@prmichaelsen/firebase-admin-sdk-v8 2.0.21 → 2.0.22

package/dist/index.d.mts

@@ -425,6 +425,189 @@ declare function queryDocuments(collectionPath: string, options?: QueryOptions):
  */
 declare function batchWrite(operations: BatchWrite[]): Promise<BatchWriteResult>;
 
+/**
+ * Firebase Storage client using Google Cloud Storage REST API
+ * Compatible with edge runtimes (Cloudflare Workers, Vercel Edge, etc.)
+ */
+/**
+ * Options for uploading files
+ */
+interface UploadOptions {
+    contentType?: string;
+    metadata?: Record<string, string>;
+    public?: boolean;
+}
+/**
+ * Options for downloading files
+ */
+interface DownloadOptions {
+    responseType?: 'arraybuffer' | 'blob';
+}
+/**
+ * Options for listing files
+ */
+interface ListOptions {
+    prefix?: string;
+    delimiter?: string;
+    maxResults?: number;
+    pageToken?: string;
+}
+/**
+ * File metadata returned by Storage API
+ */
+interface FileMetadata {
+    name: string;
+    bucket: string;
+    size: string;
+    contentType: string;
+    timeCreated: string;
+    updated: string;
+    md5Hash: string;
+    metadata?: Record<string, string>;
+}
+/**
+ * Result of listing files
+ */
+interface ListFilesResult {
+    files: FileMetadata[];
+    nextPageToken?: string;
+}
+/**
+ * Upload a file to Firebase Storage
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param data - File data as ArrayBuffer, Uint8Array, or Blob
+ * @param options - Upload options (contentType, metadata, public)
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const data = new TextEncoder().encode('Hello, Storage!');
+ * const metadata = await uploadFile('files/hello.txt', data, {
+ *   contentType: 'text/plain',
+ *   metadata: { userId: '123' },
+ * });
+ * ```
+ */
+declare function uploadFile(path: string, data: ArrayBuffer | Uint8Array | Blob, options?: UploadOptions): Promise<FileMetadata>;
+/**
+ * Download a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @param options - Download options
+ * @returns File data as ArrayBuffer
+ *
+ * @example
+ * ```typescript
+ * const data = await downloadFile('files/hello.txt');
+ * const text = new TextDecoder().decode(data);
+ * console.log(text); // "Hello, Storage!"
+ * ```
+ */
+declare function downloadFile(path: string, _options?: DownloadOptions): Promise<ArrayBuffer>;
+/**
+ * Delete a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ *
+ * @example
+ * ```typescript
+ * await deleteFile('files/hello.txt');
+ * ```
+ */
+declare function deleteFile(path: string): Promise<void>;
+/**
+ * Get file metadata from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const metadata = await getFileMetadata('files/hello.txt');
+ * console.log(metadata.size, metadata.contentType);
+ * ```
+ */
+declare function getFileMetadata(path: string): Promise<FileMetadata>;
+/**
+ * List files in Firebase Storage
+ *
+ * @param options - List options (prefix, delimiter, maxResults, pageToken)
+ * @returns List of files and optional next page token
+ *
+ * @example
+ * ```typescript
+ * // List all files with prefix
+ * const { files } = await listFiles({ prefix: 'images/' });
+ *
+ * // List with pagination
+ * const { files, nextPageToken } = await listFiles({ maxResults: 10 });
+ * if (nextPageToken) {
+ *   const nextPage = await listFiles({ pageToken: nextPageToken });
+ * }
+ * ```
+ */
+declare function listFiles(options?: ListOptions): Promise<ListFilesResult>;
+/**
+ * Check if a file exists in Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns True if file exists, false otherwise
+ *
+ * @example
+ * ```typescript
+ * if (await fileExists('files/hello.txt')) {
+ *   console.log('File exists!');
+ * }
+ * ```
+ */
+declare function fileExists(path: string): Promise<boolean>;
+
+/**
+ * Generate signed URLs for temporary access to Firebase Storage files
+ * Uses Google Cloud Storage V4 signing process
+ */
+/**
+ * Options for generating signed URLs
+ */
+interface SignedUrlOptions {
+    action: 'read' | 'write' | 'delete';
