iam.gserviceaccount.com",
-  "client_id": "103889460014910902622",
-  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-  "token_uri": "https://oauth2.googleapis.com/token",
-  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-fbsvc%40prmichaelsen-firebase-e2e.iam.gserviceaccount.com",
-  "universe_domain": "googleapis.com"
-}