@prmichaelsen/firebase-admin-sdk-v8 2.0.20 → 2.0.22

package/.github/workflows/e2e-tests.yml

@@ -31,11 +31,20 @@ jobs:
         run: |
           echo '${{ secrets.FIREBASE_SERVICE_ACCOUNT }}' > service-account.json
       
-      - name: Run e2e tests
-        run: npm run test:e2e
+      - name: Run e2e tests with coverage
+        run: npm run test:e2e -- --coverage
         env:
           NODE_ENV: test
       
+      - name: Upload e2e coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./coverage/lcov.info
+          flags: e2etests
+          name: codecov-e2e
+          fail_ci_if_error: false
+      
       - name: Clean up service account file
         if: always()
         run: rm -f service-account.json

package/README.md

@@ -521,11 +521,132 @@ For better query performance:
 | Firestore Queries | ✅ | where, orderBy, limit, cursors |
 | Firestore Batch | ✅ | Up to 500 operations |
 | Firestore Transactions | ❌ | Not yet implemented |
+| **Realtime Listeners** | **❌** | **See explanation below** |
 | Field Values | ✅ | increment, arrayUnion, serverTimestamp, etc. |
 | Realtime Database | ❌ | Not planned |
 | Cloud Storage | ❌ | Not yet implemented |
 | Cloud Messaging | ❌ | Not yet implemented |
 
+## ⚠️ Realtime Listeners Not Supported
+
+This library **does not support** Firestore realtime listeners (`onSnapshot()`). Here's why:
+
+### Technical Limitation
+
+**This library uses the Firestore REST API**, which is:
+- ✅ Stateless (request/response only)
+- ✅ Compatible with edge runtimes (Cloudflare Workers, Vercel Edge)
+- ❌ **No persistent connections**
+- ❌ **No server-push capabilities**
+- ❌ **No streaming support**
+
+**Realtime listeners require**:
+- Persistent connections (WebSocket or gRPC)
+- Bidirectional streaming
+- Server-push architecture
+
+The Firestore REST API simply doesn't provide these capabilities.
+
+### Why Not Implement gRPC?
+
+While Firestore does offer a gRPC API with streaming support, implementing it would require:
+
+1. **Complex Protocol Implementation**
+   - HTTP/2 framing
+   - gRPC message framing
+   - Protobuf encoding/decoding
+   - Authentication flow
+   - Reconnection logic
+   - ~100+ hours of development
+
+2. **Runtime Limitations**
+   - Cloudflare Workers doesn't support full gRPC (only gRPC-Web)
+   - gRPC-Web requires a proxy server
+   - Can't connect directly to Firestore's gRPC endpoint
+   - Would only work in Durable Objects, not regular Workers
+
+3. **Maintenance Burden**
+   - Must keep up with Firestore protocol changes
+   - Complex debugging and error handling
+   - High ongoing maintenance cost
+
+### Alternatives
+
+If you need realtime updates, consider these approaches:
+
+#### 1. **Polling (Simple)**
+```typescript
+// Poll for changes every 5 seconds
+setInterval(async () => {
+  const doc = await getDocument('users', 'user123');
+  // Handle updates
+}, 5000);
+```
+
+**Pros**: Simple, works everywhere
+**Cons**: 5-second delay, polling costs
+
+#### 2. **Durable Objects + Polling (Better)**
+```typescript
+// Durable Object polls once, broadcasts to many clients
+export class FirestoreSync {
+  async poll() {
+    const doc = await getDocument('users', 'user123');
+    // Broadcast to all connected WebSocket clients
+    for (const ws of this.sessions) {
+      ws.send(JSON.stringify(doc));
+    }
+  }
+}
+```
+
+**Pros**: One poll serves many clients, WebSocket push to clients
+**Cons**: Still polling-based, Cloudflare-specific
+
+#### 3. **Hybrid Architecture (Best)**
+```typescript
+// Use firebase-admin-node for realtime in Node.js
+import admin from 'firebase-admin';
+
+admin.firestore().collection('users').doc('user123')
+  .onSnapshot((snapshot) => {
+    // True realtime updates
+    console.log('Update:', snapshot.data());
+  });
+
+// Use this library for CRUD in edge functions
+import { getDocument } from '@prmichaelsen/firebase-admin-sdk-v8';
+const doc = await getDocument('users', 'user123');
+```
+
+**Pros**: True realtime where needed, edge performance for CRUD
+**Cons**: Requires separate Node.js service
+
+#### 4. **Firebase Client SDK (Frontend)**
+```typescript
+// Use Firebase Client SDK in browser/mobile
+import { onSnapshot, doc } from 'firebase/firestore';
+
+onSnapshot(doc(db, 'users', 'user123'), (snapshot) => {
+  console.log('Update:', snapshot.data());
+});
+```
+
+**Pros**: True realtime, built-in, well-supported
+**Cons**: Client-side only, requires Firebase Auth
+
+### Recommendation
+
+- **For edge runtimes**: Use polling or Durable Objects pattern
+- **For true realtime**: Use `firebase-admin-node` in Node.js
+- **For client apps**: Use Firebase Client SDK
+- **For hybrid**: Use this library for CRUD + Node.js for realtime
+
+### Related
+
+- [firebase-admin-node](https://github.com/firebase/firebase-admin-node) - Full Admin SDK with realtime support
+- [Firebase Client SDK](https://firebase.google.com/docs/firestore/query-data/listen) - Client-side realtime listeners
+
 ## 🗺️ Roadmap
 