+    expires: Date | number;
+    contentType?: string;
+    responseDisposition?: string;
+    responseType?: string;
+}
+/**
+ * Generate a signed URL for temporary access to a Storage file
+ *
+ * Uses Google Cloud Storage V4 signing process
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param options - Signed URL options
+ * @returns Signed URL that can be used without authentication
+ *
+ * @example
+ * ```typescript
+ * // Generate read URL valid for 1 hour
+ * const url = await generateSignedUrl('files/hello.txt', {
+ *   action: 'read',
+ *   expires: 3600,
+ * });
+ *
+ * // Generate write URL with content type
+ * const uploadUrl = await generateSignedUrl('files/upload.jpg', {
+ *   action: 'write',
+ *   expires: 1800, // 30 minutes
+ *   contentType: 'image/jpeg',
+ * });
+ *
+ * // Use the URL (no auth needed)
+ * const response = await fetch(url);
+ * const data = await response.arrayBuffer();
+ * ```
+ */
+declare function generateSignedUrl(path: string, options: SignedUrlOptions): Promise<string>;
+
 /**
  * Firebase Admin SDK v8 - Field Value Helpers
  * Special field values for Firestore operations
@@ -522,4 +705,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FirestoreDocument, type FirestoreValue, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type TokenResponse, type UpdateOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, getAdminAccessToken, getAuth, getConfig, getDocument, getProjectId, getServiceAccount, getUserFromToken, initializeApp, queryDocuments, setDocument, updateDocument, verifyIdToken };
+export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UploadOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, deleteFile, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserFromToken, initializeApp, listFiles, queryDocuments, setDocument, updateDocument, uploadFile, verifyIdToken };

package/dist/index.d.ts

@@ -425,6 +425,189 @@ declare function queryDocuments(collectionPath: string, options?: QueryOptions):
  */
 declare function batchWrite(operations: BatchWrite[]): Promise<BatchWriteResult>;
 
+/**
+ * Firebase Storage client using Google Cloud Storage REST API
+ * Compatible with edge runtimes (Cloudflare Workers, Vercel Edge, etc.)
+ */
+/**
+ * Options for uploading files
+ */
+interface UploadOptions {
+    contentType?: string;
+    metadata?: Record<string, string>;
+    public?: boolean;
+}
+/**
+ * Options for downloading files
+ */
+interface DownloadOptions {
+    responseType?: 'arraybuffer' | 'blob';
+}
+/**
+ * Options for listing files
+ */
+interface ListOptions {
+    prefix?: string;
+    delimiter?: string;
+    maxResults?: number;
+    pageToken?: string;
+}
+/**
+ * File metadata returned by Storage API
+ */
+interface FileMetadata {
+    name: string;
+    bucket: string;
+    size: string;
+    contentType: string;
+    timeCreated: string;
+    updated: string;
+    md5Hash: string;
+    metadata?: Record<string, string>;
+}
+/**
+ * Result of listing files
+ */
+interface ListFilesResult {
+    files: FileMetadata[];
+    nextPageToken?: string;
+}
+/**
+ * Upload a file to Firebase Storage
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param data - File data as ArrayBuffer, Uint8Array, or Blob
+ * @param options - Upload options (contentType, metadata, public)
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const data = new TextEncoder().encode('Hello, Storage!');
+ * const metadata = await uploadFile('files/hello.txt', data, {
+ *   contentType: 'text/plain',
+ *   metadata: { userId: '123' },
+ * });
+ * ```
+ */
+declare function uploadFile(path: string, data: ArrayBuffer | Uint8Array | Blob, options?: UploadOptions): Promise<FileMetadata>;
+/**
+ * Download a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @param options - Download options
+ * @returns File data as ArrayBuffer
+ *
+ * @example
+ * ```typescript
+ * const data = await downloadFile('files/hello.txt');
+ * const text = new TextDecoder().decode(data);
+ * console.log(text); // "Hello, Storage!"
