@rebasepro/client-firebase 0.2.1 → 0.2.4

package/dist/utils/algolia.d.ts

@@ -6,4 +6,10 @@
  * @param query
  * @group Firebase
  */
-export declare function performAlgoliaTextSearch(client: any, indexName: string, query: string): Promise<readonly string[]>;
+export declare function performAlgoliaTextSearch(client: {
+    searchSingleIndex: (params: Record<string, unknown>) => Promise<{
+        hits: Array<{
+            objectID: string;
+        }>;
+    }>;
+}, indexName: string, query: string): Promise<readonly string[]>;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@rebasepro/client-firebase",
   "type": "module",
-  "version": "0.2.1",
+  "version": "0.2.4",
   "publishConfig": {
     "access": "public"
   },
@@ -14,12 +14,12 @@
     "fast-equals": "6.0.0",
     "fuse.js": "^7.3.0",
     "react-router-dom": "^7.15.1",
-    "@rebasepro/admin": "0.2.1",
-    "@rebasepro/core": "0.2.1",
-    "@rebasepro/common": "0.2.1",
-    "@rebasepro/types": "0.2.1",
-    "@rebasepro/ui": "0.2.1",
-    "@rebasepro/utils": "0.2.1"
+    "@rebasepro/admin": "0.2.4",
+    "@rebasepro/common": "0.2.4",
+    "@rebasepro/core": "0.2.4",
+    "@rebasepro/types": "0.2.4",
+    "@rebasepro/ui": "0.2.4",
+    "@rebasepro/utils": "0.2.4"
   },
   "peerDependencies": {
     "firebase": "^10.12.2 || ^11.0.0 || ^12.0.0",
@@ -55,8 +55,8 @@
     "@vitejs/plugin-react": "^4.7.0",
     "babel-plugin-react-compiler": "19.0.0-beta-ebf51a3-20250411",
     "firebase": "^12.13.0",
-    "typesense": "^2.1.0",
     "typescript": "^5.9.3",
+    "typesense": "^2.1.0",
     "vite": "^7.3.3"
   },
   "files": [
@@ -64,6 +64,11 @@
     "src"
   ],
   "gitHead": "d935eefa5aa8d1009a2398cfac2c1e4ee9aeb6b6",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/rebasepro/rebase.git",
+    "directory": "packages/client-firebase"
+  },
   "scripts": {
     "dev": "vite",
     "build": "vite build && tsc --emitDeclarationOnly -p tsconfig.prod.json",

package/src/components/FirebaseLoginView.tsx

@@ -261,7 +261,7 @@ export function FirebaseLoginView({
         } else if (notAllowedError instanceof Error) {
             notAllowedMessage = notAllowedError.message;
         } else {
-            notAllowedMessage = "It looks like you don't have access to the CMS, based on the specified Authenticator configuration";
+            notAllowedMessage = "It looks like you don't have access to the CMS, based on the specified access gate configuration";
         }
     }
 

package/src/components/RebaseFirebaseApp.tsx

@@ -10,7 +10,6 @@ import {
     useBuildModeController,
     useBuildAdminModeController,
     AdminModeControllerProvider,
-    useValidateAuthenticator,
     RebaseRoutes
 } from "@rebasepro/core";
 import {
@@ -27,7 +26,7 @@ import {
     SideEntityProvider,
     RebaseRoute
 } from "@rebasepro/admin";
-import { Entity, PropertyConfig, UserManagementDelegate } from "@rebasepro/types";
+import { Entity, PropertyConfig, RebaseContext, UserManagementDelegate } from "@rebasepro/types";
 import { CenteredView, CircularProgressCenter } from "@rebasepro/ui";
 import { buildRebaseData } from "@rebasepro/common";
 import { Route, Outlet, Navigate } from "react-router-dom";
@@ -40,7 +39,8 @@ import {
     useFirebaseStorageSource,
     useFirestoreDriver,
     useInitialiseFirebase,
-    useBuildUserManagement
+    useBuildUserManagement,
+    useFirebaseAccessGate
 } from "../hooks";
 
 import { FirebaseAuthController } from "../types";
@@ -70,7 +70,7 @@ export function RebaseFirebaseApp({
     name,
     logo,
     logoDark,
-    authenticator,
+    accessGate,
     collections,
     views,
     adminViews,
@@ -158,15 +158,15 @@ export function RebaseFirebaseApp({
     });
 