 - [ ] Custom token creation

package/dist/index.d.mts

@@ -425,6 +425,189 @@ declare function queryDocuments(collectionPath: string, options?: QueryOptions):
  */
 declare function batchWrite(operations: BatchWrite[]): Promise<BatchWriteResult>;
 
+/**
+ * Firebase Storage client using Google Cloud Storage REST API
+ * Compatible with edge runtimes (Cloudflare Workers, Vercel Edge, etc.)
+ */
+/**
+ * Options for uploading files
+ */
+interface UploadOptions {
+    contentType?: string;
+    metadata?: Record<string, string>;
+    public?: boolean;
+}
+/**
+ * Options for downloading files
+ */
+interface DownloadOptions {
+    responseType?: 'arraybuffer' | 'blob';
+}
+/**
+ * Options for listing files
+ */
+interface ListOptions {
+    prefix?: string;
+    delimiter?: string;
+    maxResults?: number;
+    pageToken?: string;
+}
+/**
+ * File metadata returned by Storage API
+ */
+interface FileMetadata {
+    name: string;
+    bucket: string;
+    size: string;
+    contentType: string;
+    timeCreated: string;
+    updated: string;
+    md5Hash: string;
+    metadata?: Record<string, string>;
+}
+/**
+ * Result of listing files
+ */
+interface ListFilesResult {
+    files: FileMetadata[];
+    nextPageToken?: string;
+}
+/**
+ * Upload a file to Firebase Storage
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param data - File data as ArrayBuffer, Uint8Array, or Blob
+ * @param options - Upload options (contentType, metadata, public)
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const data = new TextEncoder().encode('Hello, Storage!');
+ * const metadata = await uploadFile('files/hello.txt', data, {
+ *   contentType: 'text/plain',
+ *   metadata: { userId: '123' },
+ * });
+ * ```
+ */
+declare function uploadFile(path: string, data: ArrayBuffer | Uint8Array | Blob, options?: UploadOptions): Promise<FileMetadata>;
+/**
+ * Download a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @param options - Download options
+ * @returns File data as ArrayBuffer
+ *
+ * @example
+ * ```typescript
+ * const data = await downloadFile('files/hello.txt');
+ * const text = new TextDecoder().decode(data);
+ * console.log(text); // "Hello, Storage!"
+ * ```
+ */
+declare function downloadFile(path: string, _options?: DownloadOptions): Promise<ArrayBuffer>;
+/**
+ * Delete a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ *
+ * @example
+ * ```typescript
+ * await deleteFile('files/hello.txt');
+ * ```
+ */
+declare function deleteFile(path: string): Promise<void>;
+/**
+ * Get file metadata from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const metadata = await getFileMetadata('files/hello.txt');
+ * console.log(metadata.size, metadata.contentType);
+ * ```
+ */
+declare function getFileMetadata(path: string): Promise<FileMetadata>;
+/**
+ * List files in Firebase Storage
+ *
+ * @param options - List options (prefix, delimiter, maxResults, pageToken)
+ * @returns List of files and optional next page token
+ *
+ * @example
+ * ```typescript
+ * // List all files with prefix
+ * const { files } = await listFiles({ prefix: 'images/' });
+ *
+ * // List with pagination
+ * const { files, nextPageToken } = await listFiles({ maxResults: 10 });
+ * if (nextPageToken) {
+ *   const nextPage = await listFiles({ pageToken: nextPageToken });
+ * }
+ * ```
+ */
+declare function listFiles(options?: ListOptions): Promise<ListFilesResult>;
+/**
+ * Check if a file exists in Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns True if file exists, false otherwise
+ *
+ * @example
+ * ```typescript
+ * if (await fileExists('files/hello.txt')) {
+ *   console.log('File exists!');
+ * }
+ * ```
+ */
+declare function fileExists(path: string): Promise<boolean>;
+
+/**
+ * Generate signed URLs for temporary access to Firebase Storage files
+ * Uses Google Cloud Storage V4 signing process
+ */
+/**
+ * Options for generating signed URLs
+ */
+interface SignedUrlOptions {
+    action: 'read' | 'write' | 'delete';
+    expires: Date | number;
+    contentType?: string;
+    responseDisposition?: string;
+    responseType?: string;
+}
+/**
+ * Generate a signed URL for temporary access to a Storage file
+ *
+ * Uses Google Cloud Storage V4 signing process
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param options - Signed URL options
+ * @returns Signed URL that can be used without authentication
+ *
+ * @example
+ * ```typescript
+ * // Generate read URL valid for 1 hour
+ * const url = await generateSignedUrl('files/hello.txt', {
+ *   action: 'read',
+ *   expires: 3600,
+ * });
+ *
+ * // Generate write URL with content type
+ * const uploadUrl = await generateSignedUrl('files/upload.jpg', {
+ *   action: 'write',
+ *   expires: 1800, // 30 minutes
+ *   contentType: 'image/jpeg',
+ * });
+ *
+ * // Use the URL (no auth needed)
+ * const response = await fetch(url);
+ * const data = await response.arrayBuffer();
+ * ```
+ */
+declare function generateSignedUrl(path: string, options: SignedUrlOptions): Promise<string>;
+
 /**
  * Firebase Admin SDK v8 - Field Value Helpers
  * Special field values for Firestore operations
@@ -522,4 +705,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FirestoreDocument, type FirestoreValue, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type TokenResponse, type UpdateOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, getAdminAccessToken, getAuth, getConfig, getDocument, getProjectId, getServiceAccount, getUserFromToken, initializeApp, queryDocuments, setDocument, updateDocument, verifyIdToken };
+export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UploadOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, deleteFile, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserFromToken, initializeApp, listFiles, queryDocuments, setDocument, updateDocument, uploadFile, verifyIdToken };