+ * ```
+ */
+declare function downloadFile(path: string, _options?: DownloadOptions): Promise<ArrayBuffer>;
+/**
+ * Delete a file from Firebase Storage
+ *
+ * @param path - File path in storage
+ *
+ * @example
+ * ```typescript
+ * await deleteFile('files/hello.txt');
+ * ```
+ */
+declare function deleteFile(path: string): Promise<void>;
+/**
+ * Get file metadata from Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns File metadata
+ *
+ * @example
+ * ```typescript
+ * const metadata = await getFileMetadata('files/hello.txt');
+ * console.log(metadata.size, metadata.contentType);
+ * ```
+ */
+declare function getFileMetadata(path: string): Promise<FileMetadata>;
+/**
+ * List files in Firebase Storage
+ *
+ * @param options - List options (prefix, delimiter, maxResults, pageToken)
+ * @returns List of files and optional next page token
+ *
+ * @example
+ * ```typescript
+ * // List all files with prefix
+ * const { files } = await listFiles({ prefix: 'images/' });
+ *
+ * // List with pagination
+ * const { files, nextPageToken } = await listFiles({ maxResults: 10 });
+ * if (nextPageToken) {
+ *   const nextPage = await listFiles({ pageToken: nextPageToken });
+ * }
+ * ```
+ */
+declare function listFiles(options?: ListOptions): Promise<ListFilesResult>;
+/**
+ * Check if a file exists in Firebase Storage
+ *
+ * @param path - File path in storage
+ * @returns True if file exists, false otherwise
+ *
+ * @example
+ * ```typescript
+ * if (await fileExists('files/hello.txt')) {
+ *   console.log('File exists!');
+ * }
+ * ```
+ */
+declare function fileExists(path: string): Promise<boolean>;
+
+/**
+ * Generate signed URLs for temporary access to Firebase Storage files
+ * Uses Google Cloud Storage V4 signing process
+ */
+/**
+ * Options for generating signed URLs
+ */
+interface SignedUrlOptions {
+    action: 'read' | 'write' | 'delete';
+    expires: Date | number;
+    contentType?: string;
+    responseDisposition?: string;
+    responseType?: string;
+}
+/**
+ * Generate a signed URL for temporary access to a Storage file
+ *
+ * Uses Google Cloud Storage V4 signing process
+ *
+ * @param path - File path in storage (e.g., 'images/photo.jpg')
+ * @param options - Signed URL options
+ * @returns Signed URL that can be used without authentication
+ *
+ * @example
+ * ```typescript
+ * // Generate read URL valid for 1 hour
+ * const url = await generateSignedUrl('files/hello.txt', {
+ *   action: 'read',
+ *   expires: 3600,
+ * });
+ *
+ * // Generate write URL with content type
+ * const uploadUrl = await generateSignedUrl('files/upload.jpg', {
+ *   action: 'write',
+ *   expires: 1800, // 30 minutes
+ *   contentType: 'image/jpeg',
+ * });
+ *
+ * // Use the URL (no auth needed)
+ * const response = await fetch(url);
+ * const data = await response.arrayBuffer();
+ * ```
+ */
+declare function generateSignedUrl(path: string, options: SignedUrlOptions): Promise<string>;
+
 /**
  * Firebase Admin SDK v8 - Field Value Helpers
  * Special field values for Firestore operations
@@ -522,4 +705,4 @@ declare function getAdminAccessToken(): Promise<string>;
  */
 declare function clearTokenCache(): void;
 
-export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FirestoreDocument, type FirestoreValue, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type TokenResponse, type UpdateOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, getAdminAccessToken, getAuth, getConfig, getDocument, getProjectId, getServiceAccount, getUserFromToken, initializeApp, queryDocuments, setDocument, updateDocument, verifyIdToken };
+export { type BatchWrite, type BatchWriteResult, type DataObject, type DecodedIdToken, type DocumentReference, type DownloadOptions, FieldValue, type FieldValue$1 as FieldValueSentinel, FieldValueType, type FileMetadata, type FirestoreDocument, type FirestoreValue, type ListFilesResult, type ListOptions, type QueryFilter, type QueryOptions, type QueryOrder, type ServiceAccount, type SetOptions, type SignedUrlOptions, type TokenResponse, type UpdateOptions, type UploadOptions, type UserInfo, type WhereFilterOp, addDocument, batchWrite, clearConfig, clearTokenCache, deleteDocument, deleteFile, downloadFile, fileExists, generateSignedUrl, getAdminAccessToken, getAuth, getConfig, getDocument, getFileMetadata, getProjectId, getServiceAccount, getUserFromToken, initializeApp, listFiles, queryDocuments, setDocument, updateDocument, uploadFile, verifyIdToken };

package/dist/index.js

@@ -26,17 +26,24 @@ __export(index_exports, {
   clearConfig: () => clearConfig,
   clearTokenCache: () => clearTokenCache,