     /**
-     * Validate authenticator
+     * Validate access gate
      */
     const {
         authLoading,
         canAccessMainView,
         notAllowedError
-    } = useValidateAuthenticator({
+    } = useFirebaseAccessGate({
         authController,
-        authenticator,
+        accessGate,
         data: buildRebaseData(firestoreDelegate),
         storageSource
     });
@@ -234,7 +234,7 @@ export function RebaseFirebaseApp({
                         {({
                             context,
                             loading
-                        }: { context: any, loading: boolean }) => {
+                        }: { context: RebaseContext, loading: boolean }) => {
 
                             let component;
                             if (loading || authLoading) {
@@ -250,7 +250,7 @@ export function RebaseFirebaseApp({
                                             signInOptions={signInOptions ?? DEFAULT_SIGN_IN_OPTIONS}
                                             firebaseApp={firebaseApp}
                                             authController={authController}
-                                            notAllowedError={notAllowedError}/>
+                                            notAllowedError={notAllowedError instanceof Error ? notAllowedError : typeof notAllowedError === "string" ? notAllowedError : undefined}/>
                                     );
                                 } else {
                                     const firstCollectionEntry = navigationStateController.topLevelNavigation?.navigationEntries.find(e => e.type === "collection");

package/src/components/RebaseFirebaseAppProps.tsx

@@ -1,6 +1,7 @@
 import React from "react";
 
-import { Authenticator, AnalyticsEvent, AppView, AppViewsBuilder, EntityCollection, EntityCollectionsBuilder, RebasePlugin, Locale, PropertyConfig } from "@rebasepro/types";
+import { AnalyticsEvent, AppView, AppViewsBuilder, EntityCollection, EntityCollectionsBuilder, RebasePlugin, Locale, PropertyConfig } from "@rebasepro/types";
+import { FirebaseAccessGate } from "../hooks/useFirebaseAccessGate";
 import { UserManagementDelegate } from "@rebasepro/types";
 import { FirebaseApp } from "@firebase/app";
 import { FirebaseLoginViewProps } from "./FirebaseLoginView";
@@ -64,12 +65,12 @@ export type RebaseFirebaseAppProps = {
 
     /**
      * Do the users need to log in to access the CMS.
-     * You can specify an Authenticator function to discriminate which users can
-     * access the CMS or not.
+     * You can specify a {@link FirebaseAccessGate} function to discriminate
+     * which users can access the CMS or not.
      * If not specified, authentication is enabled but no user restrictions
      * apply
      */
-    authenticator?: boolean | Authenticator<FirebaseUserWrapper>;
+    accessGate?: boolean | FirebaseAccessGate<FirebaseUserWrapper>;
 
     /**
      * List of sign in options that will be displayed in the login

package/src/hooks/index.ts

@@ -6,3 +6,4 @@ export * from "./useFirestoreDriver";
 export * from "./useFirebaseRealTimeDBDelegate";
 export * from "./useRecaptcha";
 export * from "./useBuildUserManagement";
+export * from "./useFirebaseAccessGate";

package/src/hooks/useAppCheck.ts

@@ -15,7 +15,7 @@ export interface InitializeAppCheckProps {
 export interface InitializeAppCheckResult {
     loading: boolean;
     appCheckVerified?: boolean;
-    error?: any;
+    error?: unknown;
 }
 