package/dist/index.d.ts

@@ -425,6 +425,189 @@ declare function queryDocuments(collectionPath: string, options?: QueryOptions):
  */
 declare function batchWrite(operations: BatchWrite[]): Promise<BatchWriteResult>;
 
+/**
+ * Firebase Storage client using Google Cloud Storage REST API
+ * Compatible with edge runtimes (Cloudflare Workers, Vercel Edge, etc.)
+ */
+/**
+ * Options for uploading files
+ */
+interface UploadOptions {
+    contentType?: string;
+    metadata?: Record<string, string>;
+    public?: boolean;
+}
+/**
+ * Options for downloading files
+ */
+interface DownloadOptions {
+    responseType?: 'arraybuffer' | 'blob';
+}
+/**
+ * Options for listing files
+ */
+interface ListOptions {
+    prefix?: string;
+    delimiter?: string;
+    maxResults?: number;
+    pageToken?: string;
+}
+/**
+ * File metadata returned by Storage API
+ */
+interface FileMetadata {
+    name: string;
+    bucket: string;
+    size: string;
+    contentType: string;
+    timeCreated: string;
+    updated: string;
+    md5Hash: string;
+    metadata?: Record<string, string>;
+}
+/**
+ * Result of listing files
+ */
+interface ListFilesResult {
+    files: FileMetadata[];
+    nextPageToken?: string;
+}
+/**
+ * Upload a file to Firebase Storage
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param data - File data as ArrayBuffer, Uint8Array, or Blob
+ * @param options - Upload options (contentType, metadata, public)
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const data = new TextEncoder().encode('Hello, Storage!');
+ * const metadata = await uploadFile('files/hello.txt', data, {
+ *   contentType: 'text/plain',
+ *   metadata: { userId: '123' },
+ * });
+ * ```
+ */
+declare function uploadFile(path: string, data: ArrayBuffer | Uint8Array | Blob, options?: UploadOptions): Promise<FileMetadata>;
+/**
+ * Download a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @param options - Download options
+ * @returns File data as ArrayBuffer
+ *
+ * @example
+ * ```typescript
+ * const data = await downloadFile('files/hello.txt');
+ * const text = new TextDecoder().decode(data);
+ * console.log(text); // "Hello, Storage!"
+ * ```
+ */
+declare function downloadFile(path: string, _options?: DownloadOptions): Promise<ArrayBuffer>;
+/**
+ * Delete a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ *
+ * @example
+ * ```typescript
+ * await deleteFile('files/hello.txt');
+ * ```
+ */
+declare function deleteFile(path: string): Promise<void>;
+/**
+ * Get file metadata from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const metadata = await getFileMetadata('files/hello.txt');
+ * console.log(metadata.size, metadata.contentType);
+ * ```
+ */
+declare function getFileMetadata(path: string): Promise<FileMetadata>;
+/**
+ * List files in Firebase Storage
+ *
+ * @param options - List options (prefix, delimiter, maxResults, pageToken)
+ * @returns List of files and optional next page token
+ *
+ * @example
+ * ```typescript
+ * // List all files with prefix
+ * const { files } = await listFiles({ prefix: 'images/' });
+ *
+ * // List with pagination
+ * const { files, nextPageToken } = await listFiles({ maxResults: 10 });
+ * if (nextPageToken) {
+ *   const nextPage = await listFiles({ pageToken: nextPageToken });
+ * }
+ * ```
+ */
+declare function listFiles(options?: ListOptions): Promise<ListFilesResult>;
+/**