   deleteDocument: () => deleteDocument,
+  deleteFile: () => deleteFile,
+  downloadFile: () => downloadFile,
+  fileExists: () => fileExists,
+  generateSignedUrl: () => generateSignedUrl,
   getAdminAccessToken: () => getAdminAccessToken,
   getAuth: () => getAuth,
   getConfig: () => getConfig,
   getDocument: () => getDocument,
+  getFileMetadata: () => getFileMetadata,
   getProjectId: () => getProjectId,
   getServiceAccount: () => getServiceAccount,
   getUserFromToken: () => getUserFromToken,
   initializeApp: () => initializeApp,
+  listFiles: () => listFiles,
   queryDocuments: () => queryDocuments,
   setDocument: () => setDocument,
   updateDocument: () => updateDocument,
+  uploadFile: () => uploadFile,
   verifyIdToken: () => verifyIdToken
 });
 module.exports = __toCommonJS(index_exports);
@@ -679,6 +686,26 @@ function clearTokenCache() {
   tokenExpiry = 0;
 }
 
+// src/firestore/path-validation.ts
+function validateCollectionPath(argumentName, collectionPath) {
+  const segments = collectionPath.split("/").filter((s) => s.length > 0);
+  if (segments.length % 2 === 0) {
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a collection, but was "${collectionPath}". Your path does not contain an odd number of components.`
+    );
+  }
+}
+function validateDocumentPath(argumentName, collectionPath, documentId) {
+  const collectionSegments = collectionPath.split("/").filter((s) => s.length > 0);
+  const totalSegments = collectionSegments.length + 1;
+  if (totalSegments % 2 !== 0) {
+    const fullPath = `${collectionPath}/${documentId}`;
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a document, but was "${fullPath}". Your path does not contain an even number of components.`
+    );
+  }
+}
+
 // src/firestore/operations.ts
 var FIRESTORE_API = "https://firestore.googleapis.com/v1";
 async function commitWrites(writes) {
@@ -699,6 +726,7 @@ async function commitWrites(writes) {
   }
 }
 async function setDocument(collectionPath, documentId, data, options) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -748,6 +776,7 @@ async function setDocument(collectionPath, documentId, data, options) {
   }
 }
 async function addDocument(collectionPath, data, documentId) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const baseUrl = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}`;
@@ -779,6 +808,7 @@ async function addDocument(collectionPath, data, documentId) {
   };
 }
 async function getDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -798,6 +828,7 @@ async function getDocument(collectionPath, documentId) {
   return convertFromFirestoreFormat(result.fields);
 }
 async function updateDocument(collectionPath, documentId, data) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -850,6 +881,7 @@ async function updateDocument(collectionPath, documentId, data) {
   }
 }
 async function deleteDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -865,6 +897,7 @@ async function deleteDocument(collectionPath, documentId) {
   }
 }
 async function queryDocuments(collectionPath, options) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   if (!options || Object.keys(options).length === 0) {
@@ -981,6 +1014,299 @@ async function batchWrite(operations) {
   }
   return await response.json();
 }
+
+// src/storage/client.ts
+var STORAGE_API_BASE = "https://storage.googleapis.com/storage/v1";
+var UPLOAD_API_BASE = "https://storage.googleapis.com/upload/storage/v1";
+function getDefaultBucket() {
+  const projectId = getProjectId();
+  return `${projectId}.appspot.com`;
+}
+function detectContentType(filename) {
+  const ext = filename.split(".").pop()?.toLowerCase();
+  const mimeTypes = {
+    "txt": "text/plain",
+    "html": "text/html",
+    "htm": "text/html",
+    "css": "text/css",
+    "js": "application/javascript",
+    "json": "application/json",
+    "xml": "application/xml",
+    "jpg": "image/jpeg",
+    "jpeg": "image/jpeg",
+    "png": "image/png",
+    "gif": "image/gif",
+    "svg": "image/svg+xml",
+    "webp": "image/webp",
+    "pdf": "application/pdf",
+    "zip": "application/zip",
+    "mp4": "video/mp4",
+    "mp3": "audio/mpeg",
+    "wav": "audio/wav"
+  };
+  return mimeTypes[ext || ""] || "application/octet-stream";
+}
+async function uploadFile(path, data, options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const contentType = options.contentType || detectContentType(path);
+  const url = `${UPLOAD_API_BASE}/b/${encodeURIComponent(bucket)}/o?uploadType=media&name=${encodeURIComponent(path)}`;
+  let body;
+  if (data instanceof Blob) {