 /**
@@ -35,7 +35,7 @@ export function useAppCheck({
 
     const [appCheckLoading, setAppCheckLoading] = React.useState<boolean>(false);
     const [appCheckVerified, setAppCheckVerified] = React.useState<boolean | undefined>(undefined);
-    const [error, setError] = React.useState<any>();
+    const [error, setError] = React.useState<unknown>();
 
     const initialCheck = useRef<boolean>(false);
 
@@ -51,9 +51,9 @@ export function useAppCheck({
                 setAppCheckVerified(true);
                 console.debug("App Check success.");
             }
-        } catch (e: any) {
+        } catch (e: unknown) {
             console.error("App Check error:", e);
-            setError(e.message);
+            setError(e instanceof Error ? e.message : String(e));
         }
     }, [options?.forceRefresh]);
 

package/src/hooks/useBuildUserManagement.tsx

@@ -4,17 +4,17 @@ import { deepEqual as equal } from "fast-equals";
 import { removeUndefined } from "@rebasepro/utils";
 import {
     AuthController,
-    Authenticator,
     DataDriver,
     Entity,
     Role,
     User,
     UserManagementDelegate
 } from "@rebasepro/types";
+import { FirebaseAccessGate } from "./useFirebaseAccessGate";
 
-type UserWithRoleIds<USER extends User = any> = Omit<USER, "roles"> & { roles: string[] };
+type UserWithRoleIds<USER extends User = User> = Omit<USER, "roles"> & { roles: string[] };
 
-export interface UserManagementDelegateParams<CONTROLLER extends AuthController<any> = AuthController<any>> {
+export interface UserManagementDelegateParams<CONTROLLER extends AuthController<User> = AuthController<User>> {
 
     authController: CONTROLLER;
 
@@ -49,11 +49,6 @@ export interface UserManagementDelegateParams<CONTROLLER extends AuthController<
      */
     allowDefaultRolesCreation?: boolean;
 
-    /**
-     * Include the collection config permissions in the user management system.
-     */
-    includeCollectionConfigPermissions?: boolean;
-
 }
 
 /**
@@ -65,18 +60,16 @@ export interface UserManagementDelegateParams<CONTROLLER extends AuthController<
  * @param rolesPath
  * @param roles
  * @param allowDefaultRolesCreation
- * @param includeCollectionConfigPermissions
  */
-export function useBuildUserManagement<CONTROLLER extends AuthController<any> = AuthController<any>,
-    USER extends User = CONTROLLER extends AuthController<infer U> ? U : any>
+export function useBuildUserManagement<CONTROLLER extends AuthController<User> = AuthController<User>,
+    USER extends User = CONTROLLER extends AuthController<infer U> ? U : User>
 ({
      authController,
      dataSourceDelegate,
      roles: rolesProp,
      usersPath = "__FIRECMS/config/users",
      rolesPath = "__FIRECMS/config/roles",
-     allowDefaultRolesCreation,
-     includeCollectionConfigPermissions
+     allowDefaultRolesCreation
  }: UserManagementDelegateParams<CONTROLLER>): UserManagementDelegate<USER> & CONTROLLER {
 
     if (!authController) {
@@ -125,10 +118,10 @@ export function useBuildUserManagement<CONTROLLER extends AuthController<any> =
                 }
                 setRolesLoading(false);
             },
-            onError(e: any): void {
+            onError(e: unknown): void {
                 setRoles([]);
                 console.error("Error loading roles", e);
-                setRolesError(e);
+                setRolesError(e instanceof Error ? e : new Error(String(e)));
                 setRolesLoading(false);
             }
         });
@@ -151,7 +144,7 @@ export function useBuildUserManagement<CONTROLLER extends AuthController<any> =
                 console.debug("Updating users", entities);
                 setUsersError(undefined);
                 try {
-                    const newUsers = entitiesToUsers(entities);
+                    const newUsers = entitiesToUsers(entities) as UserWithRoleIds<USER>[];
                     // if (!equal(newUsers, usersWithRoleIds))
                     setUsersWithRoleIds(newUsers);
                 } catch (e) {
@@ -161,10 +154,10 @@ export function useBuildUserManagement<CONTROLLER extends AuthController<any> =
                 }
                 setUsersLoading(false);
             },
-            onError(e: any): void {
+            onError(e: unknown): void {
                 console.error("Error loading users", e);
                 setUsersWithRoleIds([]);
-                setUsersError(e);
+                setUsersError(e instanceof Error ? e : new Error(String(e)));
                 setUsersLoading(false);
             }
         });
@@ -268,7 +261,7 @@ export function useBuildUserManagement<CONTROLLER extends AuthController<any> =
         return roles.filter(r => mgmtUser.roles.includes(r.id));
     }, [roles, usersWithRoleIds]);
 