+ * Check if a file exists in Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns True if file exists, false otherwise
+ *
+ * @example
+ * ```typescript
+ * if (await fileExists('files/hello.txt')) {
+ *   console.log('File exists!');
+ * }
+ * ```
+ */
+declare function fileExists(path: string): Promise<boolean>;
+
+/**
+ * Generate signed URLs for temporary access to Firebase Storage files
+ * Uses Google Cloud Storage V4 signing process
+ */
+/**
+ * Options for generating signed URLs
+ */
+interface SignedUrlOptions {
+    action: 'read' | 'write' | 'delete';
+    expires: Date | number;
+    contentType?: string;
+    responseDisposition?: string;
+    responseType?: string;
+}
+/**
+ * Generate a signed URL for temporary access to a Storage file
+ *
+ * Uses Google Cloud Storage V4 signing process
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param options - Signed URL options
+ * @returns Signed URL that can be used without authentication
+ *
+ * @example
+ * ```typescript
+ * // Generate read URL valid for 1 hour
+ * const url = await generateSignedUrl('files/hello.txt', {
+ *   action: 'read',
+ *   expires: 3600,
+ * });
+ *
+ * // Generate write URL with content type
+ * const uploadUrl = await generateSignedUrl('files/upload.jpg', {
+ *   action: 'write',
+ *   expires: 1800, // 30 minutes
+ *   contentType: 'image/jpeg',
+ * });
+ *
+ * // Use the URL (no auth needed)
+ * const response = await fetch(url);
+ * const data = await response.arrayBuffer();
+ * ```
+ */
+declare function generateSignedUrl(path: string, options: SignedUrlOptions): Promise<string>;
+
 /**
  * Firebase Admin SDK v8 - Field Value Helpers
  * Special field values for Firestore operations
@@ -522,4 +705,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FirestoreDocument, type FirestoreValue, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type TokenResponse, type UpdateOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, getAdminAccessToken, getAuth, getConfig, getDocument, getProjectId, getServiceAccount, getUserFromToken, initializeApp, queryDocuments, setDocument, updateDocument, verifyIdToken };
+export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UploadOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, deleteFile, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserFromToken, initializeApp, listFiles, queryDocuments, setDocument, updateDocument, uploadFile, verifyIdToken };

package/dist/index.js

@@ -26,17 +26,24 @@ __export(index_exports, {
   clearConfig: () => clearConfig,
   clearTokenCache: () => clearTokenCache,
   deleteDocument: () => deleteDocument,
+  deleteFile: () => deleteFile,
+  downloadFile: () => downloadFile,
+  fileExists: () => fileExists,
+  generateSignedUrl: () => generateSignedUrl,
   getAdminAccessToken: () => getAdminAccessToken,
   getAuth: () => getAuth,
   getConfig: () => getConfig,
   getDocument: () => getDocument,
+  getFileMetadata: () => getFileMetadata,
   getProjectId: () => getProjectId,
   getServiceAccount: () => getServiceAccount,
   getUserFromToken: () => getUserFromToken,
   initializeApp: () => initializeApp,
+  listFiles: () => listFiles,
   queryDocuments: () => queryDocuments,
   setDocument: () => setDocument,
   updateDocument: () => updateDocument,
+  uploadFile: () => uploadFile,
   verifyIdToken: () => verifyIdToken
 });
 module.exports = __toCommonJS(index_exports);
@@ -679,6 +686,26 @@ function clearTokenCache() {
   tokenExpiry = 0;
 }
 