+    body = await data.arrayBuffer();
+  } else if (data instanceof Uint8Array) {
+    const buffer = new ArrayBuffer(data.byteLength);
+    new Uint8Array(buffer).set(data);
+    body = buffer;
+  } else {
+    body = data;
+  }
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": contentType,
+      "Content-Length": body.byteLength.toString()
+    },
+    body
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to upload file: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  if (options.public) {
+    await makeFilePublic(path);
+  }
+  if (options.metadata) {
+    return await updateFileMetadata(path, options.metadata);
+  }
+  return result;
+}
+async function downloadFile(path, _options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}?alt=media`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to download file: ${response.status} ${errorText}`);
+  }
+  return await response.arrayBuffer();
+}
+async function deleteFile(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "DELETE",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to delete file: ${response.status} ${errorText}`);
+  }
+}
+async function getFileMetadata(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function updateFileMetadata(path, metadata) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "PATCH",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ metadata })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to update file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function makeFilePublic(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}/acl`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      entity: "allUsers",
+      role: "READER"
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to make file public: ${response.status} ${errorText}`);
+  }
+}
+async function listFiles(options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const params = new URLSearchParams();
+  if (options.prefix) params.append("prefix", options.prefix);
+  if (options.delimiter) params.append("delimiter", options.delimiter);
+  if (options.maxResults) params.append("maxResults", options.maxResults.toString());
+  if (options.pageToken) params.append("pageToken", options.pageToken);
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o?${params.toString()}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to list files: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  return {
+    files: result.items || [],
+    nextPageToken: result.nextPageToken
+  };
+}
+async function fileExists(path) {
+  try {
+    await getFileMetadata(path);
+    return true;
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("404")) {
+      return false;
+    }
+    throw error;
+  }
+}
+
+// src/storage/signed-urls.ts
+function getExpirationTimestamp(expires) {
+  if (expires instanceof Date) {
+    return Math.floor(expires.getTime() / 1e3);
+  }
+  return Math.floor(Date.now() / 1e3) + expires;
+}
+function actionToMethod(action) {
+  switch (action) {
+    case "read":
+      return "GET";
+    case "write":
+      return "PUT";
+    case "delete":
+      return "DELETE";
+  }
+}
+function stringToHex(str) {
+  const encoder = new TextEncoder();
+  const bytes = encoder.encode(str);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function signData(data, privateKey) {
+  const pemHeader = "-----BEGIN PRIVATE KEY-----";
+  const pemFooter = "-----END PRIVATE KEY-----";
+  const pemContents = privateKey.replace(pemHeader, "").replace(pemFooter, "").replace(/\s/g, "");
+  const binaryString = atob(pemContents);
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  const key = await crypto.subtle.importKey(
+    "pkcs8",
+    bytes,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256"
+    },
+    false,
+    ["sign"]
+  );
+  const encoder = new TextEncoder();
+  const dataBytes = encoder.encode(data);
+  const signature = await crypto.subtle.sign(
+    "RSASSA-PKCS1-v1_5",
+    key,
+    dataBytes
+  );
+  const signatureArray = new Uint8Array(signature);
+  return Array.from(signatureArray).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function generateSignedUrl(path, options) {
+  const serviceAccount = getServiceAccount();
+  const projectId = getProjectId();
+  const bucket = `${projectId}.appspot.com`;
+  const method = actionToMethod(options.action);
+  const expiration = getExpirationTimestamp(options.expires);
+  const timestamp = Math.floor(Date.now() / 1e3);
+  const datestamp = new Date(timestamp * 1e3).toISOString().split("T")[0].replace(/-/g, "");
+  const credentialScope = `${datestamp}/auto/storage/goog4_request`;
