@umituz/react-native-firebase 1.13.1 → 1.13.3

package/src/auth/infrastructure/services/auth-utils.service.ts

@@ -0,0 +1,168 @@
+/**
+ * Auth Utils Service
+ * Single Responsibility: Provide utility functions for auth state checking
+ *
+ * SOLID: Single Responsibility - Only handles auth state utilities
+ */
+
+import type { Auth, User } from 'firebase/auth';
+import { getFirebaseAuth } from '../config/FirebaseAuthClient';
+
+/**
+ * Check if user is anonymous
+ */
+function isAnonymousUser(user: User): boolean {
+  return user.isAnonymous === true;
+}
+
+/**
+ * Auth check result interface
+ */
+export interface AuthCheckResult {
+  isAuthenticated: boolean;
+  isAnonymous: boolean;
+  isGuest: boolean;
+  currentUser: User | null;
+  userId: string | null;
+}
+
+/**
+ * Check authentication state
+ * Returns comprehensive auth state information
+ */
+export function checkAuthState(auth: Auth | null): AuthCheckResult {
+  if (!auth) {
+    return {
+      isAuthenticated: false,
+      isAnonymous: false,
+      isGuest: false,
+      currentUser: null,
+      userId: null,
+    };
+  }
+
+  const currentUser = auth.currentUser;
+
+  if (!currentUser) {
+    return {
+      isAuthenticated: false,
+      isAnonymous: false,
+      isGuest: false,
+      currentUser: null,
+      userId: null,
+    };
+  }
+
+  const anonymous = isAnonymousUser(currentUser);
+
+  return {
+    isAuthenticated: true,
+    isAnonymous: anonymous,
+    isGuest: anonymous,
+    currentUser,
+    userId: currentUser.uid,
+  };
+}
+
+/**
+ * Check if user is authenticated (including anonymous)
+ */
+export function isAuthenticated(auth: Auth | null): boolean {
+  return checkAuthState(auth).isAuthenticated;
+}
+
+/**
+ * Check if user is guest (anonymous)
+ */
+export function isGuest(auth: Auth | null): boolean {
+  return checkAuthState(auth).isGuest;
+}
+
+/**
+ * Get current user ID (null if not authenticated)
+ */
+export function getCurrentUserId(auth: Auth | null): string | null {
+  return checkAuthState(auth).userId;
+}
+
+/**
+ * Get current user (null if not authenticated)
+ */
+export function getCurrentUser(auth: Auth | null): User | null {
+  return checkAuthState(auth).currentUser;
+}
+
+/**
+ * Get current authenticated user ID from global auth instance
+ * Convenience function that uses getFirebaseAuth()
+ */
+export function getCurrentUserIdFromGlobal(): string | null {
+  const auth = getFirebaseAuth();
+  return getCurrentUserId(auth);
+}
+
+/**
+ * Get current user from global auth instance
+ * Convenience function that uses getFirebaseAuth()
+ */
+export function getCurrentUserFromGlobal(): User | null {
+  const auth = getFirebaseAuth();
+  return getCurrentUser(auth);
+}
+
+/**
+ * Check if current user is authenticated (including anonymous)
+ * Convenience function that uses getFirebaseAuth()
+ */
+export function isCurrentUserAuthenticated(): boolean {
+  const auth = getFirebaseAuth();
+  return isAuthenticated(auth);
+}
+
+/**
+ * Check if current user is guest (anonymous)
+ * Convenience function that uses getFirebaseAuth()
+ */
+export function isCurrentUserGuest(): boolean {
+  const auth = getFirebaseAuth();
+  return isGuest(auth);
+}
+
+/**
+ * Verify userId matches current authenticated user
+ */
+export function verifyUserId(auth: Auth | null, userId: string): boolean {
+  if (!auth || !userId) {
+    return false;
+  }
+
+  try {
+    const state = checkAuthState(auth);
+    return state.isAuthenticated && state.userId === userId;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Get safe user ID (null if not authenticated)
+ */
+export function getSafeUserId(auth: Auth | null): string | null {
+  if (!auth) {
+    return null;
+  }
+
+  try {
+    return getCurrentUserId(auth);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Check if user exists and is valid
+ */
+export function isValidUser(user: User | null | undefined): user is User {
+  return user !== null && user !== undefined && typeof user.uid === 'string' && user.uid.length > 0;
+}
+