+// src/firestore/path-validation.ts
+function validateCollectionPath(argumentName, collectionPath) {
+  const segments = collectionPath.split("/").filter((s) => s.length > 0);
+  if (segments.length % 2 === 0) {
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a collection, but was "${collectionPath}". Your path does not contain an odd number of components.`
+    );
+  }
+}
+function validateDocumentPath(argumentName, collectionPath, documentId) {
+  const collectionSegments = collectionPath.split("/").filter((s) => s.length > 0);
+  const totalSegments = collectionSegments.length + 1;
+  if (totalSegments % 2 !== 0) {
+    const fullPath = `${collectionPath}/${documentId}`;
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a document, but was "${fullPath}". Your path does not contain an even number of components.`
+    );
+  }
+}
+
 // src/firestore/operations.ts
 var FIRESTORE_API = "https://firestore.googleapis.com/v1";
 async function commitWrites(writes) {
@@ -699,6 +726,7 @@ async function commitWrites(writes) {
   }
 }
 async function setDocument(collectionPath, documentId, data, options) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -748,6 +776,7 @@ async function setDocument(collectionPath, documentId, data, options) {
   }
 }
 async function addDocument(collectionPath, data, documentId) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const baseUrl = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}`;
@@ -779,6 +808,7 @@ async function addDocument(collectionPath, data, documentId) {
   };
 }
 async function getDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -798,6 +828,7 @@ async function getDocument(collectionPath, documentId) {
   return convertFromFirestoreFormat(result.fields);
 }
 async function updateDocument(collectionPath, documentId, data) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -850,6 +881,7 @@ async function updateDocument(collectionPath, documentId, data) {
   }
 }
 async function deleteDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -865,6 +897,7 @@ async function deleteDocument(collectionPath, documentId) {
   }
 }
 async function queryDocuments(collectionPath, options) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   if (!options || Object.keys(options).length === 0) {
@@ -981,6 +1014,299 @@ async function batchWrite(operations) {
   }
   return await response.json();
 }
+
+// src/storage/client.ts
+var STORAGE_API_BASE = "https://storage.googleapis.com/storage/v1";
+var UPLOAD_API_BASE = "https://storage.googleapis.com/upload/storage/v1";
+function getDefaultBucket() {
+  const projectId = getProjectId();
+  return `${projectId}.appspot.com`;
+}
+function detectContentType(filename) {
+  const ext = filename.split(".").pop()?.toLowerCase();
+  const mimeTypes = {
+    "txt": "text/plain",
+    "html": "text/html",
+    "htm": "text/html",
+    "css": "text/css",
+    "js": "application/javascript",
+    "json": "application/json",
+    "xml": "application/xml",
+    "jpg": "image/jpeg",
+    "jpeg": "image/jpeg",
+    "png": "image/png",
+    "gif": "image/gif",
+    "svg": "image/svg+xml",
+    "webp": "image/webp",
+    "pdf": "application/pdf",
+    "zip": "application/zip",
+    "mp4": "video/mp4",
+    "mp3": "audio/mpeg",
+    "wav": "audio/wav"
+  };
+  return mimeTypes[ext || ""] || "application/octet-stream";
+}
+async function uploadFile(path, data, options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const contentType = options.contentType || detectContentType(path);
+  const url = `${UPLOAD_API_BASE}/b/${encodeURIComponent(bucket)}/o?uploadType=media&name=${encodeURIComponent(path)}`;
+  let body;
+  if (data instanceof Blob) {
+    body = await data.arrayBuffer();
+  } else if (data instanceof Uint8Array) {
+    const buffer = new ArrayBuffer(data.byteLength);
+    new Uint8Array(buffer).set(data);
+    body = buffer;
+  } else {
+    body = data;
+  }
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": contentType,
+      "Content-Length": body.byteLength.toString()
+    },
+    body
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to upload file: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  if (options.public) {
+    await makeFilePublic(path);
+  }
+  if (options.metadata) {
+    return await updateFileMetadata(path, options.metadata);
+  }
+  return result;
+}
+async function downloadFile(path, _options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}?alt=media`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to download file: ${response.status} ${errorText}`);
+  }
+  return await response.arrayBuffer();
+}
+async function deleteFile(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "DELETE",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to delete file: ${response.status} ${errorText}`);
+  }
+}
+async function getFileMetadata(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function updateFileMetadata(path, metadata) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "PATCH",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ metadata })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to update file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function makeFilePublic(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}/acl`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      entity: "allUsers",