+  const credential = `${serviceAccount.client_email}/${credentialScope}`;
+  const canonicalHeaders = `host:storage.googleapis.com
+`;
+  const signedHeaders = "host";
+  const queryParams = {
+    "X-Goog-Algorithm": "GOOG4-RSA-SHA256",
+    "X-Goog-Credential": credential,
+    "X-Goog-Date": `${datestamp}T000000Z`,
+    "X-Goog-Expires": (expiration - timestamp).toString(),
+    "X-Goog-SignedHeaders": signedHeaders
+  };
+  if (options.contentType) {
+    queryParams["response-content-type"] = options.contentType;
+  }
+  if (options.responseDisposition) {
+    queryParams["response-content-disposition"] = options.responseDisposition;
+  }
+  if (options.responseType) {
+    queryParams["response-content-type"] = options.responseType;
+  }
+  const sortedParams = Object.keys(queryParams).sort();
+  const canonicalQueryString = sortedParams.map((key) => `${encodeURIComponent(key)}=${encodeURIComponent(queryParams[key])}`).join("&");
+  const canonicalUri = `/${bucket}/${path}`;
+  const canonicalRequest = [
+    method,
+    canonicalUri,
+    canonicalQueryString,
+    canonicalHeaders,
+    signedHeaders,
+    "UNSIGNED-PAYLOAD"
+  ].join("\n");
+  const canonicalRequestHash = stringToHex(canonicalRequest);
+  const stringToSign = [
+    "GOOG4-RSA-SHA256",
+    `${datestamp}T000000Z`,
+    credentialScope,
+    canonicalRequestHash
+  ].join("\n");
+  const signature = await signData(stringToSign, serviceAccount.private_key);
+  const signedUrl = `https://storage.googleapis.com${canonicalUri}?${canonicalQueryString}&X-Goog-Signature=${signature}`;
+  return signedUrl;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   FieldValue,
@@ -989,16 +1315,23 @@ async function batchWrite(operations) {
   clearConfig,
   clearTokenCache,
   deleteDocument,
+  deleteFile,
+  downloadFile,
+  fileExists,
+  generateSignedUrl,
   getAdminAccessToken,
   getAuth,
   getConfig,
   getDocument,
+  getFileMetadata,
   getProjectId,
   getServiceAccount,
   getUserFromToken,
   initializeApp,
+  listFiles,
   queryDocuments,
   setDocument,
   updateDocument,
+  uploadFile,
   verifyIdToken
 });

package/dist/index.mjs

@@ -636,6 +636,26 @@ function clearTokenCache() {
   tokenExpiry = 0;
 }
 
+// src/firestore/path-validation.ts
+function validateCollectionPath(argumentName, collectionPath) {
+  const segments = collectionPath.split("/").filter((s) => s.length > 0);
+  if (segments.length % 2 === 0) {
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a collection, but was "${collectionPath}". Your path does not contain an odd number of components.`
+    );
+  }
+}
+function validateDocumentPath(argumentName, collectionPath, documentId) {
+  const collectionSegments = collectionPath.split("/").filter((s) => s.length > 0);
+  const totalSegments = collectionSegments.length + 1;
+  if (totalSegments % 2 !== 0) {
+    const fullPath = `${collectionPath}/${documentId}`;
+    throw new Error(
+      `Value for argument "${argumentName}" must point to a document, but was "${fullPath}". Your path does not contain an even number of components.`
+    );
+  }
+}
+
 // src/firestore/operations.ts
 var FIRESTORE_API = "https://firestore.googleapis.com/v1";
 async function commitWrites(writes) {
@@ -656,6 +676,7 @@ async function commitWrites(writes) {
   }
 }
 async function setDocument(collectionPath, documentId, data, options) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -705,6 +726,7 @@ async function setDocument(collectionPath, documentId, data, options) {
   }
 }
 async function addDocument(collectionPath, data, documentId) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const baseUrl = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}`;
@@ -736,6 +758,7 @@ async function addDocument(collectionPath, data, documentId) {
   };
 }
 async function getDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -755,6 +778,7 @@ async function getDocument(collectionPath, documentId) {
   return convertFromFirestoreFormat(result.fields);
 }
 async function updateDocument(collectionPath, documentId, data) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const projectId = getProjectId();
   const documentPath = `projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
   const cleanData = removeFieldTransforms(data);
@@ -807,6 +831,7 @@ async function updateDocument(collectionPath, documentId, data) {
   }
 }
 async function deleteDocument(collectionPath, documentId) {
+  validateDocumentPath("collectionPath", collectionPath, documentId);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   const url = `${FIRESTORE_API}/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;
