npm - @tern-secure/backend - Versions diffs - 1.2.0-canary.v20251202162458 → 1.2.0-canary.v20251202172616 - Mend

@tern-secure/backend 1.2.0-canary.v20251202162458 → 1.2.0-canary.v20251202172616

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/app-check/package.json +5 -0
package/dist/admin/index.mjs +31 -7
package/dist/admin/index.mjs.map +1 -1
package/dist/app-check/index.js +4 -36
package/dist/app-check/index.js.map +1 -1
package/dist/app-check/index.mjs +2 -2
package/dist/app-check/serverAppCheck.d.ts.map +1 -1
package/dist/auth/index.js +3 -65
package/dist/auth/index.js.map +1 -1
package/dist/auth/index.mjs +2 -2
package/dist/{chunk-3OGMNIOJ.mjs → chunk-4NYVEI6S.mjs} +2 -34
package/dist/chunk-4NYVEI6S.mjs.map +1 -0
package/dist/{chunk-AW5OXT7N.mjs → chunk-PYNFU7M3.mjs} +2 -2
package/dist/{chunk-IEJQ7F4A.mjs → chunk-ZGZR5TER.mjs} +7 -6
package/dist/chunk-ZGZR5TER.mjs.map +1 -0
package/dist/index.js +3 -65
package/dist/index.js.map +1 -1
package/dist/index.mjs +3 -3
package/package.json +5 -3
package/dist/chunk-3OGMNIOJ.mjs.map +0 -1
package/dist/chunk-IEJQ7F4A.mjs.map +0 -1
/package/dist/{chunk-AW5OXT7N.mjs.map → chunk-PYNFU7M3.mjs.map} +0 -0

package/dist/{chunk-IEJQ7F4A.mjs → chunk-ZGZR5TER.mjs} RENAMED Viewed

@@ -12,9 +12,9 @@ import {
   ONE_MINUTE_IN_MILLIS,
   ONE_MINUTE_IN_SECONDS,
   TOKEN_EXPIRY_THRESHOLD_MILLIS,
-  appCheckAdmin,
+  initializeAdminConfig,
   loadAdminConfig
-} from "./chunk-3OGMNIOJ.mjs";
+} from "./chunk-4NYVEI6S.mjs";
 import {
   IAMSigner,
   ServiceAccountSigner,
@@ -542,10 +542,9 @@ var ServerAppCheckManager = class _ServerAppCheckManager {
         url: config.url,
         token: config.token
       });
-      console.info("[AppCheck] Redis client initialized for token caching");
     } catch (error) {
       console.error("[AppCheck] Failed to initialize Redis client:", error);
-      throw new Error('[AppCheck] Redis initialization failed. Install "@upstash/redis" package.');
+      throw new Error("[AppCheck] Redis initialization failed.");
     }
   };
   static getInstance(options) {
@@ -635,7 +634,9 @@ var ServerAppCheckManager = class _ServerAppCheckManager {
   generateAndCacheToken = async (appId) => {
     try {
       const now = Date.now();
-      const appCheckToken = await appCheckAdmin.createToken(appId, {
+      const config = initializeAdminConfig();
+      const appCheck = getAppCheck(config);
+      const appCheckToken = await appCheck.createToken(config.projectId, appId, {
         ttlMillis: this.options.ttlMillis
       });
       const expiresAt = now + this.options.ttlMillis;
@@ -775,4 +776,4 @@ export {
   getAuth,
   ServiceAccountManager
 };
-//# sourceMappingURL=chunk-IEJQ7F4A.mjs.map
+//# sourceMappingURL=chunk-ZGZR5TER.mjs.map

package/dist/chunk-ZGZR5TER.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/tokens/keys.ts","../src/tokens/verify.ts","../src/auth/getauth.ts","../src/auth/credential.ts","../src/utils/token-generator.ts","../src/app-check/AppCheckApi.ts","../src/app-check/generator.ts","../src/app-check/serverAppCheck.ts","../src/app-check/verifier.ts","../src/app-check/index.ts"],"sourcesContent":["import { type RemoteJWKSetOptions } from 'jose';\n\nimport {\n CACHE_CONTROL_REGEX,\n DEFAULT_CACHE_DURATION,\n GOOGLE_PUBLIC_KEYS_URL,\n MAX_CACHE_LAST_UPDATED_AT_SECONDS\n} from '../constants';\nimport { TokenVerificationError, TokenVerificationErrorReason } from '../utils/errors';\n\nexport type PublicKeys = { [key: string]: string };\n\ninterface PublicKeysResponse {\n keys: PublicKeys;\n expiresAt: number;\n}\n\nexport type LoadJWKFromRemoteOptions = RemoteJWKSetOptions & {\n kid: string;\n keyURL?: string;\n skipJwksCache?: boolean;\n};\n\ntype CertificateCache = Record<string, string>;\n\nlet cache: CertificateCache = {};\nlet lastUpdatedAt = 0;\nlet googleExpiresAt = 0;\n\nfunction getFromCache(kid: string) {\n return cache[kid];\n}\n\nfunction getCacheValues() {\n return Object.values(cache);\n}\n\nfunction setInCache(kid: string, certificate: string, shouldExpire = true) {\n cache[kid] = certificate;\n lastUpdatedAt = shouldExpire ? Date.now() : -1;\n}\n\nasync function fetchPublicKeys(keyUrl: string): Promise<PublicKeysResponse> {\n const url = new URL(keyUrl);\n const response = await fetch(url);\n if (!response.ok) {\n throw new TokenVerificationError({\n message: `Error loading public keys from ${url.href} with code=${response.status} `,\n reason: TokenVerificationErrorReason.TokenInvalid,\n });\n }\n\n const data = await response.json();\n const expiresAt = getExpiresAt(response);\n\n return {\n keys: data,\n expiresAt,\n };\n}\n\nexport async function loadJWKFromRemote({\n keyURL,\n skipJwksCache,\n kid,\n}: LoadJWKFromRemoteOptions): Promise<string> {\n const finalKeyURL = keyURL || GOOGLE_PUBLIC_KEYS_URL;\n if (skipJwksCache || isCacheExpired() || !getFromCache(kid)) {\n const { keys, expiresAt } = await fetchPublicKeys(finalKeyURL);\n\n if (!keys || Object.keys(keys).length === 0) {\n throw new TokenVerificationError({\n message: `The JWKS endpoint ${finalKeyURL} returned no keys`,\n reason: TokenVerificationErrorReason.RemoteJWKFailedToLoad,\n });\n }\n googleExpiresAt = expiresAt;\n\n Object.entries(keys).forEach(([keyId, cert]) => {\n setInCache(keyId, cert);\n });\n }\n const cert = getFromCache(kid);\n if (!cert) {\n getCacheValues();\n const availableKids = Object.keys(cache).sort().join(', ');\n\n throw new TokenVerificationError({\n message: `No public key found for kid \"${kid}\". Available kids: [${availableKids}]`,\n reason: TokenVerificationErrorReason.TokenInvalid,\n });\n }\n return cert;\n}\n\nfunction isCacheExpired() {\n const now = Date.now();\n if (lastUpdatedAt === -1) {\n return false;\n }\n\n const cacheAge = now - lastUpdatedAt;\n const maxCacheAge = MAX_CACHE_LAST_UPDATED_AT_SECONDS * 1000;\n const localCacheExpired = cacheAge >= maxCacheAge;\n const googleCacheExpired = now >= googleExpiresAt;\n\n const isExpired = localCacheExpired || googleCacheExpired;\n\n if (isExpired) {\n cache = {};\n }\n\n return isExpired;\n}\n\nfunction getExpiresAt(res: Response) {\n const cacheControlHeader = res.headers.get('cache-control');\n if (!cacheControlHeader) {\n return Date.now() + DEFAULT_CACHE_DURATION;\n }\n const maxAgeMatch = cacheControlHeader.match(CACHE_CONTROL_REGEX);\n const maxAge = maxAgeMatch ? parseInt(maxAgeMatch[1], 10) : DEFAULT_CACHE_DURATION / 1000;\n\n return Date.now() + maxAge * 1000;\n}\n\nexport const getCacheStats = () => ({\n localExpiry: lastUpdatedAt + MAX_CACHE_LAST_UPDATED_AT_SECONDS * 1000,\n googleExpiry: googleExpiresAt,\n cacheCount: Object.keys(cache).length,\n});\n","import type { DecodedIdToken, TernSecureAdminConfig, TernSecureConfig, TernSecureUserData} from '@tern-secure/types';\n\nimport type { JwtReturnType } from '../jwt/types';\nimport { ternDecodeJwt, verifyJwt, type VerifyJwtOptions } from '../jwt/verifyJwt';\nimport { TokenVerificationError, TokenVerificationErrorReason } from '../utils/errors';\nimport type { LoadJWKFromRemoteOptions } from './keys';\nimport { loadJWKFromRemote } from './keys';\n\nexport type VerifyTokenVOptions = Omit<VerifyJwtOptions, 'key'> & Omit<LoadJWKFromRemoteOptions, 'kid'> & {\n jwtKey?: string;\n};\n\nexport { TernSecureConfig, TernSecureAdminConfig, TernSecureUserData };\n\nexport async function verifyToken(\n token: string,\n options: VerifyTokenVOptions,\n): Promise<JwtReturnType<DecodedIdToken, TokenVerificationError>> {\n const { data: decodedResult, errors } = ternDecodeJwt(token);\n\n if (errors) {\n return { errors };\n }\n\n const { header } = decodedResult;\n const { kid } = header;\n\n if (!kid) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalid,\n message: 'JWT \"kid\" header is missing.',\n }),\n ],\n };\n }\n\n try {\n const key = options.jwtKey || (await loadJWKFromRemote({ ...options, kid }));\n\n if (!key) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalid,\n message: `No public key found for kid \"${kid}\".`,\n }),\n ],\n };\n }\n return await verifyJwt(token, { ...options, key });\n } catch (error) {\n if (error instanceof TokenVerificationError) {\n return { errors: [error] };\n }\n return {\n errors: [error as TokenVerificationError],\n };\n }\n}\n","import { getAppCheck } from '../app-check';\nimport { createCustomToken } from '../jwt/customJwt';\nimport type { AuthenticateRequestOptions, TernSecureUserData } from '../tokens/types';\nimport { verifyToken } from '../tokens/verify';\nimport { loadAdminConfig } from '../utils/config';\n\nexport interface IdAndRefreshTokens {\n idToken: string;\n refreshToken: string;\n}\n\nexport interface CustomTokens {\n auth_time: number;\n idToken: string;\n refreshToken: string;\n customToken: string;\n}\n\ninterface CustomForIdAndRefreshTokenOptions {\n tenantId?: string;\n appCheckToken?: string;\n referer?: string;\n}\n\ninterface FirebaseRefreshTokenResponse {\n kind: string;\n id_token: string;\n refresh_token: string;\n expires_in: string;\n isNewUser: boolean;\n}\n\ntype AuthResult<T = any> = { data: T; error: null } | { data: null; error: any };\n\nconst API_KEY_ERROR = 'API Key is required';\nconst NO_DATA_ERROR = 'No token data received';\n\nfunction parseFirebaseResponse<T>(data: unknown): T {\n if (typeof data === 'string') {\n try {\n return JSON.parse(data) as T;\n } catch (error) {\n throw new Error(`Failed to parse Firebase response: ${error}`);\n }\n }\n return data as T;\n}\n\nexport function getAuth(options: AuthenticateRequestOptions) {\n const { apiKey } = options;\n const effectiveApiKey = apiKey || process.env.NEXT_PUBLIC_FIREBASE_API_KEY;\n\n\n async function getUserData(idToken?: string, localId?: string): Promise<TernSecureUserData> {\n if (!effectiveApiKey) {\n throw new Error(API_KEY_ERROR);\n }\n const response = await options.apiClient?.userData.getUserData(effectiveApiKey, {\n idToken,\n localId,\n });\n\n if (!response?.data) {\n throw new Error(NO_DATA_ERROR);\n }\n\n const parsedData = parseFirebaseResponse<TernSecureUserData>(response.data);\n return parsedData;\n }\n\n async function refreshExpiredIdToken(\n refreshToken: string,\n opts: CustomForIdAndRefreshTokenOptions,\n ): Promise<AuthResult> {\n if (!effectiveApiKey) {\n return { data: null, error: new Error(API_KEY_ERROR) };\n }\n const response = await options.apiClient?.tokens.refreshToken(effectiveApiKey, {\n refresh_token: refreshToken,\n request_origin: opts.referer,\n });\n\n if (!response?.data) {\n return {\n data: null,\n error: new Error(NO_DATA_ERROR),\n };\n }\n\n const parsedData = parseFirebaseResponse<FirebaseRefreshTokenResponse>(response.data);\n\n return {\n data: {\n idToken: parsedData.id_token,\n refreshToken: parsedData.refresh_token,\n },\n error: null,\n };\n }\n\n async function customForIdAndRefreshToken(\n customToken: string,\n opts: CustomForIdAndRefreshTokenOptions,\n ): Promise<IdAndRefreshTokens> {\n if (!effectiveApiKey) {\n throw new Error('API Key is required to create custom token');\n }\n const data = await options.apiClient?.tokens.exchangeCustomForIdAndRefreshTokens(\n effectiveApiKey,\n {\n token: customToken,\n returnSecureToken: true,\n },\n {\n referer: opts.referer,\n appCheckToken: opts.appCheckToken,\n },\n );\n\n if (!data) {\n throw new Error('No data received from Firebase token exchange');\n }\n\n return {\n idToken: data.idToken,\n refreshToken: data.refreshToken,\n };\n }\n\n async function createCustomIdAndRefreshToken(\n idToken: string,\n opts: CustomForIdAndRefreshTokenOptions,\n ): Promise<CustomTokens> {\n const decoded = await verifyToken(idToken, options);\n const { data, errors } = decoded;\n if (errors) {\n throw errors[0];\n }\n\n //todo:\n /**\n * For sensitive applications, the auth_time should be checked before issuing the session cookie, minimizing the window of attack in case an ID token is stolen:\n */\n //if (new Date().getTime() / 1000 - data.auth_time < 5 * 60) {\n //proceed\n //}\n\n const customToken = await createCustomToken(data.uid, {\n emailVerified: data.email_verified,\n source_sign_in_provider: data.firebase.sign_in_provider,\n });\n\n const idAndRefreshTokens = await customForIdAndRefreshToken(customToken, {\n referer: opts.referer,\n appCheckToken: opts.appCheckToken,\n });\n\n const decodedCustomIdToken = await verifyToken(idAndRefreshTokens.idToken, options);\n if (decodedCustomIdToken.errors) {\n throw decodedCustomIdToken.errors[0];\n }\n\n return {\n ...idAndRefreshTokens,\n customToken,\n auth_time: decodedCustomIdToken.data.auth_time,\n };\n }\n\n async function createAppCheckToken(): Promise<AuthResult> {\n const adminConfig = loadAdminConfig();\n const appId = process.env.NEXT_PUBLIC_FIREBASE_APP_ID || '';\n const appCheck = getAppCheck(adminConfig, options.tenantId);\n try {\n const appCheckResponse = await appCheck.createToken(adminConfig.projectId, appId);\n\n return {\n data: {\n token: appCheckResponse.token,\n ttl: appCheckResponse.ttl,\n },\n error: null,\n };\n } catch (error) {\n return { data: null, error };\n }\n }\n\n async function verifyAppCheckToken(token: string): Promise<AuthResult> {\n const adminConfig = loadAdminConfig();\n const appCheck = getAppCheck(adminConfig, options.tenantId);\n try {\n const decodedToken = await appCheck.verifyToken(token, adminConfig.projectId, {});\n\n return {\n data: decodedToken,\n error: null,\n };\n } catch (error) {\n return { data: null, error };\n }\n }\n\n return {\n getUserData,\n customForIdAndRefreshToken,\n createCustomIdAndRefreshToken,\n refreshExpiredIdToken,\n createAppCheckToken,\n verifyAppCheckToken,\n };\n}\n","import type { JWTPayload } from '@tern-secure/types';\n\nimport {\n GOOGLE_AUTH_TOKEN_HOST,\n GOOGLE_AUTH_TOKEN_PATH,\n GOOGLE_TOKEN_AUDIENCE,\n ONE_HOUR_IN_SECONDS,\n TOKEN_EXPIRY_THRESHOLD_MILLIS\n} from '../constants'\nimport { ternSignJwt } from '../jwt';\nimport { fetchJson } from '../utils/fetcher';\n\n\nexport interface GoogleOAuthAccessToken {\n access_token: string;\n expires_in: number;\n}\n\nexport interface ServiceAccount {\n projectId: string;\n privateKey: string;\n clientEmail: string;\n}\n\nexport interface FirebaseAccessToken {\n accessToken: string;\n expirationTime: number;\n}\n\nconst accessTokenCache: Map<string, FirebaseAccessToken> = new Map();\n\nexport interface Credential {\n getAccessToken: (refresh?: boolean) => Promise<FirebaseAccessToken>;\n}\n\nasync function requestAccessToken(urlString: string, init: RequestInit): Promise<FirebaseAccessToken> {\n const json = await fetchJson(urlString, init);\n\n if (!json.access_token || !json.expires_in) {\n throw new Error('Invalid access token response');\n }\n\n return {\n accessToken: json.access_token,\n expirationTime: Date.now() + (json.expires_in * 1000),\n }\n}\n\nexport class ServiceAccountManager implements Credential {\n public readonly projectId: string;\n public readonly privateKey: string;\n public readonly clientEmail: string;\n\n constructor(serviceAccount: ServiceAccount) {\n this.projectId = serviceAccount.projectId;\n this.privateKey = serviceAccount.privateKey;\n this.clientEmail = serviceAccount.clientEmail;\n }\n\n private fetchAccessToken = async (url: string): Promise<FirebaseAccessToken> => {\n const token = await this.createJwt();\n const postData =\n 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3A' +\n 'grant-type%3Ajwt-bearer&assertion=' +\n token;\n\n return requestAccessToken(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n Authorization: `Bearer ${token}`,\n Accept: 'application/json',\n },\n body: postData,\n })\n }\n\n private fetchAndCacheAccessToken = async (url: string): Promise<FirebaseAccessToken> => {\n const accessToken = await this.fetchAccessToken(url);\n accessTokenCache.set(this.projectId, accessToken);\n return accessToken;\n }\n\n public getAccessToken = async (refresh?: boolean): Promise<FirebaseAccessToken> => {\n const url = `https://${GOOGLE_AUTH_TOKEN_HOST}${GOOGLE_AUTH_TOKEN_PATH}`;\n\n if (refresh) {\n return this.fetchAndCacheAccessToken(url);\n }\n\n const cachedResponse = accessTokenCache.get(this.projectId);\n\n if (!cachedResponse || cachedResponse.expirationTime - Date.now() <= TOKEN_EXPIRY_THRESHOLD_MILLIS) {\n return this.fetchAndCacheAccessToken(url);\n }\n\n return cachedResponse;\n }\n\n private createJwt = async (): Promise<string> => {\n const iat = Math.floor(Date.now() / 1000);\n\n const payload = {\n aud: GOOGLE_TOKEN_AUDIENCE,\n iat,\n exp: iat + ONE_HOUR_IN_SECONDS,\n iss: this.clientEmail,\n sub: this.clientEmail,\n scope: [\n 'https://www.googleapis.com/auth/cloud-platform',\n 'https://www.googleapis.com/auth/firebase.database',\n 'https://www.googleapis.com/auth/firebase.messaging',\n 'https://www.googleapis.com/auth/identitytoolkit',\n 'https://www.googleapis.com/auth/userinfo.email'\n ].join(' ')\n } as JWTPayload;\n\n return ternSignJwt({\n payload,\n privateKey: this.privateKey,\n });\n }\n}\n","import type { Credential } from '../auth'\nimport { ServiceAccountManager } from '../auth'\nimport type { CryptoSigner } from '../jwt'\nimport { IAMSigner, ServiceAccountSigner } from '../jwt'\n\nexport function cryptoSignerFromCredential(\n credential: Credential,\n tenantId?: string,\n serviceAccountId?: string\n): CryptoSigner {\n if (credential instanceof ServiceAccountManager) {\n return new ServiceAccountSigner(credential, tenantId);\n }\n\n return new IAMSigner(credential, tenantId, serviceAccountId);\n}","import type { Credential } from '../auth'\nimport type { AppCheckParams, AppCheckToken } from './types'\n\nexport function getSdkVersion(): string {\n return '12.7.0';\n}\n\nconst FIREBASE_APP_CHECK_CONFIG_HEADERS = {\n 'X-Firebase-Client': `fire-admin-node/${getSdkVersion()}`\n};\n\n/**\n * App Check API for managing Firebase App Check tokens via REST\n * Firebase REST API endpoint: https://firebaseappcheck.googleapis.com/v1beta/projects/{projectId}/apps/{appId}:exchangeCustomToken\n */\nexport class AppCheckApi {\n constructor(private credential: Credential) { }\n\n public async exchangeToken(params: AppCheckParams): Promise<AppCheckToken> {\n const { projectId, appId, customToken, limitedUse = false } = params;\n const token = await this.credential.getAccessToken(false);\n if (!projectId || !appId) {\n throw new Error('Project ID and App ID are required for App Check token exchange');\n }\n\n const endpoint = `https://firebaseappcheck.googleapis.com/v1/projects/${projectId}/apps/${appId}:exchangeCustomToken`;\n\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${token.accessToken}`,\n };\n\n try {\n const response = await fetch(endpoint, {\n method: 'POST',\n headers,\n body: JSON.stringify({ customToken, limitedUse }),\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(`App Check token exchange failed: ${response.status} ${errorText}`);\n }\n\n const data = await response.json();\n return {\n token: data.token,\n ttl: data.ttl,\n };\n } catch (error) {\n console.warn('[ternsecure - appcheck api]unexpected error:', error);\n throw error;\n }\n }\n public async exchangeDebugToken(params: AppCheckParams): Promise<AppCheckToken> {\n const { projectId, appId, customToken, accessToken, limitedUse = false } = params;\n if (!projectId || !appId) {\n throw new Error('Project ID and App ID are required for App Check token exchange');\n }\n\n const endpoint = `https://firebaseappcheck.googleapis.com/v1beta/projects/${projectId}/apps/${appId}:exchangeDebugToken`;\n\n const headers: Record<string, string> = {\n ...FIREBASE_APP_CHECK_CONFIG_HEADERS,\n 'Authorization': `Bearer ${accessToken}`,\n };\n\n const body = {\n customToken,\n limitedUse,\n }\n\n try {\n const response = await fetch(endpoint, {\n method: 'POST',\n headers,\n body: JSON.stringify(body),\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(`App Check token exchange failed: ${response.status} ${errorText}`);\n }\n\n const data = await response.json();\n return {\n token: data.token,\n ttl: data.ttl,\n };\n } catch (error) {\n console.warn('[ternsecure - appcheck api]unexpected error:', error);\n throw error;\n }\n }\n}\n","import {\n FIREBASE_APP_CHECK_AUDIENCE,\n ONE_DAY_IN_MILLIS,\n ONE_MINUTE_IN_MILLIS,\n ONE_MINUTE_IN_SECONDS\n} from '../constants'\nimport type { CryptoSigner } from '../jwt';\nimport type { AppCheckTokenOptions } from './types';\n\n\nfunction transformMillisecondsToSecondsString(milliseconds: number): string {\n let duration: string;\n const seconds = Math.floor(milliseconds / 1000);\n const nanos = Math.floor((milliseconds - seconds * 1000) * 1000000);\n if (nanos > 0) {\n let nanoString = nanos.toString();\n while (nanoString.length < 9) {\n nanoString = '0' + nanoString;\n }\n duration = `${seconds}.${nanoString}s`;\n } else {\n duration = `${seconds}s`;\n }\n return duration;\n}\n\nexport class AppCheckTokenGenerator {\n private readonly signer: CryptoSigner;\n\n constructor(signer: CryptoSigner) {\n this.signer = signer;\n }\n\n public async createCustomToken(\n appId: string,\n options?: AppCheckTokenOptions\n ): Promise<string> {\n if (!appId) {\n throw new Error(\n 'appId is invalid',\n );\n }\n let customOptions = {};\n if (typeof options !== 'undefined') {\n customOptions = this.validateTokenOptions(options);\n }\n\n const account = await this.signer.getAccountId();\n\n const iat = Math.floor(Date.now() / 1000);\n const body = {\n iss: account,\n sub: account,\n app_id: appId,\n aud: FIREBASE_APP_CHECK_AUDIENCE,\n exp: iat + ONE_MINUTE_IN_SECONDS * 5,\n iat,\n ...customOptions\n };\n\n return this.signer.sign(body);\n }\n\n private validateTokenOptions(options: AppCheckTokenOptions): {\n [key: string]: unknown;\n } {\n if (typeof options.ttlMillis !== 'undefined') {\n if (\n options.ttlMillis < ONE_MINUTE_IN_MILLIS * 30 ||\n options.ttlMillis > ONE_DAY_IN_MILLIS * 7\n ) {\n throw new Error(\n 'ttlMillis must be a duration in milliseconds between 30 minutes and 7 days (inclusive).'\n );\n }\n\n return { ttl: transformMillisecondsToSecondsString(options.ttlMillis) };\n }\n return {};\n }\n}\n","import { Redis } from \"@upstash/redis\";\n\nimport type { AppCheckOptions } from '../adapters/types';\nimport { initializeAdminConfig } from '../utils/config';\nimport { getAppCheck } from \"./index\";\n\ninterface CachedToken {\n token: string;\n expiresAt: number;\n}\n\n/**\n * Redis client interface for AppCheck token caching (Upstash Redis or compatible adapter)\n */\ninterface RedisClient {\n get(key: string): Promise<any>;\n set(key: string, value: any, opts?: { px?: number }): Promise<any>;\n del(key: string): Promise<number>;\n}\n\n\nexport class ServerAppCheckManager {\n private static instances: Map<string, ServerAppCheckManager> = new Map();\n private memoryCache: Map<string, CachedToken> = new Map();\n private redisClient: RedisClient | null = null;\n private readonly options: Required<Omit<AppCheckOptions, 'redis' | 'skipInMemoryFirst'>> & {\n redis?: AppCheckOptions['redis'];\n skipInMemoryFirst: boolean;\n };\n private pendingTokens: Map<string, Promise<string | null>> = new Map();\n\n private constructor(options?: AppCheckOptions) {\n const defaultOptions: Required<Omit<AppCheckOptions, 'redis' | 'skipInMemoryFirst'>> & { skipInMemoryFirst: boolean } = {\n strategy: 'memory',\n ttlMillis: 3600000, // 1 hour\n refreshBufferMillis: 300000, // 5 minutes\n keyPrefix: 'appcheck:token:',\n skipInMemoryFirst: false,\n };\n\n this.options = { ...defaultOptions, ...options };\n\n if (this.options.strategy === 'redis' && this.options.redis) {\n void this.initializeRedis(this.options.redis);\n }\n }\n\n private initializeRedis = (config: AppCheckOptions['redis']): void => {\n if (!config) {\n throw new Error('[AppCheck] Redis configuration is required when strategy is \"redis\"');\n }\n\n try {\n this.redisClient = new Redis({\n url: config.url,\n token: config.token,\n });\n\n } catch (error) {\n console.error('[AppCheck] Failed to initialize Redis client:', error);\n throw new Error('[AppCheck] Redis initialization failed.');\n }\n }\n\n public static getInstance(options?: AppCheckOptions): ServerAppCheckManager {\n const key = options?.strategy || 'memory';\n\n if (!ServerAppCheckManager.instances.has(key)) {\n ServerAppCheckManager.instances.set(key, new ServerAppCheckManager(options));\n }\n\n const instance = ServerAppCheckManager.instances.get(key);\n if (!instance) {\n throw new Error('[AppCheck] Failed to get instance');\n }\n\n return instance;\n }\n\n private buildCacheKey(appId: string): string {\n return `${this.options.keyPrefix}${appId}`;\n }\n\n\n private getCachedToken = async (appId: string): Promise<CachedToken | null> => {\n if (this.options.strategy === 'memory') {\n return this.memoryCache.get(appId) || null;\n }\n\n if (this.options.strategy === 'redis') {\n // Check in-memory cache first (unless skipInMemoryFirst is true)\n if (!this.options.skipInMemoryFirst) {\n const memCached = this.memoryCache.get(appId);\n if (memCached) {\n return memCached;\n }\n }\n\n // Fallback to Redis\n if (this.redisClient) {\n try {\n const key = this.buildCacheKey(appId);\n const cached = await this.redisClient.get(key);\n\n if (cached) {\n const parsed: CachedToken = typeof cached === 'string' ? JSON.parse(cached) : cached;\n\n if (!this.options.skipInMemoryFirst) {\n this.memoryCache.set(appId, parsed);\n }\n\n return parsed;\n }\n } catch (error) {\n console.error('[AppCheck] Redis get error:', error);\n }\n }\n }\n\n return null;\n }\n\n\n private setCachedToken = async (appId: string, token: string, expiresAt: number): Promise<void> => {\n const cachedToken: CachedToken = { token, expiresAt };\n\n // Always store in memory cache for both strategies\n this.memoryCache.set(appId, cachedToken);\n\n if (this.options.strategy === 'memory') {\n return;\n }\n\n // For