+      role: "READER"
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to make file public: ${response.status} ${errorText}`);
+  }
+}
+async function listFiles(options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const params = new URLSearchParams();
+  if (options.prefix) params.append("prefix", options.prefix);
+  if (options.delimiter) params.append("delimiter", options.delimiter);
+  if (options.maxResults) params.append("maxResults", options.maxResults.toString());
+  if (options.pageToken) params.append("pageToken", options.pageToken);
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o?${params.toString()}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to list files: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  return {
+    files: result.items || [],
+    nextPageToken: result.nextPageToken
+  };
+}
+async function fileExists(path) {
+  try {
+    await getFileMetadata(path);
+    return true;
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("404")) {
+      return false;
+    }
+    throw error;
+  }
+}
+
+// src/storage/signed-urls.ts
+function getExpirationTimestamp(expires) {
+  if (expires instanceof Date) {
+    return Math.floor(expires.getTime() / 1e3);
+  }
+  return Math.floor(Date.now() / 1e3) + expires;
+}
+function actionToMethod(action) {
+  switch (action) {
+    case "read":
+      return "GET";
+    case "write":
+      return "PUT";
+    case "delete":
+      return "DELETE";
+  }
+}
+function stringToHex(str) {
+  const encoder = new TextEncoder();
+  const bytes = encoder.encode(str);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function signData(data, privateKey) {
+  const pemHeader = "-----BEGIN PRIVATE KEY-----";
+  const pemFooter = "-----END PRIVATE KEY-----";
+  const pemContents = privateKey.replace(pemHeader, "").replace(pemFooter, "").replace(/\s/g, "");
+  const binaryString = atob(pemContents);
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  const key = await crypto.subtle.importKey(
+    "pkcs8",
+    bytes,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256"
+    },
+    false,
+    ["sign"]
+  );
+  const encoder = new TextEncoder();
+  const dataBytes = encoder.encode(data);
+  const signature = await crypto.subtle.sign(
+    "RSASSA-PKCS1-v1_5",
+    key,
+    dataBytes
+  );
+  const signatureArray = new Uint8Array(signature);
+  return Array.from(signatureArray).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function generateSignedUrl(path, options) {
+  const serviceAccount = getServiceAccount();
+  const projectId = getProjectId();
+  const bucket = `${projectId}.appspot.com`;
+  const method = actionToMethod(options.action);
+  const expiration = getExpirationTimestamp(options.expires);
+  const timestamp = Math.floor(Date.now() / 1e3);
+  const datestamp = new Date(timestamp * 1e3).toISOString().split("T")[0].replace(/-/g, "");
+  const credentialScope = `${datestamp}/auto/storage/goog4_request`;
+  const credential = `${serviceAccount.client_email}/${credentialScope}`;
+  const canonicalHeaders = `host:storage.googleapis.com
+`;
+  const signedHeaders = "host";
+  const queryParams = {
+    "X-Goog-Algorithm": "GOOG4-RSA-SHA256",
+    "X-Goog-Credential": credential,
+    "X-Goog-Date": `${datestamp}T000000Z`,
+    "X-Goog-Expires": (expiration - timestamp).toString(),
+    "X-Goog-SignedHeaders": signedHeaders
+  };
+  if (options.contentType) {
+    queryParams["response-content-type"] = options.contentType;
+  }
+  if (options.responseDisposition) {
+    queryParams["response-content-disposition"] = options.responseDisposition;
+  }
+  if (options.responseType) {
+    queryParams["response-content-type"] = options.responseType;
+  }
+  const sortedParams = Object.keys(queryParams).sort();
+  const canonicalQueryString = sortedParams.map((key) => `${encodeURIComponent(key)}=${encodeURIComponent(queryParams[key])}`).join("&");
+  const canonicalUri = `/${bucket}/${path}`;
+  const canonicalRequest = [
+    method,
+    canonicalUri,
+    canonicalQueryString,
+    canonicalHeaders,
+    signedHeaders,
+    "UNSIGNED-PAYLOAD"
+  ].join("\n");
+  const canonicalRequestHash = stringToHex(canonicalRequest);
+  const stringToSign = [
+    "GOOG4-RSA-SHA256",
+    `${datestamp}T000000Z`,
+    credentialScope,
+    canonicalRequestHash
+  ].join("\n");
+  const signature = await signData(stringToSign, serviceAccount.private_key);
+  const signedUrl = `https://storage.googleapis.com${canonicalUri}?${canonicalQueryString}&X-Goog-Signature=${signature}`;
+  return signedUrl;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   FieldValue,
@@ -989,16 +1315,23 @@ async function batchWrite(operations) {
   clearConfig,
   clearTokenCache,
   deleteDocument,
+  deleteFile,
+  downloadFile,
+  fileExists,
+  generateSignedUrl,
   getAdminAccessToken,
   getAuth,
   getConfig,
   getDocument,
+  getFileMetadata,
   getProjectId,
   getServiceAccount,
   getUserFromToken,
   initializeApp,
+  listFiles,
   queryDocuments,
   setDocument,
   updateDocument,
+  uploadFile,
   verifyIdToken
 });