-    const authenticator: Authenticator<USER> = useCallback(({ user }) => {
+    const accessGate: FirebaseAccessGate<USER> = useCallback(({ user }) => {
 
         if (loading) {
             return false;
@@ -339,9 +332,8 @@ export function useBuildUserManagement<CONTROLLER extends AuthController<any> =
         usersError,
         isAdmin,
         allowDefaultRolesCreation: allowDefaultRolesCreation === undefined ? true : allowDefaultRolesCreation,
-        includeCollectionConfigPermissions: Boolean(includeCollectionConfigPermissions),
         defineRolesFor,
-        authenticator,
+        accessGate,
         ...authController,
         initialLoading: authController.initialLoading || loading,
         userRoles: userRoles,
@@ -358,8 +350,8 @@ const entitiesToUsers = (docs: Entity<Omit<UserWithRoleIds, "id">>[]): (UserWith
         const data = doc.values;
         const record = data as Record<string, unknown>;
         const newVar = {
-            uid: doc.id,
             ...data,
+            uid: doc.id,
             created_on: record.created_on as Date | undefined,
             updated_on: record.updated_on as Date | undefined
         };

package/src/hooks/useFirebaseAccessGate.tsx

@@ -0,0 +1,145 @@
+
+import { useCallback, useEffect, useRef, useState, useMemo } from "react";
+import { deepEqual as equal } from "fast-equals";
+
+import { AuthController, RebaseData, StorageSource, User } from "@rebasepro/types";
+
+/**
+ * Client-side gate that decides whether a Firebase-authenticated user
+ * is allowed to access the CMS UI.
+ *
+ * Return `true` to allow access or `false` / throw to deny.
+ * @group Firebase
+ */
+export type FirebaseAccessGate<USER extends User = User> = (props: {
+
+    /**
+     * Logged-in user or null
+     */
+    user: USER | null;
+
+    /**
+     * AuthController
+     */
+    authController: AuthController<USER>;
+
+    /**
+     * Unified data access API
+     */
+    data: RebaseData;
+
+    /**
+     * Used storage implementation
+     */
+    storageSource: StorageSource;
+
+}) => boolean | Promise<boolean>;
+
+/**
+ * Hook that evaluates a {@link FirebaseAccessGate} callback after
+ * the user logs in and gates access to the main CMS view.
+ *
+ * @group Firebase
+ */
+export function useFirebaseAccessGate<USER extends User = User>
+({
+     disabled,
+     authController,
+     accessGate,
+     storageSource,
+     data
+ }:
+ {
+     disabled?: boolean,
+     authController: AuthController<USER>,
+     accessGate?: boolean | FirebaseAccessGate<USER>,
+     data: RebaseData;
+     storageSource: StorageSource;
+ }): {
+    canAccessMainView: boolean,
+    authLoading: boolean,
+    notAllowedError: unknown,
+    authVerified: boolean,
+} {
+
+    const gateEnabled = Boolean(accessGate);
+
+    const [authLoading, setAuthLoading] = useState<boolean>(gateEnabled);
+    const [notAllowedError, setNotAllowedError] = useState<unknown>(false);
+    const [authVerified, setAuthVerified] = useState<boolean>(!gateEnabled || Boolean(authController.loginSkipped));
+
+    const canAccessMainView = (authVerified) &&
+        (!gateEnabled || Boolean(authController.user) || Boolean(authController.loginSkipped)) &&
+        !notAllowedError;
+
+    useEffect(() => {
+        if (authController.loginSkipped)
+            setAuthVerified(true);