Redis strategy, also persist to Redis\n if (this.options.strategy === 'redis' && this.redisClient) {\n try {\n const key = this.buildCacheKey(appId);\n const ttl = expiresAt - Date.now();\n\n await this.redisClient.set(key, JSON.stringify(cachedToken), {\n px: ttl, // Expiry in milliseconds (lowercase for Upstash)\n });\n } catch (error) {\n console.error('[AppCheck] Redis set error:', error);\n }\n }\n }\n\n getOrGenerateToken = async (appId: string): Promise<string | null> => {\n const cached = await this.getCachedToken(appId);\n const now = Date.now();\n\n if (cached && cached.expiresAt > now + this.options.refreshBufferMillis) {\n return cached.token;\n }\n\n const pending = this.pendingTokens.get(appId);\n if (pending) {\n return pending;\n }\n\n const tokenPromise = this.generateAndCacheToken(appId);\n this.pendingTokens.set(appId, tokenPromise);\n\n try {\n const token = await tokenPromise;\n return token;\n } finally {\n this.pendingTokens.delete(appId);\n }\n }\n\n /**\n * Generate and cache a new token\n */\n private generateAndCacheToken = async (appId: string): Promise<string | null> => {\n try {\n const now = Date.now();\n const config = initializeAdminConfig();\n const appCheck = getAppCheck(config);\n\n const appCheckToken = await appCheck.createToken(config.projectId, appId, {\n ttlMillis: this.options.ttlMillis,\n });\n\n const expiresAt = now + this.options.ttlMillis;\n await this.setCachedToken(appId, appCheckToken.token, expiresAt);\n\n return appCheckToken.token;\n } catch (error) {\n console.error('[AppCheck] Failed to generate token:', error);\n return null;\n }\n }\n\n clearCache = async (appId?: string): Promise<void> => {\n if (appId) {\n this.memoryCache.delete(appId);\n } else {\n this.memoryCache.clear();\n }\n\n if (this.options.strategy === 'redis' && this.redisClient) {\n try {\n if (appId) {\n const key = this.buildCacheKey(appId);\n await this.redisClient.del(key);\n }\n } catch (error) {\n console.error('[AppCheck] Redis delete error:', error);\n }\n }\n }\n\n getCacheStats(): {\n strategy: string;\n memorySize: number;\n entries: Array<{ appId: string; expiresIn: number }>\n } {\n const now = Date.now();\n const entries = Array.from(this.memoryCache.entries()).map(([appId, cached]) => ({\n appId,\n expiresIn: Math.max(0, cached.expiresAt - now),\n }));\n\n return {\n strategy: this.options.strategy,\n memorySize: this.memoryCache.size,\n entries,\n };\n }\n\n /**\n * Close Redis connection\n */\n disconnect(): void {\n if (this.redisClient) {\n this.redisClient = null;\n }\n }\n}","import type { DecodedAppCheckToken } from '@tern-secure/types';\nimport { createRemoteJWKSet, type KeyLike, type ProtectedHeaderParameters } from 'jose';\n\nimport type { Credential } from '../auth';\nimport type { JwtReturnType } from '../jwt';\nimport { ternDecodeJwt, verifyAppCheckJwt, type VerifyJwtOptions } from '../jwt/verifyJwt';\nimport type { LoadJWKFromRemoteOptions } from '../tokens/keys';\nimport { TokenVerificationError, TokenVerificationErrorReason } from '../utils/errors';\n\nexport type VerifyAppcheckOptions = Omit<VerifyJwtOptions, 'key'> & Omit<LoadJWKFromRemoteOptions, 'kid'> & {\n currentDate?: Date;\n checkRevoked?: boolean;\n referer?: string;\n experimental_enableTokenRefreshOnExpiredKidHeader?: boolean;\n};\n\nconst getPublicKey = async (header: ProtectedHeaderParameters, keyURL: string): Promise<KeyLike> => {\n const jswksUrl: URL = new URL(keyURL);\n const getKey = createRemoteJWKSet(jswksUrl);\n\n return getKey(header);\n\n}\n\n\nconst verifyAppCheckToken = async (\n token: string,\n options: VerifyAppcheckOptions,\n): Promise<JwtReturnType<DecodedAppCheckToken, TokenVerificationError>> => {\n const { data: decodedResult, errors } = ternDecodeJwt(token);\n\n if (errors) {\n throw errors[0];\n }\n\n const { header } = decodedResult;\n const { kid } = header;\n\n if (!kid) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalid,\n message: 'JWT \"kid\" header is missing.',\n }),\n ],\n };\n }\n\n try {\n const getPublicKeyForToken = () => getPublicKey(header, options.keyURL || '');\n\n return await verifyAppCheckJwt(token, { ...options, key: getPublicKeyForToken });\n } catch (error) {\n if (error instanceof TokenVerificationError) {\n return { errors: [error] };\n }\n return {\n errors: [error as TokenVerificationError],\n };\n }\n};\n\nexport class AppcheckTokenVerifier {\n constructor(private readonly credential: Credential) { }\n\n public verifyToken = async (\n token: string,\n projectId: string,\n options: VerifyAppcheckOptions,\n ): Promise<DecodedAppCheckToken> => {\n const { data, errors } = await verifyAppCheckToken(token, options);\n if (errors) {\n throw errors[0];\n }\n\n return data;\n };\n}","import type { VerifyAppCheckTokenResponse } from \"@tern-secure/types\";\n\nimport type { Credential, ServiceAccount } from \"../auth\";\nimport { ServiceAccountManager } from \"../auth\";\nimport { cryptoSignerFromCredential } from '../utils/token-generator';\nimport { AppCheckApi } from \"./AppCheckApi\";\nimport { AppCheckTokenGenerator } from \"./generator\";\nimport { ServerAppCheckManager } from \"./serverAppCheck\";\nimport type { AppCheckToken, AppCheckTokenOptions } from \"./types\";\nimport { AppcheckTokenVerifier, type VerifyAppcheckOptions } from \"./verifier\";\n\n\nconst JWKS_URL = 'https://firebaseappcheck.googleapis.com/v1/jwks';\n\nclass AppCheck {\n private readonly client: AppCheckApi;\n private readonly tokenGenerator: AppCheckTokenGenerator;\n private readonly appCheckTokenVerifier: AppcheckTokenVerifier;\n private readonly limitedUse?: boolean;\n\n constructor(credential: Credential, tenantId?: string, limitedUse?: boolean) {\n this.client = new AppCheckApi(credential);\n this.tokenGenerator = new AppCheckTokenGenerator(\n cryptoSignerFromCredential(credential, tenantId)\n );\n this.appCheckTokenVerifier = new AppcheckTokenVerifier(credential);\n this.limitedUse = limitedUse;\n }\n\n public createToken = (projectId: string, appId: string, options?: AppCheckTokenOptions): Promise<AppCheckToken> => {\n return this.tokenGenerator\n .createCustomToken(appId, options)\n .then((customToken) => {\n return this.client.exchangeToken({ customToken, projectId, appId });\n });\n };\n\n public verifyToken = async (appCheckToken: string, projectId: string, options: VerifyAppcheckOptions): Promise<VerifyAppCheckTokenResponse> => {\n return this.appCheckTokenVerifier\n .verifyToken(appCheckToken, projectId, { keyURL: JWKS_URL, ...options })\n .then((decodedToken) => {\n return {\n appId: decodedToken.app_id,\n token: decodedToken,\n };\n });\n\n }\n\n}\n\n\nfunction getAppCheck(serviceAccount: ServiceAccount, tenantId?: string, limitedUse?: boolean): AppCheck {\n return new AppCheck(new ServiceAccountManager(serviceAccount), tenantId, limitedUse);\n}\n\nexport { AppCheck, getAppCheck };\nexport { ServerAppCheckManager };"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,IAAI,QAA0B,CAAC;AAC/B,IAAI,gBAAgB;AACpB,IAAI,kBAAkB;AAEtB,SAAS,aAAa,KAAa;AACjC,SAAO,MAAM,GAAG;AAClB;AAEA,SAAS,iBAAiB;AACxB,SAAO,OAAO,OAAO,KAAK;AAC5B;AAEA,SAAS,WAAW,KAAa,aAAqB,eAAe,MAAM;AACzE,QAAM,GAAG,IAAI;AACb,kBAAgB,eAAe,KAAK,IAAI,IAAI;AAC9C;AAEA,eAAe,gBAAgB,QAA6C;AAC1E,QAAM,MAAM,IAAI,IAAI,MAAM;AAC1B,QAAM,WAAW,MAAM,MAAM,GAAG;AAChC,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,IAAI,uBAAuB;AAAA,MAC/B,SAAS,kCAAkC,IAAI,IAAI,cAAc,SAAS,MAAM;AAAA,MAChF,QAAQ,6BAA6B;AAAA,IACvC,CAAC;AAAA,EACH;AAEA,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,QAAM,YAAY,aAAa,QAAQ;AAEvC,SAAO;AAAA,IACL,MAAM;AAAA,IACN;AAAA,EACF;AACF;AAEA,eAAsB,kBAAkB;AAAA,EACtC;AAAA,EACA;AAAA,EACA;AACF,GAA8C;AAC5C,QAAM,cAAc,UAAU;AAC9B,MAAI,iBAAiB,eAAe,KAAK,CAAC,aAAa,GAAG,GAAG;AAC3D,UAAM,EAAE,MAAM,UAAU,IAAI,MAAM,gBAAgB,WAAW;AAE7D,QAAI,CAAC,QAAQ,OAAO,KAAK,IAAI,EAAE,WAAW,GAAG;AAC3C,YAAM,IAAI,uBAAuB;AAAA,QAC/B,SAAS,qBAAqB,WAAW;AAAA,QACzC,QAAQ,6BAA6B;AAAA,MACvC,CAAC;AAAA,IACH;AACA,sBAAkB;AAElB,WAAO,QAAQ,IAAI,EAAE,QAAQ,CAAC,CAAC,OAAOA,KAAI,MAAM;AAC9C,iBAAW,OAAOA,KAAI;AAAA,IACxB,CAAC;AAAA,EACH;AACA,QAAM,OAAO,aAAa,GAAG;AAC7B,MAAI,CAAC,MAAM;AACT,mBAAe;AACf,UAAM,gBAAgB,OAAO,KAAK,KAAK,EAAE,KAAK,EAAE,KAAK,IAAI;AAEzD,UAAM,IAAI,uBAAuB;AAAA,MAC/B,SAAS,gCAAgC,GAAG,uBAAuB,aAAa;AAAA,MAChF,QAAQ,6BAA6B;AAAA,IACvC,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB;AACxB,QAAM,MAAM,KAAK,IAAI;AACrB,MAAI,kBAAkB,IAAI;AACxB,WAAO;AAAA,EACT;AAEA,QAAM,WAAW,MAAM;AACvB,QAAM,cAAc,oCAAoC;AACxD,QAAM,oBAAoB,YAAY;AACtC,QAAM,qBAAqB,OAAO;AAElC,QAAM,YAAY,qBAAqB;AAEvC,MAAI,WAAW;AACb,YAAQ,CAAC;AAAA,EACX;AAEA,SAAO;AACT;AAEA,SAAS,aAAa,KAAe;AACnC,QAAM,qBAAqB,IAAI,QAAQ,IAAI,eAAe;AAC1D,MAAI,CAAC,oBAAoB;AACvB,WAAO,KAAK,IAAI,IAAI;AAAA,EACtB;AACA,QAAM,cAAc,mBAAmB,MAAM,mBAAmB;AAChE,QAAM,SAAS,cAAc,SAAS,YAAY,CAAC,GAAG,EAAE,IAAI,yBAAyB;AAErF,SAAO,KAAK,IAAI,IAAI,SAAS;AAC/B;;;AC9GA,eAAsB,YACpB,OACA,SACgE;AAChE,QAAM,EAAE,MAAM,eAAe,OAAO,IAAI,cAAc,KAAK;AAE3D,MAAI,QAAQ;AACV,WAAO,EAAE,OAAO;AAAA,EAClB;AAEA,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,EAAE,IAAI,IAAI;AAEhB,MAAI,CAAC,KAAK;AACR,WAAO;AAAA,MACL,QAAQ;AAAA,QACN,IAAI,uBAAuB;AAAA,UACzB,QAAQ,6BAA6B;AAAA,UACrC,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACF,UAAM,MAAM,QAAQ,UAAW,MAAM,kBAAkB,EAAE,GAAG,SAAS,IAAI,CAAC;AAE1E,QAAI,CAAC,KAAK;AACR,aAAO;AAAA,QACL,QAAQ;AAAA,UACN,IAAI,uBAAuB;AAAA,YACzB,QAAQ,6BAA6B;AAAA,YACrC,SAAS,gCAAgC,GAAG;AAAA,UAC9C,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AACA,WAAO,MAAM,UAAU,OAAO,EAAE,GAAG,SAAS,IAAI,CAAC;AAAA,EACnD,SAAS,OAAO;AACd,QAAI,iBAAiB,wBAAwB;AAC3C,aAAO,EAAE,QAAQ,CAAC,KAAK,EAAE;AAAA,IAC3B;AACA,WAAO;AAAA,MACL,QAAQ,CAAC,KAA+B;AAAA,IAC1C;AAAA,EACF;AACF;;;AC1BA,IAAM,gBAAgB;AACtB,IAAM,gBAAgB;AAEtB,SAAS,sBAAyB,MAAkB;AAClD,MAAI,OAAO,SAAS,UAAU;AAC5B,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,sCAAsC,KAAK,EAAE;AAAA,IAC/D;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,QAAQ,SAAqC;AAC3D,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,kBAAkB,UAAU,QAAQ,IAAI;AAG9C,iBAAe,YAAY,SAAkB,SAA+C;AAC1F,QAAI,CAAC,iBAAiB;AACpB,YAAM,IAAI,MAAM,aAAa;AAAA,IAC/B;AACA,UAAM,WAAW,MAAM,QAAQ,WAAW,SAAS,YAAY,iBAAiB;AAAA,MAC9E;AAAA,MACA;AAAA,IACF,CAAC;AAED,QAAI,CAAC,UAAU,MAAM;AACnB,YAAM,IAAI,MAAM,aAAa;AAAA,IAC/B;AAEA,UAAM,aAAa,sBAA0C,SAAS,IAAI;AAC1E,WAAO;AAAA,EACT;AAEA,iBAAe,sBACb,cACA,MACqB;AACrB,QAAI,CAAC,iBAAiB;AACpB,aAAO,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,aAAa,EAAE;AAAA,IACvD;AACA,UAAM,WAAW,MAAM,QAAQ,WAAW,OAAO,aAAa,iBAAiB;AAAA,MAC7E,eAAe;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AAED,QAAI,CAAC,UAAU,MAAM;AACnB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO,IAAI,MAAM,aAAa;AAAA,MAChC;AAAA,IACF;AAEA,UAAM,aAAa,sBAAoD,SAAS,IAAI;AAEpF,WAAO;AAAA,MACL,MAAM;AAAA,QACJ,SAAS,WAAW;AAAA,QACpB,cAAc,WAAW;AAAA,MAC3B;AAAA,MACA,OAAO;AAAA,IACT;AAAA,EACF;AAEA,iBAAe,2BACb,aACA,MAC6B;AAC7B,QAAI,CAAC,iBAAiB;AACpB,YAAM,IAAI,MAAM,4CAA4C;AAAA,IAC9D;AACA,UAAM,OAAO,MAAM,QAAQ,WAAW,OAAO;AAAA,MAC3C;AAAA,MACA;AAAA,QACE,OAAO;AAAA,QACP,mBAAmB;AAAA,MACrB;AAAA,MACA;AAAA,QACE,SAAS,KAAK;AAAA,QACd,eAAe,KAAK;AAAA,MACtB;AAAA,IACF;AAEA,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,+CAA+C;AAAA,IACjE;AAEA,WAAO;AAAA,MACL,SAAS,KAAK;AAAA,MACd,cAAc,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,iBAAe,8BACb,SACA,MACuB;AACvB,UAAM,UAAU,MAAM,YAAY,SAAS,OAAO;AAClD,UAAM,EAAE,MAAM,OAAO,IAAI;AACzB,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAUA,UAAM,cAAc,MAAM,kBAAkB,KAAK,KAAK;AAAA,MACpD,eAAe,KAAK;AAAA,MACpB,yBAAyB,KAAK,SAAS;AAAA,IACzC,CAAC;AAED,UAAM,qBAAqB,MAAM,2BAA2B,aAAa;AAAA,MACvE,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,IACtB,CAAC;AAED,UAAM,uBAAuB,MAAM,YAAY,mBAAmB,SAAS,OAAO;AAClF,QAAI,qBAAqB,QAAQ;AAC/B,YAAM,qBAAqB,OAAO,CAAC;AAAA,IACrC;AAEA,WAAO;AAAA,MACL,GAAG;AAAA,MACH;AAAA,MACA,WAAW,qBAAqB,KAAK;AAAA,IACvC;AAAA,EACF;AAEA,iBAAe,sBAA2C;AACxD,UAAM,cAAc,gBAAgB;AACpC,UAAM,QAAQ,QAAQ,IAAI,+BAA+B;AACzD,UAAM,WAAW,YAAY,aAAa,QAAQ,QAAQ;AAC1D,QAAI;AACF,YAAM,mBAAmB,MAAM,SAAS,YAAY,YAAY,WAAW,KAAK;AAEhF,aAAO;AAAA,QACL,MAAM;AAAA,UACJ,OAAO,iBAAiB;AAAA,UACxB,KAAK,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF,SAAS,OAAO;AACd,aAAO,EAAE,MAAM,MAAM,MAAM;AAAA,IAC7B;AAAA,EACF;AAEA,iBAAeC,qBAAoB,OAAoC;AACrE,UAAM,cAAc,gBAAgB;AACpC,UAAM,WAAW,YAAY,aAAa,QAAQ,QAAQ;AAC1D,QAAI;AACF,YAAM,eAAe,MAAM,SAAS,YAAY,OAAO,YAAY,WAAW,CAAC,CAAC;AAEhF,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO;AAAA,MACT;AAAA,IACF,SAAS,OAAO;AACd,aAAO,EAAE,MAAM,MAAM,MAAM;AAAA,IAC7B;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,qBAAAA;AAAA,EACF;AACF;;;ACtLA,IAAM,mBAAqD,oBAAI,IAAI;AAMnE,eAAe,mBAAmB,WAAmB,MAAiD;AAClG,QAAM,OAAO,MAAM,UAAU,WAAW,IAAI;AAE5C,MAAI,CAAC,KAAK,gBAAgB,CAAC,KAAK,YAAY;AACxC,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AAEA,SAAO;AAAA,IACH,aAAa,KAAK;AAAA,IAClB,gBAAgB,KAAK,IAAI,IAAK,KAAK,aAAa;AAAA,EACpD;AACJ;AAEO,IAAM,wBAAN,MAAkD;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,gBAAgC;AACxC,SAAK,YAAY,eAAe;AAChC,SAAK,aAAa,eAAe;AACjC,SAAK,cAAc,eAAe;AAAA,EACtC;AAAA,EAEQ,mBAAmB,OAAO,QAA8