package/dist/index.mjs

@@ -636,6 +636,26 @@ function clearTokenCache() {
   tokenExpiry = 0;
 }
 
+// src/firestore/path-validation.ts
+function validateCollectionPath(argumentName, collectionPath) {
+  const segments = collectionPath.split("/").filter((s) => s.length > 0);
+  if (segments.length % 2 === 0) {
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a collection, but was "${collectionPath}". Your path does not contain an odd number of components.`
+    );
+  }
+}
+function validateDocumentPath(argumentName, collectionPath, documentId) {
+  const collectionSegments = collectionPath.split("/").filter((s) => s.length > 0);
+  const totalSegments = collectionSegments.length + 1;
+  if (totalSegments % 2 !== 0) {
+    const fullPath = `${collectionPath}/${documentId}`;
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a document, but was "${fullPath}". Your path does not contain an even number of components.`
+    );
+  }
+}
+
 // src/firestore/operations.ts
 var FIRESTORE_API = "https://firestore.googleapis.com/v1";
 async function commitWrites(writes) {
@@ -656,6 +676,7 @@ async function commitWrites(writes) {
   }
 }
 async function setDocument(collectionPath, documentId, data, options) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -705,6 +726,7 @@ async function setDocument(collectionPath, documentId, data, options) {
   }
 }
 async function addDocument(collectionPath, data, documentId) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const baseUrl = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}`;
@@ -736,6 +758,7 @@ async function addDocument(collectionPath, data, documentId) {
   };
 }
 async function getDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -755,6 +778,7 @@ async function getDocument(collectionPath, documentId) {
   return convertFromFirestoreFormat(result.fields);
 }
 async function updateDocument(collectionPath, documentId, data) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -807,6 +831,7 @@ async function updateDocument(collectionPath, documentId, data) {
   }
 }
 async function deleteDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -822,6 +847,7 @@ async function deleteDocument(collectionPath, documentId) {
   }
 }
 async function queryDocuments(collectionPath, options) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   if (!options || Object.keys(options).length === 0) {
@@ -938,6 +964,299 @@ async function batchWrite(operations) {
   }
   return await response.json();
 }
+
+// src/storage/client.ts
+var STORAGE_API_BASE = "https://storage.googleapis.com/storage/v1";
+var UPLOAD_API_BASE = "https://storage.googleapis.com/upload/storage/v1";
+function getDefaultBucket() {
+  const projectId = getProjectId();
+  return `${projectId}.appspot.com`;
+}
+function detectContentType(filename) {
+  const ext = filename.split(".").pop()?.toLowerCase();
+  const mimeTypes = {
+    "txt": "text/plain",
+    "html": "text/html",
+    "htm": "text/html",
+    "css": "text/css",
+    "js": "application/javascript",
+    "json": "application/json",
+    "xml": "application/xml",
+    "jpg": "image/jpeg",
+    "jpeg": "image/jpeg",
+    "png": "image/png",
+    "gif": "image/gif",
+    "svg": "image/svg+xml",
+    "webp": "image/webp",
+    "pdf": "application/pdf",
+    "zip": "application/zip",
+    "mp4": "video/mp4",
+    "mp3": "audio/mpeg",
+    "wav": "audio/wav"
+  };
+  return mimeTypes[ext || ""] || "application/octet-stream";
+}
+async function uploadFile(path, data, options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const contentType = options.contentType || detectContentType(path);
+  const url = `${UPLOAD_API_BASE}/b/${encodeURIComponent(bucket)}/o?uploadType=media&name=${encodeURIComponent(path)}`;
+  let body;
+  if (data instanceof Blob) {
+    body = await data.arrayBuffer();
+  } else if (data instanceof Uint8Array) {
+    const buffer = new ArrayBuffer(data.byteLength);
+    new Uint8Array(buffer).set(data);
+    body = buffer;
+  } else {
+    body = data;
+  }
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": contentType,
+      "Content-Length": body.byteLength.toString()
+    },
+    body
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to upload file: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  if (options.public) {
+    await makeFilePublic(path);
+  }
+  if (options.metadata) {
+    return await updateFileMetadata(path, options.metadata);
+  }
+  return result;
+}
+async function downloadFile(path, _options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}?alt=media`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to download file: ${response.status} ${errorText}`);
+  }
+  return await response.arrayBuffer();
+}
+async function deleteFile(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "DELETE",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to delete file: ${response.status} ${errorText}`);
+  }
+}
+async function getFileMetadata(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function updateFileMetadata(path, metadata) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "PATCH",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ metadata })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to update file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function makeFilePublic(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}/acl`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      entity: "allUsers",