+    }, [authController.loginSkipped]);
+
+    /**
+     * We use this ref to check the authentication only if the user has
+     * changed.
+     */
+    const checkedUserRef = useRef<User | undefined>(undefined);
+
+    const checkAccess = useCallback(async () => {
+
+        if (disabled) {
+            return;
+        }
+
+        if (authController.initialLoading) {
+            return;
+        }
+
+        if (!authController.user && !authController.loginSkipped) {
+            checkedUserRef.current = undefined;
+            setAuthLoading(false);
+            setAuthVerified(false);
+            return;
+        }
+
+        const delegateUser = authController.user;
+
+        if (accessGate instanceof Function && delegateUser && !equal(checkedUserRef.current?.uid, delegateUser.uid)) {
+            setAuthLoading(true);
+            try {
+                const allowed = await accessGate({
+                    user: delegateUser,
+                    authController,
+                    data,
+                    storageSource
+                });
+                if (!allowed) {
+                    authController.signOut();
+                    setNotAllowedError(true);
+                }
+            } catch (e) {
+                setNotAllowedError(e);
+                authController.signOut();
+            }
+            setAuthLoading(false);
+            setAuthVerified(true);
+            checkedUserRef.current = delegateUser;
+        } else {
+            setAuthLoading(false);
+        }
+
+        if (!authController.initialLoading && !delegateUser) {
+            setAuthVerified(true);
+        }
+
+    }, [disabled, authController, accessGate, data, storageSource]);
+
+    useEffect(() => {
+        checkAccess();
+    }, [checkAccess]);
+
+    return useMemo(() => ({
+        canAccessMainView,
+        authLoading: gateEnabled && authLoading,
+        notAllowedError,
+        authVerified
+    }), [canAccessMainView, gateEnabled, authLoading, notAllowedError, authVerified]);
+}

package/src/hooks/useFirebaseRealTimeDBDelegate.ts

@@ -15,7 +15,7 @@ import {
     startAt
 } from "@firebase/database";
 import { useCallback } from "react";
-import { DataDriver, DeleteEntityProps, Entity, FetchCollectionProps, FetchEntityProps, ListenCollectionProps, ListenEntityProps, SaveEntityProps } from "@rebasepro/types";
+import { DataDriver, DeleteEntityProps, Entity, EntityCollection, FetchCollectionProps, FetchEntityProps, FilterValues, ListenCollectionProps, ListenEntityProps, SaveEntityProps } from "@rebasepro/types";
 
 export function useFirebaseRTDBDelegate({ firebaseApp }: { firebaseApp?: FirebaseApp }): DataDriver {
 
@@ -167,14 +167,14 @@ export function useFirebaseRTDBDelegate({ firebaseApp }: { firebaseApp?: Firebas
     }, [firebaseApp]);
 
     // Implementing additional methods required by DataDriver
-    const checkUniqueField = useCallback(async (slug: string, name: string, value: any, entityId?: string | number): Promise<boolean> => {
+    const checkUniqueField = useCallback(async (slug: string, name: string, value: unknown, entityId?: string | number): Promise<boolean> => {
         if (!firebaseApp) {
             throw new Error("Firebase app not provided");
         }
         const database = getDatabase(firebaseApp);
 