package/src/auth/infrastructure/services/firestore-utils.service.ts

@@ -0,0 +1,155 @@
+/**
+ * Firestore Utilities
+ * Centralized utilities for Firestore operations with anonymous user support
+ */
+
+import type { Auth } from "firebase/auth";
+import { checkAuthState, verifyUserId } from "./auth-utils.service";
+
+declare const __DEV__: boolean;
+
+export interface FirestoreQueryOptions {
+  /**
+   * Skip query if user is anonymous/guest
+   * Default: true (guest users don't have Firestore data)
+   */
+  readonly skipForGuest?: boolean;
+
+  /**
+   * Skip query if user is not authenticated
+   * Default: true
+   */
+  readonly skipIfNotAuthenticated?: boolean;
+
+  /**
+   * Verify userId matches current user
+   * Default: true
+   */
+  readonly verifyUserId?: boolean;
+
+  /**
+   * User ID to verify (required if verifyUserId is true)
+   */
+  readonly userId?: string;
+}
+
+export type FirestoreQuerySkipReason =
+  | "not_authenticated"
+  | "is_guest"
+  | "user_id_mismatch"
+  | "no_auth"
+  | "invalid_options";
+
+export interface FirestoreQueryResult {
+  readonly shouldSkip: boolean;
+  readonly reason?: FirestoreQuerySkipReason;
+  readonly userId: string | null;
+  readonly isGuest: boolean;
+  readonly isAuthenticated: boolean;
+}
+
+/**
+ * Check if Firestore query should be skipped
+ * Centralized logic for all Firestore operations
+ */
+export function shouldSkipFirestoreQuery(
+  auth: Auth | null,
+  options: FirestoreQueryOptions = {},
+): FirestoreQueryResult {
+  const {
+    skipForGuest = true,
+    skipIfNotAuthenticated = true,
+    verifyUserId: shouldVerify = true,
+    userId,
+  } = options;
+
+  try {
+    // No auth available
+    if (!auth) {
+      return {
+        shouldSkip: true,
+        reason: "no_auth",
+        userId: null,
+        isGuest: false,
+        isAuthenticated: false,
+      };
+    }
+
+    // Check auth state
+    const authState = checkAuthState(auth);
+
+    // Not authenticated
+    if (!authState.isAuthenticated) {
+      if (skipIfNotAuthenticated) {
+        return {
+          shouldSkip: true,
+          reason: "not_authenticated",
+          userId: null,
+          isGuest: false,
+          isAuthenticated: false,
+        };
+      }
+    }
+
+    // Guest/anonymous user
+    if (authState.isGuest) {
+      if (skipForGuest) {
+        return {
+          shouldSkip: true,
+          reason: "is_guest",
+          userId: authState.userId,
+          isGuest: true,
+          isAuthenticated: false,
+        };
+      }
+    }
+
+    // Verify userId if provided
+    if (shouldVerify && userId) {
+      if (!verifyUserId(auth, userId)) {
+        return {
+          shouldSkip: true,
+          reason: "user_id_mismatch",
+          userId: authState.userId,
+          isGuest: authState.isGuest,
+          isAuthenticated: authState.isAuthenticated,
+        };
+      }
+    }
+
+    // Don't skip
+    return {
+      shouldSkip: false,
+      userId: authState.userId,
+      isGuest: authState.isGuest,
+      isAuthenticated: authState.isAuthenticated,
+    };
+  } catch (error) {
+    if (typeof __DEV__ !== "undefined" && __DEV__) {
+      // eslint-disable-next-line no-console
+      console.error("[FirestoreUtils] Error checking if query should be skipped", error);
+    }
+
+    return {
+      shouldSkip: true,
+      reason: "invalid_options",
+      userId: null,
+      isGuest: false,
+      isAuthenticated: false,
+    };
+  }
+}
+
+/**
+ * Create safe query options with defaults
+ */
+export function createFirestoreQueryOptions(
+  options: Partial<FirestoreQueryOptions> = {},
+): FirestoreQueryOptions {
+  return {
+    skipForGuest: options.skipForGuest ?? true,
+    skipIfNotAuthenticated: options.skipIfNotAuthenticated ?? true,
+    verifyUserId: options.verifyUserId ?? true,
+    userId: options.userId,
+  };
+}