@@ -822,6 +847,7 @@ async function deleteDocument(collectionPath, documentId) {
   }
 }
 async function queryDocuments(collectionPath, options) {
+  validateCollectionPath("collectionPath", collectionPath);
   const accessToken = await getAdminAccessToken();
   const projectId = getProjectId();
   if (!options || Object.keys(options).length === 0) {
@@ -938,6 +964,299 @@ async function batchWrite(operations) {
   }
   return await response.json();
 }
+
+// src/storage/client.ts
+var STORAGE_API_BASE = "https://storage.googleapis.com/storage/v1";
+var UPLOAD_API_BASE = "https://storage.googleapis.com/upload/storage/v1";
+function getDefaultBucket() {
+  const projectId = getProjectId();
+  return `${projectId}.appspot.com`;
+}
+function detectContentType(filename) {
+  const ext = filename.split(".").pop()?.toLowerCase();
+  const mimeTypes = {
+    "txt": "text/plain",
+    "html": "text/html",
+    "htm": "text/html",
+    "css": "text/css",
+    "js": "application/javascript",
+    "json": "application/json",
+    "xml": "application/xml",
+    "jpg": "image/jpeg",
+    "jpeg": "image/jpeg",
+    "png": "image/png",
+    "gif": "image/gif",
+    "svg": "image/svg+xml",
+    "webp": "image/webp",
+    "pdf": "application/pdf",
+    "zip": "application/zip",
+    "mp4": "video/mp4",
+    "mp3": "audio/mpeg",
+    "wav": "audio/wav"
+  };
+  return mimeTypes[ext || ""] || "application/octet-stream";
+}
+async function uploadFile(path, data, options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const contentType = options.contentType || detectContentType(path);
+  const url = `${UPLOAD_API_BASE}/b/${encodeURIComponent(bucket)}/o?uploadType=media&name=${encodeURIComponent(path)}`;
+  let body;
+  if (data instanceof Blob) {
+    body = await data.arrayBuffer();
+  } else if (data instanceof Uint8Array) {
+    const buffer = new ArrayBuffer(data.byteLength);
+    new Uint8Array(buffer).set(data);
+    body = buffer;
+  } else {
+    body = data;
+  }
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": contentType,
+      "Content-Length": body.byteLength.toString()
+    },
+    body
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to upload file: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  if (options.public) {
+    await makeFilePublic(path);
+  }
+  if (options.metadata) {
+    return await updateFileMetadata(path, options.metadata);
+  }
+  return result;
+}
+async function downloadFile(path, _options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}?alt=media`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to download file: ${response.status} ${errorText}`);
+  }
+  return await response.arrayBuffer();
+}
+async function deleteFile(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "DELETE",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to delete file: ${response.status} ${errorText}`);
+  }
+}
+async function getFileMetadata(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to get file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function updateFileMetadata(path, metadata) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}`;
+  const response = await fetch(url, {
+    method: "PATCH",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ metadata })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to update file metadata: ${response.status} ${errorText}`);
+  }
+  return await response.json();
+}
+async function makeFilePublic(path) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o/${encodeURIComponent(path)}/acl`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Authorization": `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      entity: "allUsers",
+      role: "READER"
+    })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to make file public: ${response.status} ${errorText}`);
+  }
+}
+async function listFiles(options = {}) {
+  const token = await getAdminAccessToken();
+  const bucket = getDefaultBucket();
+  const params = new URLSearchParams();
+  if (options.prefix) params.append("prefix", options.prefix);
+  if (options.delimiter) params.append("delimiter", options.delimiter);
+  if (options.maxResults) params.append("maxResults", options.maxResults.toString());
+  if (options.pageToken) params.append("pageToken", options.pageToken);
+  const url = `${STORAGE_API_BASE}/b/${encodeURIComponent(bucket)}/o?${params.toString()}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to list files: ${response.status} ${errorText}`);
+  }