         // Simplified example; the Realtime Database does not support querying with "not equal" conditions
-        const dbRef = query(ref(database, slug), orderByChild(name), startAt(value), limitToFirst(1));
+        const dbRef = query(ref(database, slug), orderByChild(name), startAt(value as string | number | boolean | null), limitToFirst(1));
         const snapshot = await get(dbRef);
 
         if (!snapshot.exists()) {
@@ -194,7 +194,11 @@ export function useFirebaseRTDBDelegate({ firebaseApp }: { firebaseApp?: Firebas
         path,
         filter,
         sortBy
-    }: any): boolean => {
+    }: {
+        path: string;
+        filter?: FilterValues<string>;
+        sortBy?: [string, "asc" | "desc"];
+    }): boolean => {
         return false;
     }, []);
 
@@ -217,7 +221,7 @@ export function useFirebaseRTDBDelegate({ firebaseApp }: { firebaseApp?: Firebas
  * Transform data from RTDB format back to CMS format
  * This is used internally when fetching/listening to data
  */
-function delegateToCMSModel(data: any): any {
+function delegateToCMSModel(data: unknown): unknown {
     if (data === null || data === undefined) return null;
 
     if (Array.isArray(data)) {
@@ -225,9 +229,9 @@ function delegateToCMSModel(data: any): any {
     }
 
     if (typeof data === "object") {
-        const result: Record<string, any> = {};
-        for (const key of Object.keys(data)) {
-            const childValue = delegateToCMSModel(data[key]);
+        const result: Record<string, unknown> = {};
+        for (const key of Object.keys(data as Record<string, unknown>)) {
+            const childValue = delegateToCMSModel((data as Record<string, unknown>)[key]);
             if (childValue !== undefined)
                 result[key] = childValue;
         }
@@ -241,20 +245,21 @@ function delegateToCMSModel(data: any): any {
  * Transform data from CMS format to RTDB format
  * This is used internally when saving data
  */
-function cmsToRTDBModel(data: any, database: Database): any {
+function cmsToRTDBModel(data: unknown, database: Database): unknown {
     if (data === undefined) {
         return null;
     } else if (data === null) {
         return null;
     } else if (Array.isArray(data)) {
         return data.filter(v => v !== undefined).map(v => cmsToRTDBModel(v, database));
-    } else if (data.isEntityReference && data.isEntityReference()) {
-        return ref(database, `${data.slug}/${data.id}`);
+    } else if (typeof data === "object" && data !== null && "isEntityReference" in data && typeof (data as Record<string, unknown>).isEntityReference === "function" && (data as { isEntityReference: () => boolean }).isEntityReference()) {
+        const entityRef = data as unknown as { slug: string; id: string };
+        return ref(database, `${entityRef.slug}/${entityRef.id}`);
     } else if (data instanceof Date) {
         // For dates, convert to ISO string or timestamp.
         return data.toISOString();
     } else if (data && typeof data === "object") {
-        return Object.entries(data)
+        return Object.entries(data as Record<string, unknown>)
             .map(([key, v]) => {
                 const rtdbModel = cmsToRTDBModel(v, database);
                 if (rtdbModel !== undefined)

package/src/hooks/useFirebaseStorageSource.ts

@@ -132,8 +132,8 @@ export function useFirebaseStorageSource({
                 const response = await fetch(url);
                 const blob = await response.blob();
                 return new File([blob], path);
-            } catch (e: any) {
-                if (e?.code === "storage/object-not-found") return null;
+            } catch (e: unknown) {
+                if (typeof e === "object" && e !== null && "code" in e && (e as { code: string }).code === "storage/object-not-found") return null;
                 throw e;
             }
         },
@@ -170,8 +170,8 @@ export function useFirebaseStorageSource({
                 }
                 urlsCache[storagePathOrUrl] = result;
                 return result;
-            } catch (e: any) {
-                if (e?.code === "storage/object-not-found") return {
+            } catch (e: unknown) {
+                if (typeof e === "object" && e !== null && "code" in e && (e as { code: string }).code === "storage/object-not-found") return {
                     url: null,
                     fileNotFound: true
                 };