+      role: "READER"
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to make file public: ${response.status} ${errorText}`);
+  }
+}
+async function listFiles(options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const params = new URLSearchParams();
+  if (options.prefix) params.append("prefix", options.prefix);
+  if (options.delimiter) params.append("delimiter", options.delimiter);
+  if (options.maxResults) params.append("maxResults", options.maxResults.toString());
+  if (options.pageToken) params.append("pageToken", options.pageToken);
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o?${params.toString()}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to list files: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  return {
+    files: result.items || [],
+    nextPageToken: result.nextPageToken
+  };
+}
+async function fileExists(path) {
+  try {
+    await getFileMetadata(path);
+    return true;
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("404")) {
+      return false;
+    }
+    throw error;
+  }
+}
+
+// src/storage/signed-urls.ts
+function getExpirationTimestamp(expires) {
+  if (expires instanceof Date) {
+    return Math.floor(expires.getTime() / 1e3);
+  }
+  return Math.floor(Date.now() / 1e3) + expires;
+}
+function actionToMethod(action) {
+  switch (action) {
+    case "read":
+      return "GET";
+    case "write":
+      return "PUT";
+    case "delete":
+      return "DELETE";
+  }
+}
+function stringToHex(str) {
+  const encoder = new TextEncoder();
+  const bytes = encoder.encode(str);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function signData(data, privateKey) {
+  const pemHeader = "-----BEGIN PRIVATE KEY-----";
+  const pemFooter = "-----END PRIVATE KEY-----";
+  const pemContents = privateKey.replace(pemHeader, "").replace(pemFooter, "").replace(/\s/g, "");
+  const binaryString = atob(pemContents);
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  const key = await crypto.subtle.importKey(
+    "pkcs8",
+    bytes,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256"
+    },
+    false,
+    ["sign"]
+  );
+  const encoder = new TextEncoder();
+  const dataBytes = encoder.encode(data);
+  const signature = await crypto.subtle.sign(
+    "RSASSA-PKCS1-v1_5",
+    key,
+    dataBytes
+  );
+  const signatureArray = new Uint8Array(signature);
+  return Array.from(signatureArray).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function generateSignedUrl(path, options) {
+  const serviceAccount = getServiceAccount();
+  const projectId = getProjectId();
+  const bucket = `${projectId}.appspot.com`;
+  const method = actionToMethod(options.action);
+  const expiration = getExpirationTimestamp(options.expires);
+  const timestamp = Math.floor(Date.now() / 1e3);
+  const datestamp = new Date(timestamp * 1e3).toISOString().split("T")[0].replace(/-/g, "");
+  const credentialScope = `${datestamp}/auto/storage/goog4_request`;
+  const credential = `${serviceAccount.client_email}/${credentialScope}`;
+  const canonicalHeaders = `host:storage.googleapis.com
+`;
+  const signedHeaders = "host";
+  const queryParams = {
+    "X-Goog-Algorithm": "GOOG4-RSA-SHA256",
+    "X-Goog-Credential": credential,
+    "X-Goog-Date": `${datestamp}T000000Z`,
+    "X-Goog-Expires": (expiration - timestamp).toString(),
+    "X-Goog-SignedHeaders": signedHeaders
+  };
+  if (options.contentType) {
+    queryParams["response-content-type"] = options.contentType;
+  }
+  if (options.responseDisposition) {
+    queryParams["response-content-disposition"] = options.responseDisposition;
+  }
+  if (options.responseType) {
+    queryParams["response-content-type"] = options.responseType;
+  }
+  const sortedParams = Object.keys(queryParams).sort();
+  const canonicalQueryString = sortedParams.map((key) => `${encodeURIComponent(key)}=${encodeURIComponent(queryParams[key])}`).join("&");
+  const canonicalUri = `/${bucket}/${path}`;
+  const canonicalRequest = [
+    method,
+    canonicalUri,
+    canonicalQueryString,
+    canonicalHeaders,
+    signedHeaders,
+    "UNSIGNED-PAYLOAD"
+  ].join("\n");
+  const canonicalRequestHash = stringToHex(canonicalRequest);
+  const stringToSign = [
+    "GOOG4-RSA-SHA256",
+    `${datestamp}T000000Z`,
+    credentialScope,
+    canonicalRequestHash
+  ].join("\n");
+  const signature = await signData(stringToSign, serviceAccount.private_key);
+  const signedUrl = `https://storage.googleapis.com${canonicalUri}?${canonicalQueryString}&X-Goog-Signature=${signature}`;
+  return signedUrl;
+}
 export {
   FieldValue,
   addDocument,
@@ -945,16 +1264,23 @@ export {
   clearConfig,
   clearTokenCache,
   deleteDocument,
+  deleteFile,
+  downloadFile,
+  fileExists,
+  generateSignedUrl,
   getAdminAccessToken,
   getAuth,
   getConfig,
   getDocument,
+  getFileMetadata,
   getProjectId,
   getServiceAccount,
   getUserFromToken,
   initializeApp,
+  listFiles,
   queryDocuments,
   setDocument,
   updateDocument,
+  uploadFile,
   verifyIdToken
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/firebase-admin-sdk-v8",
-  "version": "2.0.20",
+  "version": "2.0.22",
   "description": "Firebase Admin SDK for Cloudflare Workers and edge runtimes using REST APIs",
   "main": "dist/index.js",
   "module": "dist/index.mjs",