C;AAC5E,UAAM,QAAQ,MAAM,KAAK,UAAU;AACnC,UAAM,WACF,gFAEA;AAEJ,WAAO,mBAAmB,KAAK;AAAA,MAC3B,QAAQ;AAAA,MACR,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,UAAU,KAAK;AAAA,QAC9B,QAAQ;AAAA,MACZ;AAAA,MACA,MAAM;AAAA,IACV,CAAC;AAAA,EACL;AAAA,EAEQ,2BAA2B,OAAO,QAA8C;AACpF,UAAM,cAAc,MAAM,KAAK,iBAAiB,GAAG;AACnD,qBAAiB,IAAI,KAAK,WAAW,WAAW;AAChD,WAAO;AAAA,EACX;AAAA,EAEO,iBAAiB,OAAO,YAAoD;AAC/E,UAAM,MAAM,WAAW,sBAAsB,GAAG,sBAAsB;AAEtE,QAAI,SAAS;AACT,aAAO,KAAK,yBAAyB,GAAG;AAAA,IAC5C;AAEA,UAAM,iBAAiB,iBAAiB,IAAI,KAAK,SAAS;AAE1D,QAAI,CAAC,kBAAkB,eAAe,iBAAiB,KAAK,IAAI,KAAK,+BAA+B;AAChG,aAAO,KAAK,yBAAyB,GAAG;AAAA,IAC5C;AAEA,WAAO;AAAA,EACX;AAAA,EAEQ,YAAY,YAA6B;AAC7C,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExC,UAAM,UAAU;AAAA,MACZ,KAAK;AAAA,MACL;AAAA,MACA,KAAK,MAAM;AAAA,MACX,KAAK,KAAK;AAAA,MACV,KAAK,KAAK;AAAA,MACV,OAAO;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACJ,EAAE,KAAK,GAAG;AAAA,IACd;AAEA,WAAO,YAAY;AAAA,MACf;AAAA,MACA,YAAY,KAAK;AAAA,IACrB,CAAC;AAAA,EACL;AACJ;;;ACrHO,SAAS,2BACZ,YACA,UACA,kBACY;AACZ,MAAI,sBAAsB,uBAAuB;AAC7C,WAAO,IAAI,qBAAqB,YAAY,QAAQ;AAAA,EACxD;AAEA,SAAO,IAAI,UAAU,YAAY,UAAU,gBAAgB;AAC/D;;;ACZO,SAAS,gBAAwB;AACpC,SAAO;AACX;AAEA,IAAM,oCAAoC;AAAA,EACtC,qBAAqB,mBAAmB,cAAc,CAAC;AAC3D;AAMO,IAAM,cAAN,MAAkB;AAAA,EACrB,YAAoB,YAAwB;AAAxB;AAAA,EAA0B;AAAA,EAE9C,MAAa,cAAc,QAAgD;AACvE,UAAM,EAAE,WAAW,OAAO,aAAa,aAAa,MAAM,IAAI;AAC9D,UAAM,QAAQ,MAAM,KAAK,WAAW,eAAe,KAAK;AACxD,QAAI,CAAC,aAAa,CAAC,OAAO;AACtB,YAAM,IAAI,MAAM,iEAAiE;AAAA,IACrF;AAEA,UAAM,WAAW,uDAAuD,SAAS,SAAS,KAAK;AAE/F,UAAM,UAAkC;AAAA,MACpC,gBAAgB;AAAA,MAChB,iBAAiB,UAAU,MAAM,WAAW;AAAA,IAChD;AAEA,QAAI;AACA,YAAM,WAAW,MAAM,MAAM,UAAU;AAAA,QACnC,QAAQ;AAAA,QACR;AAAA,QACA,MAAM,KAAK,UAAU,EAAE,aAAa,WAAW,CAAC;AAAA,MACpD,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AACd,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,cAAM,IAAI,MAAM,oCAAoC,SAAS,MAAM,IAAI,SAAS,EAAE;AAAA,MACtF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,aAAO;AAAA,QACH,OAAO,KAAK;AAAA,QACZ,KAAK,KAAK;AAAA,MACd;AAAA,IACJ,SAAS,OAAO;AACZ,cAAQ,KAAK,gDAAgD,KAAK;AAClE,YAAM;AAAA,IACV;AAAA,EACJ;AAAA,EACA,MAAa,mBAAmB,QAAgD;AAC5E,UAAM,EAAE,WAAW,OAAO,aAAa,aAAa,aAAa,MAAM,IAAI;AAC3E,QAAI,CAAC,aAAa,CAAC,OAAO;AACtB,YAAM,IAAI,MAAM,iEAAiE;AAAA,IACrF;AAEA,UAAM,WAAW,2DAA2D,SAAS,SAAS,KAAK;AAEnG,UAAM,UAAkC;AAAA,MACpC,GAAG;AAAA,MACH,iBAAiB,UAAU,WAAW;AAAA,IAC1C;AAEA,UAAM,OAAO;AAAA,MACT;AAAA,MACA;AAAA,IACJ;AAEA,QAAI;AACA,YAAM,WAAW,MAAM,MAAM,UAAU;AAAA,QACnC,QAAQ;AAAA,QACR;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,MAC7B,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AACd,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,cAAM,IAAI,MAAM,oCAAoC,SAAS,MAAM,IAAI,SAAS,EAAE;AAAA,MACtF;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,aAAO;AAAA,QACH,OAAO,KAAK;AAAA,QACZ,KAAK,KAAK;AAAA,MACd;AAAA,IACJ,SAAS,OAAO;AACZ,cAAQ,KAAK,gDAAgD,KAAK;AAClE,YAAM;AAAA,IACV;AAAA,EACJ;AACJ;;;ACpFA,SAAS,qCAAqC,cAA8B;AACxE,MAAI;AACJ,QAAM,UAAU,KAAK,MAAM,eAAe,GAAI;AAC9C,QAAM,QAAQ,KAAK,OAAO,eAAe,UAAU,OAAQ,GAAO;AAClE,MAAI,QAAQ,GAAG;AACX,QAAI,aAAa,MAAM,SAAS;AAChC,WAAO,WAAW,SAAS,GAAG;AAC1B,mBAAa,MAAM;AAAA,IACvB;AACA,eAAW,GAAG,OAAO,IAAI,UAAU;AAAA,EACvC,OAAO;AACH,eAAW,GAAG,OAAO;AAAA,EACzB;AACA,SAAO;AACX;AAEO,IAAM,yBAAN,MAA6B;AAAA,EACf;AAAA,EAEjB,YAAY,QAAsB;AAC9B,SAAK,SAAS;AAAA,EAClB;AAAA,EAEA,MAAa,kBACT,OACA,SACe;AACf,QAAI,CAAC,OAAO;AACR,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AACA,QAAI,gBAAgB,CAAC;AACrB,QAAI,OAAO,YAAY,aAAa;AAChC,sBAAgB,KAAK,qBAAqB,OAAO;AAAA,IACrD;AAEA,UAAM,UAAU,MAAM,KAAK,OAAO,aAAa;AAE/C,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,UAAM,OAAO;AAAA,MACT,KAAK;AAAA,MACL,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,KAAK,MAAM,wBAAwB;AAAA,MACnC;AAAA,MACA,GAAG;AAAA,IACP;AAEA,WAAO,KAAK,OAAO,KAAK,IAAI;AAAA,EAChC;AAAA,EAEQ,qBAAqB,SAE3B;AACE,QAAI,OAAO,QAAQ,cAAc,aAAa;AAC1C,UACI,QAAQ,YAAY,uBAAuB,MAC3C,QAAQ,YAAY,oBAAoB,GAC1C;AACE,cAAM,IAAI;AAAA,UACN;AAAA,QACJ;AAAA,MACJ;AAEA,aAAO,EAAE,KAAK,qCAAqC,QAAQ,SAAS,EAAE;AAAA,IAC1E;AACA,WAAO,CAAC;AAAA,EACZ;AACJ;;;AChFA,SAAS,aAAa;AAqBf,IAAM,wBAAN,MAAM,uBAAsB;AAAA,EACjC,OAAe,YAAgD,oBAAI,IAAI;AAAA,EAC/D,cAAwC,oBAAI,IAAI;AAAA,EAChD,cAAkC;AAAA,EACzB;AAAA,EAIT,gBAAqD,oBAAI,IAAI;AAAA,EAE7D,YAAY,SAA2B;AAC7C,UAAM,iBAAkH;AAAA,MACtH,UAAU;AAAA,MACV,WAAW;AAAA;AAAA,MACX,qBAAqB;AAAA;AAAA,MACrB,WAAW;AAAA,MACX,mBAAmB;AAAA,IACrB;AAEA,SAAK,UAAU,EAAE,GAAG,gBAAgB,GAAG,QAAQ;AAE/C,QAAI,KAAK,QAAQ,aAAa,WAAW,KAAK,QAAQ,OAAO;AAC3D,WAAK,KAAK,gBAAgB,KAAK,QAAQ,KAAK;AAAA,IAC9C;AAAA,EACF;AAAA,EAEQ,kBAAkB,CAAC,WAA2C;AACpE,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,qEAAqE;AAAA,IACvF;AAEA,QAAI;AACF,WAAK,cAAc,IAAI,MAAM;AAAA,QAC3B,KAAK,OAAO;AAAA,QACZ,OAAO,OAAO;AAAA,MAChB,CAAC;AAAA,IAEH,SAAS,OAAO;AACd,cAAQ,MAAM,iDAAiD,KAAK;AACpE,YAAM,IAAI,MAAM,yCAAyC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,OAAc,YAAY,SAAkD;AAC1E,UAAM,MAAM,SAAS,YAAY;AAEjC,QAAI,CAAC,uBAAsB,UAAU,IAAI,GAAG,GAAG;AAC7C,6BAAsB,UAAU,IAAI,KAAK,IAAI,uBAAsB,OAAO,CAAC;AAAA,IAC7E;AAEA,UAAM,WAAW,uBAAsB,UAAU,IAAI,GAAG;AACxD,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,mCAAmC;AAAA,IACrD;AAEA,WAAO;AAAA,EACT;AAAA,EAEQ,cAAc,OAAuB;AAC3C,WAAO,GAAG,KAAK,QAAQ,SAAS,GAAG,KAAK;AAAA,EAC1C;AAAA,EAGQ,iBAAiB,OAAO,UAA+C;AAC7E,QAAI,KAAK,QAAQ,aAAa,UAAU;AACtC,aAAO,KAAK,YAAY,IAAI,KAAK,KAAK;AAAA,IACxC;AAEA,QAAI,KAAK,QAAQ,aAAa,SAAS;AAErC,UAAI,CAAC,KAAK,QAAQ,mBAAmB;AACnC,cAAM,YAAY,KAAK,YAAY,IAAI,KAAK;AAC5C,YAAI,WAAW;AACb,iBAAO;AAAA,QACT;AAAA,MACF;AAGA,UAAI,KAAK,aAAa;AACpB,YAAI;AACF,gBAAM,MAAM,KAAK,cAAc,KAAK;AACpC,gBAAM,SAAS,MAAM,KAAK,YAAY,IAAI,GAAG;AAE7C,cAAI,QAAQ;AACV,kBAAM,SAAsB,OAAO,WAAW,WAAW,KAAK,MAAM,MAAM,IAAI;AAE9E,gBAAI,CAAC,KAAK,QAAQ,mBAAmB;AACnC,mBAAK,YAAY,IAAI,OAAO,MAAM;AAAA,YACpC;AAEA,mBAAO;AAAA,UACT;AAAA,QACF,SAAS,OAAO;AACd,kBAAQ,MAAM,+BAA+B,KAAK;AAAA,QACpD;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAGQ,iBAAiB,OAAO,OAAe,OAAe,cAAqC;AACjG,UAAM,cAA2B,EAAE,OAAO,UAAU;AAGpD,SAAK,YAAY,IAAI,OAAO,WAAW;AAEvC,QAAI,KAAK,QAAQ,aAAa,UAAU;AACtC;AAAA,IACF;AAGA,QAAI,KAAK,QAAQ,aAAa,WAAW,KAAK,aAAa;AACzD,UAAI;AACF,cAAM,MAAM,KAAK,cAAc,KAAK;AACpC,cAAM,MAAM,YAAY,KAAK,IAAI;AAEjC,cAAM,KAAK,YAAY,IAAI,KAAK,KAAK,UAAU,WAAW,GAAG;AAAA,UAC3D,IAAI;AAAA;AAAA,QACN,CAAC;AAAA,MACH,SAAS,OAAO;AACd,gBAAQ,MAAM,+BAA+B,KAAK;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,qBAAqB,OAAO,UAA0C;AACpE,UAAM,SAAS,MAAM,KAAK,eAAe,KAAK;AAC9C,UAAM,MAAM,KAAK,IAAI;AAErB,QAAI,UAAU,OAAO,YAAY,MAAM,KAAK,QAAQ,qBAAqB;AACvE,aAAO,OAAO;AAAA,IAChB;AAEA,UAAM,UAAU,KAAK,cAAc,IAAI,KAAK;AAC5C,QAAI,SAAS;AACX,aAAO;AAAA,IACT;AAEA,UAAM,eAAe,KAAK,sBAAsB,KAAK;AACrD,SAAK,