package/src/auth/infrastructure/services/google-auth.service.ts

@@ -0,0 +1,100 @@
+/**
+ * Google Auth Service
+ * Handles Google Sign-In with Firebase Authentication
+ * Uses expo-auth-session for OAuth flow
+ */
+
+import {
+  GoogleAuthProvider,
+  signInWithCredential,
+  type Auth,
+  type UserCredential,
+} from "firebase/auth";
+
+/**
+ * Google Auth configuration
+ */
+export interface GoogleAuthConfig {
+  webClientId?: string;
+  iosClientId?: string;
+  androidClientId?: string;
+}
+
+/**
+ * Google Auth result
+ */
+export interface GoogleAuthResult {
+  success: boolean;
+  userCredential?: UserCredential;
+  error?: string;
+  isNewUser?: boolean;
+}
+
+/**
+ * Google Auth Service
+ * Provides Google Sign-In functionality for Firebase
+ */
+export class GoogleAuthService {
+  private config: GoogleAuthConfig | null = null;
+
+  /**
+   * Configure Google Auth with client IDs
+   */
+  configure(config: GoogleAuthConfig): void {
+    this.config = config;
+  }
+
+  /**
+   * Check if Google Auth is configured
+   */
+  isConfigured(): boolean {
+    return (
+      this.config !== null &&
+      (!!this.config.webClientId ||
+        !!this.config.iosClientId ||
+        !!this.config.androidClientId)
+    );
+  }
+
+  /**
+   * Get the current configuration
+   */
+  getConfig(): GoogleAuthConfig | null {
+    return this.config;
+  }
+
+  /**
+   * Sign in with Google ID token
+   * Called after successful Google OAuth flow
+   */
+  async signInWithIdToken(
+    auth: Auth,
+    idToken: string,
+  ): Promise<GoogleAuthResult> {
+    try {
+      const credential = GoogleAuthProvider.credential(idToken);
+      const userCredential = await signInWithCredential(auth, credential);
+
+      // Check if this is a new user
+      const isNewUser =
+        userCredential.user.metadata.creationTime ===
+        userCredential.user.metadata.lastSignInTime;
+
+      return {
+        success: true,
+        userCredential,
+        isNewUser,
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Google sign-in failed",
+      };
+    }
+  }
+}
+
+/**
+ * Singleton instance
+ */
+export const googleAuthService = new GoogleAuthService();