+  const result = await response.json();
+  return {
+    files: result.items || [],
+    nextPageToken: result.nextPageToken
+  };
+}
+async function fileExists(path) {
+  try {
+    await getFileMetadata(path);
+    return true;
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("404")) {
+      return false;
+    }
+    throw error;
+  }
+}
+
+// src/storage/signed-urls.ts
+function getExpirationTimestamp(expires) {
+  if (expires instanceof Date) {
+    return Math.floor(expires.getTime() / 1e3);
+  }
+  return Math.floor(Date.now() / 1e3) + expires;
+}
+function actionToMethod(action) {
+  switch (action) {
+    case "read":
+      return "GET";
+    case "write":
+      return "PUT";
+    case "delete":
+      return "DELETE";
+  }
+}
+function stringToHex(str) {
+  const encoder = new TextEncoder();
+  const bytes = encoder.encode(str);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function signData(data, privateKey) {
+  const pemHeader = "-----BEGIN PRIVATE KEY-----";
+  const pemFooter = "-----END PRIVATE KEY-----";
+  const pemContents = privateKey.replace(pemHeader, "").replace(pemFooter, "").replace(/\s/g, "");
+  const binaryString = atob(pemContents);
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  const key = await crypto.subtle.importKey(
+    "pkcs8",
+    bytes,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256"
+    },
+    false,
+    ["sign"]
+  );
+  const encoder = new TextEncoder();
+  const dataBytes = encoder.encode(data);
+  const signature = await crypto.subtle.sign(
+    "RSASSA-PKCS1-v1_5",
+    key,
+    dataBytes
+  );
+  const signatureArray = new Uint8Array(signature);
+  return Array.from(signatureArray).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function generateSignedUrl(path, options) {
+  const serviceAccount = getServiceAccount();
+  const projectId = getProjectId();
+  const bucket = `${projectId}.appspot.com`;
+  const method = actionToMethod(options.action);
+  const expiration = getExpirationTimestamp(options.expires);
+  const timestamp = Math.floor(Date.now() / 1e3);
+  const datestamp = new Date(timestamp * 1e3).toISOString().split("T")[0].replace(/-/g, "");
+  const credentialScope = `${datestamp}/auto/storage/goog4_request`;
+  const credential = `${serviceAccount.client_email}/${credentialScope}`;
+  const canonicalHeaders = `host:storage.googleapis.com
+`;
+  const signedHeaders = "host";
+  const queryParams = {
+    "X-Goog-Algorithm": "GOOG4-RSA-SHA256",
+    "X-Goog-Credential": credential,
+    "X-Goog-Date": `${datestamp}T000000Z`,
+    "X-Goog-Expires": (expiration - timestamp).toString(),
+    "X-Goog-SignedHeaders": signedHeaders
+  };
+  if (options.contentType) {
+    queryParams["response-content-type"] = options.contentType;
+  }
+  if (options.responseDisposition) {
+    queryParams["response-content-disposition"] = options.responseDisposition;
+  }
+  if (options.responseType) {
+    queryParams["response-content-type"] = options.responseType;
+  }
+  const sortedParams = Object.keys(queryParams).sort();
+  const canonicalQueryString = sortedParams.map((key) => `${encodeURIComponent(key)}=${encodeURIComponent(queryParams[key])}`).join("&");
+  const canonicalUri = `/${bucket}/${path}`;
+  const canonicalRequest = [
+    method,
+    canonicalUri,
+    canonicalQueryString,
+    canonicalHeaders,
+    signedHeaders,
+    "UNSIGNED-PAYLOAD"
+  ].join("\n");
+  const canonicalRequestHash = stringToHex(canonicalRequest);
+  const stringToSign = [
+    "GOOG4-RSA-SHA256",
+    `${datestamp}T000000Z`,
+    credentialScope,
+    canonicalRequestHash
+  ].join("\n");
+  const signature = await signData(stringToSign, serviceAccount.private_key);
+  const signedUrl = `https://storage.googleapis.com${canonicalUri}?${canonicalQueryString}&X-Goog-Signature=${signature}`;
+  return signedUrl;
+}
 export {
   FieldValue,
   addDocument,
@@ -945,16 +1264,23 @@ export {
   clearConfig,
   clearTokenCache,
   deleteDocument,
+  deleteFile,
+  downloadFile,
+  fileExists,
+  generateSignedUrl,
   getAdminAccessToken,
   getAuth,
   getConfig,
   getDocument,
+  getFileMetadata,
   getProjectId,
   getServiceAccount,
   getUserFromToken,
   initializeApp,
+  listFiles,
   queryDocuments,
   setDocument,
   updateDocument,
+  uploadFile,
   verifyIdToken
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prmichaelsen/firebase-admin-sdk-v8",
-  "version": "2.0.21",
+  "version": "2.0.22",
   "description": "Firebase Admin SDK for Cloudflare Workers and edge runtimes using REST APIs",
   "main": "dist/index.js",
   "module": "dist/index.mjs",