cAAc,IAAI,OAAO,YAAY;AAE1C,QAAI;AACF,YAAM,QAAQ,MAAM;AACpB,aAAO;AAAA,IACT,UAAE;AACA,WAAK,cAAc,OAAO,KAAK;AAAA,IACjC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,wBAAwB,OAAO,UAA0C;AAC/E,QAAI;AACF,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,SAAS,sBAAsB;AACrC,YAAM,WAAW,YAAY,MAAM;AAEnC,YAAM,gBAAgB,MAAM,SAAS,YAAY,OAAO,WAAW,OAAO;AAAA,QACxE,WAAW,KAAK,QAAQ;AAAA,MAC1B,CAAC;AAED,YAAM,YAAY,MAAM,KAAK,QAAQ;AACrC,YAAM,KAAK,eAAe,OAAO,cAAc,OAAO,SAAS;AAE/D,aAAO,cAAc;AAAA,IACvB,SAAS,OAAO;AACd,cAAQ,MAAM,wCAAwC,KAAK;AAC3D,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,aAAa,OAAO,UAAkC;AACpD,QAAI,OAAO;AACT,WAAK,YAAY,OAAO,KAAK;AAAA,IAC/B,OAAO;AACL,WAAK,YAAY,MAAM;AAAA,IACzB;AAEA,QAAI,KAAK,QAAQ,aAAa,WAAW,KAAK,aAAa;AACzD,UAAI;AACF,YAAI,OAAO;AACT,gBAAM,MAAM,KAAK,cAAc,KAAK;AACpC,gBAAM,KAAK,YAAY,IAAI,GAAG;AAAA,QAChC;AAAA,MACF,SAAS,OAAO;AACd,gBAAQ,MAAM,kCAAkC,KAAK;AAAA,MACvD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,gBAIE;AACA,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,UAAU,MAAM,KAAK,KAAK,YAAY,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC,OAAO,MAAM,OAAO;AAAA,MAC/E;AAAA,MACA,WAAW,KAAK,IAAI,GAAG,OAAO,YAAY,GAAG;AAAA,IAC/C,EAAE;AAEF,WAAO;AAAA,MACL,UAAU,KAAK,QAAQ;AAAA,MACvB,YAAY,KAAK,YAAY;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,QAAI,KAAK,aAAa;AACpB,WAAK,cAAc;AAAA,IACrB;AAAA,EACF;AACF;;;AC/OA,SAAS,0BAAwE;AAejF,IAAM,eAAe,OAAO,QAAmC,WAAqC;AAClG,QAAM,WAAgB,IAAI,IAAI,MAAM;AACpC,QAAM,SAAS,mBAAmB,QAAQ;AAE1C,SAAO,OAAO,MAAM;AAEtB;AAGA,IAAM,sBAAsB,OAC1B,OACA,YACyE;AACzE,QAAM,EAAE,MAAM,eAAe,OAAO,IAAI,cAAc,KAAK;AAE3D,MAAI,QAAQ;AACV,UAAM,OAAO,CAAC;AAAA,EAChB;AAEA,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,EAAE,IAAI,IAAI;AAEhB,MAAI,CAAC,KAAK;AACR,WAAO;AAAA,MACL,QAAQ;AAAA,QACN,IAAI,uBAAuB;AAAA,UACzB,QAAQ,6BAA6B;AAAA,UACrC,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACF,UAAM,uBAAuB,MAAM,aAAa,QAAQ,QAAQ,UAAU,EAAE;AAE5E,WAAO,MAAM,kBAAkB,OAAO,EAAE,GAAG,SAAS,KAAK,qBAAqB,CAAC;AAAA,EACjF,SAAS,OAAO;AACd,QAAI,iBAAiB,wBAAwB;AAC3C,aAAO,EAAE,QAAQ,CAAC,KAAK,EAAE;AAAA,IAC3B;AACA,WAAO;AAAA,MACL,QAAQ,CAAC,KAA+B;AAAA,IAC1C;AAAA,EACF;AACF;AAEO,IAAM,wBAAN,MAA4B;AAAA,EACjC,YAA6B,YAAwB;AAAxB;AAAA,EAA0B;AAAA,EAEhD,cAAc,OACnB,OACA,WACA,YACkC;AAClC,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,oBAAoB,OAAO,OAAO;AACjE,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AACF;;;AClEA,IAAM,WAAW;AAEjB,IAAM,WAAN,MAAe;AAAA,EACM;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,YAAwB,UAAmB,YAAsB;AACzE,SAAK,SAAS,IAAI,YAAY,UAAU;AACxC,SAAK,iBAAiB,IAAI;AAAA,MACtB,2BAA2B,YAAY,QAAQ;AAAA,IACnD;AACA,SAAK,wBAAwB,IAAI,sBAAsB,UAAU;AACjE,SAAK,aAAa;AAAA,EACtB;AAAA,EAEO,cAAc,CAAC,WAAmB,OAAe,YAA2D;AAC/G,WAAO,KAAK,eACP,kBAAkB,OAAO,OAAO,EAChC,KAAK,CAAC,gBAAgB;AACnB,aAAO,KAAK,OAAO,cAAc,EAAE,aAAa,WAAW,MAAM,CAAC;AAAA,IACtE,CAAC;AAAA,EACT;AAAA,EAEO,cAAc,OAAO,eAAuB,WAAmB,YAAyE;AAC3I,WAAO,KAAK,sBACP,YAAY,eAAe,WAAW,EAAE,QAAQ,UAAU,GAAG,QAAQ,CAAC,EACtE,KAAK,CAAC,iBAAiB;AACpB,aAAO;AAAA,QACH,OAAO,aAAa;AAAA,QACpB,OAAO;AAAA,MACX;AAAA,IACJ,CAAC;AAAA,EAET;AAEJ;AAGA,SAAS,YAAY,gBAAgC,UAAmB,YAAgC;AACpG,SAAO,IAAI,SAAS,IAAI,sBAAsB,cAAc,GAAG,UAAU,UAAU;AACvF;","names":["cert","verifyAppCheckToken"]}

package/dist/index.js CHANGED Viewed

@@ -1,9 +1,7 @@
 "use strict";
-var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/index.ts
@@ -1845,64 +1835,12 @@ var AppCheckTokenGenerator = class {
 // src/app-check/serverAppCheck.ts
 var import_redis = require("@upstash/redis");
-// src/utils/admin-init.ts
-var import_firebase_admin = __toESM(require("firebase-admin"));
-var import_app_check = require("firebase-admin/app-check");
 // src/utils/config.ts
 var loadAdminConfig = () => ({
   projectId: process.env.FIREBASE_PROJECT_ID || "",
   clientEmail: process.env.FIREBASE_CLIENT_EMAIL || "",
   privateKey: process.env.FIREBASE_PRIVATE_KEY || ""
 });
-var validateAdminConfig = (config) => {
-  const requiredFields = [
-    "projectId",
-    "clientEmail",
-    "privateKey"
-  ];
-  const errors = [];
-  requiredFields.forEach((field) => {
-    if (!config[field]) {
-      errors.push(`Missing required field: FIREBASE_${String(field).toUpperCase()}`);
-    }
-  });
-  return {
-    isValid: errors.length === 0,
-    errors,
-    config
-  };
-};
-var initializeAdminConfig = () => {
-  const config = loadAdminConfig();
-  const validationResult = validateAdminConfig(config);
-  if (!validationResult.isValid) {
-    throw new Error(
-      `Firebase Admin configuration validation failed:
-${validationResult.errors.join("\n")}`
-    );
-  }
-  return config;
-};
-// src/utils/admin-init.ts
-if (!import_firebase_admin.default.apps.length) {
-  try {
-    const config = initializeAdminConfig();
-    import_firebase_admin.default.initializeApp({
-      credential: import_firebase_admin.default.credential.cert({
-        ...config,
-        privateKey: config.privateKey.replace(/\\n/g, "\n")
-      })
-    });
-  } catch (error) {
-    console.error("Firebase admin initialization error", error);
-  }
-}
-var adminTernSecureAuth = import_firebase_admin.default.auth();
-var adminTernSecureDb = import_firebase_admin.default.firestore();
-var TernSecureTenantManager = import_firebase_admin.default.auth().tenantManager();
-var appCheckAdmin = (0, import_app_check.getAppCheck)();
 // src/app-check/verifier.ts
 var import_jose6 = require("jose");
@@ -1982,7 +1920,7 @@ var AppCheck = class {
     });
   };
 };
-function getAppCheck2(serviceAccount, tenantId, limitedUse) {
+function getAppCheck(serviceAccount, tenantId, limitedUse) {
   return new AppCheck(new ServiceAccountManager(serviceAccount), tenantId, limitedUse);
 }
@@ -2089,7 +2027,7 @@ function getAuth(options) {
   async function createAppCheckToken() {
     const adminConfig = loadAdminConfig();
     const appId = process.env.NEXT_PUBLIC_FIREBASE_APP_ID || "";
-    const appCheck = getAppCheck2(adminConfig, options.tenantId);
+    const appCheck = getAppCheck(adminConfig, options.tenantId);
     try {
       const appCheckResponse = await appCheck.createToken(adminConfig.projectId, appId);
       return {
@@ -2105,7 +2043,7 @@ function getAuth(options) {
   }
   async function verifyAppCheckToken2(token) {
     const adminConfig = loadAdminConfig();
-    const appCheck = getAppCheck2(adminConfig, options.tenantId);
+    const appCheck = getAppCheck(adminConfig, options.tenantId);
     try {
       const decodedToken = await appCheck.verifyToken(token, adminConfig.projectId, {});
       return {