package/src/auth/infrastructure/services/reauthentication.service.ts

@@ -0,0 +1,216 @@
+/**
+ * Reauthentication Service
+ * Handles Firebase Auth reauthentication for sensitive operations
+ *
+ * SOLID: Single Responsibility - Only handles reauthentication
+ */
+
+import {
+  reauthenticateWithCredential,
+  GoogleAuthProvider,
+  OAuthProvider,
+  type User,
+  type AuthCredential,
+} from "firebase/auth";
+import * as AppleAuthentication from "expo-apple-authentication";
+import * as Crypto from "expo-crypto";
+import { Platform } from "react-native";
+
+export interface ReauthenticationResult {
+  success: boolean;
+  error?: {
+    code: string;
+    message: string;
+  };
+}
+
+export type AuthProviderType = "google.com" | "apple.com" | "password" | "anonymous" | "unknown";
+
+/**
+ * Get the primary auth provider for a user
+ */
+export function getUserAuthProvider(user: User): AuthProviderType {
+  if (user.isAnonymous) {
+    return "anonymous";
+  }
+
+  const providerData = user.providerData;
+  if (!providerData || providerData.length === 0) {
+    return "unknown";
+  }
+
+  // Check for Google
+  const googleProvider = providerData.find((p) => p.providerId === "google.com");
+  if (googleProvider) {
+    return "google.com";
+  }
+
+  // Check for Apple
+  const appleProvider = providerData.find((p) => p.providerId === "apple.com");
+  if (appleProvider) {
+    return "apple.com";
+  }
+
+  // Check for password
+  const passwordProvider = providerData.find((p) => p.providerId === "password");
+  if (passwordProvider) {
+    return "password";
+  }
+
+  return "unknown";
+}
+
+/**
+ * Reauthenticate with Google
+ */
+export async function reauthenticateWithGoogle(
+  user: User,
+  idToken: string
+): Promise<ReauthenticationResult> {
+  try {
+    const credential = GoogleAuthProvider.credential(idToken);
+    await reauthenticateWithCredential(user, credential);
+    return { success: true };
+  } catch (error) {
+    const firebaseError = error as { code?: string; message?: string };
+    return {
+      success: false,
+      error: {
+        code: firebaseError.code || "auth/reauthentication-failed",
+        message: firebaseError.message || "Google reauthentication failed",
+      },
+    };
+  }
+}
+
+/**
+ * Generate a random nonce for Apple Sign-In security
+ */
+async function generateNonce(length: number = 32): Promise<string> {
+  const randomBytes = await Crypto.getRandomBytesAsync(length);
+  const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  let result = "";
+
+  for (let i = 0; i < randomBytes.length; i++) {
+    result += chars.charAt(randomBytes[i] % chars.length);
+  }
+
+  return result;
+}
+
+/**
+ * Reauthenticate with Apple
+ * Returns the credential that can be used for reauthentication
+ */
+export async function getAppleReauthCredential(): Promise<{
+  success: boolean;
+  credential?: AuthCredential;
+  error?: { code: string; message: string };
+}> {
+  if (Platform.OS !== "ios") {
+    return {
+      success: false,
+      error: {
+        code: "auth/platform-not-supported",
+        message: "Apple Sign-In is only available on iOS",
+      },
+    };
+  }
+
+  try {
+    const isAvailable = await AppleAuthentication.isAvailableAsync();
+    if (!isAvailable) {
+      return {
+        success: false,
+        error: {
+          code: "auth/apple-signin-unavailable",
+          message: "Apple Sign-In is not available on this device",
+        },
+      };
+    }
+
+    // Generate nonce
+    const nonce = await generateNonce();
+    const hashedNonce = await Crypto.digestStringAsync(
+      Crypto.CryptoDigestAlgorithm.SHA256,
+      nonce
+    );
+
+    // Request Apple Sign-In
+    const appleCredential = await AppleAuthentication.signInAsync({
+      requestedScopes: [
+        AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
+        AppleAuthentication.AppleAuthenticationScope.EMAIL,
+      ],
+      nonce: hashedNonce,
+    });
+
+    if (!appleCredential.identityToken) {
+      return {
+        success: false,
+        error: {
+          code: "auth/no-identity-token",
+          message: "No identity token received from Apple",
+        },
+      };
+    }
+
+    // Create Firebase credential
+    const provider = new OAuthProvider("apple.com");
+    const credential = provider.credential({
+      idToken: appleCredential.identityToken,
+      rawNonce: nonce,
+    });
+
+    return { success: true, credential };
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("ERR_CANCELED")) {
+      return {
+        success: false,
+        error: {
+          code: "auth/cancelled",
+          message: "Apple Sign-In was cancelled",
+        },
+      };
+    }
+
+    return {
+      success: false,
+      error: {
+        code: "auth/apple-reauthentication-failed",
+        message: error instanceof Error ? error.message : "Apple reauthentication failed",
+      },
+    };
+  }
+}
+
+/**
+ * Reauthenticate with Apple
+ */
+export async function reauthenticateWithApple(user: User): Promise<ReauthenticationResult> {
+  const result = await getAppleReauthCredential();
+  
+  if (!result.success || !result.credential) {
+    return {
+      success: false,
+      error: result.error || {
+        code: "auth/no-credential",
+        message: "Failed to get Apple credential",
+      },
+    };
+  }
+
+  try {
+    await reauthenticateWithCredential(user, result.credential);
+    return { success: true };
+  } catch (error) {
+    const firebaseError = error as { code?: string; message?: string };
+    return {
+      success: false,
+      error: {
+        code: firebaseError.code || "auth/reauthentication-failed",
+        message: firebaseError.message || "Apple reauthentication failed",
+      },
+    };
+  }
+}