@umituz/react-native-firebase 1.13.2 → 1.13.3

package/src/auth/infrastructure/services/account-deletion.service.ts

@@ -0,0 +1,250 @@
+/**
+ * Account Deletion Service
+ * Handles Firebase Auth account deletion operations with automatic reauthentication
+ *
+ * SOLID: Single Responsibility - Only handles account deletion
+ */
+
+import { deleteUser, type User } from "firebase/auth";
+import { getFirebaseAuth } from "../config/FirebaseAuthClient";
+import {
+  getUserAuthProvider,
+  reauthenticateWithApple,
+  type AuthProviderType,
+} from "./reauthentication.service";
+
+export interface AccountDeletionResult {
+  success: boolean;
+  error?: {
+    code: string;
+    message: string;
+    requiresReauth: boolean;
+  };
+}
+
+export interface AccountDeletionOptions {
+  /**
+   * Google ID token for reauthentication (required if user signed in with Google)
+   * This must be provided by the calling code after prompting user for Google sign-in
+   */
+  googleIdToken?: string;
+  /**
+   * If true, will attempt to reauthenticate with Apple automatically
+   * (shows Apple sign-in prompt to user)
+   */
+  autoReauthenticate?: boolean;
+}
+
+/**
+ * Delete the current user's Firebase Auth account
+ * Now with automatic reauthentication support for Apple Sign-In
+ * Note: This is irreversible and also signs out the user
+ */
+export async function deleteCurrentUser(
+  options: AccountDeletionOptions = { autoReauthenticate: true }
+): Promise<AccountDeletionResult> {
+  const auth = getFirebaseAuth();
+
+  if (!auth) {
+    return {
+      success: false,
+      error: {
+        code: "auth/not-initialized",
+        message: "Firebase Auth is not initialized",
+        requiresReauth: false,
+      },
+    };
+  }
+
+  const user = auth.currentUser;
+
+  if (!user) {
+    return {
+      success: false,
+      error: {
+        code: "auth/no-user",
+        message: "No user is currently signed in",
+        requiresReauth: false,
+      },
+    };
+  }
+
+  if (user.isAnonymous) {
+    return {
+      success: false,
+      error: {
+        code: "auth/anonymous-user",
+        message: "Cannot delete anonymous account",
+        requiresReauth: false,
+      },
+    };
+  }
+
+  // First attempt to delete
+  try {
+    await deleteUser(user);
+    return { success: true };
+  } catch (error) {
+    const firebaseError = error as { code?: string; message?: string };
+    const requiresReauth = firebaseError.code === "auth/requires-recent-login";
+
+    // If reauthentication is required and autoReauthenticate is enabled
+    if (requiresReauth && options.autoReauthenticate) {
+      const reauthResult = await attemptReauthenticationAndDelete(user, options);
+      if (reauthResult) {
+        return reauthResult;
+      }
+    }
+
+    return {
+      success: false,
+      error: {
+        code: firebaseError.code || "auth/unknown",
+        message: requiresReauth
+          ? "Please sign in again before deleting your account"
+          : firebaseError.message || "Failed to delete account",
+        requiresReauth,
+      },
+    };
+  }
+}
+
+/**
+ * Attempt to reauthenticate based on provider and then delete the account
+ */
+async function attemptReauthenticationAndDelete(
+  user: User,
+  options: AccountDeletionOptions
+): Promise<AccountDeletionResult | null> {
+  const provider = getUserAuthProvider(user);
+
+  // Handle Apple reauthentication
+  if (provider === "apple.com") {
+    const reauthResult = await reauthenticateWithApple(user);
+
+    if (reauthResult.success) {
+      // Retry deletion after successful reauthentication
+      try {
+        await deleteUser(user);
+        return { success: true };
+      } catch (deleteError) {
+        const firebaseError = deleteError as { code?: string; message?: string };
+        return {
+          success: false,
+          error: {
+            code: firebaseError.code || "auth/deletion-failed-after-reauth",
+            message: firebaseError.message || "Failed to delete account after reauthentication",
+            requiresReauth: false,
+          },
+        };
+      }
+    } else {
+      // Reauthentication failed
+      return {
+        success: false,
+        error: {
+          code: reauthResult.error?.code || "auth/reauthentication-failed",
+          message: reauthResult.error?.message || "Reauthentication failed",
+          requiresReauth: true,
+        },
+      };
+    }
+  }
+
+  // Handle Google reauthentication (requires ID token from caller)
+  if (provider === "google.com") {
+    // For Google, we need the caller to provide the ID token
+    // This is because we need to trigger Google Sign-In UI which must be done at the presentation layer
+    if (!options.googleIdToken) {
+      return {
+        success: false,
+        error: {
+          code: "auth/google-reauth-required",
+          message: "Please sign in with Google again to delete your account",
+          requiresReauth: true,
+        },
+      };
+    }
+
+    // If we have a Google ID token, reauthenticate with it
+    const { reauthenticateWithGoogle } = await import("./reauthentication.service");
+    const reauthResult = await reauthenticateWithGoogle(user, options.googleIdToken);
+
+    if (reauthResult.success) {
+      try {
+        await deleteUser(user);
+        return { success: true };
+      } catch (deleteError) {
+        const firebaseError = deleteError as { code?: string; message?: string };
+        return {
+          success: false,
+          error: {
+            code: firebaseError.code || "auth/deletion-failed-after-reauth",
+            message: firebaseError.message || "Failed to delete account after reauthentication",
+            requiresReauth: false,
+          },
+        };
+      }
+    } else {
+      return {
+        success: false,
+        error: {
+          code: reauthResult.error?.code || "auth/reauthentication-failed",
+          message: reauthResult.error?.message || "Google reauthentication failed",
+          requiresReauth: true,
+        },
+      };
+    }
+  }
+
+  // For other providers, return null to use the default error handling
+  return null;
+}
+
+/**
+ * Delete a specific user (must be the current user)
+ */
+export async function deleteUserAccount(
+  user: User
+): Promise<AccountDeletionResult> {
+  if (!user) {
+    return {
+      success: false,
+      error: {
+        code: "auth/no-user",
+        message: "No user provided",
+        requiresReauth: false,
+      },
+    };
+  }
+
+  if (user.isAnonymous) {
+    return {
+      success: false,
+      error: {
+        code: "auth/anonymous-user",
+        message: "Cannot delete anonymous account",
+        requiresReauth: false,
+      },
+    };
+  }
+
+  try {
+    await deleteUser(user);
+    return { success: true };
+  } catch (error) {
+    const firebaseError = error as { code?: string; message?: string };
+    const requiresReauth = firebaseError.code === "auth/requires-recent-login";
+
+    return {
+      success: false,
+      error: {
+        code: firebaseError.code || "auth/unknown",
+        message: requiresReauth
+          ? "Please sign in again before deleting your account"
+          : firebaseError.message || "Failed to delete account",
+        requiresReauth,
+      },
+    };
+  }
+}

package/src/auth/infrastructure/services/anonymous-auth.service.ts

@@ -0,0 +1,135 @@
+/**
+ * Anonymous Auth Service
+ * Service for managing anonymous/guest authentication
+ */
+
+import { signInAnonymously, type Auth, type User } from "firebase/auth";
+import { toAnonymousUser, type AnonymousUser } from "../../domain/entities/AnonymousUser";
+import { checkAuthState } from "./auth-utils.service";
+
+declare const __DEV__: boolean;
+
+export interface AnonymousAuthResult {
+  readonly user: User;
+  readonly anonymousUser: AnonymousUser;
+  readonly wasAlreadySignedIn: boolean;
+}
+
+export interface AnonymousAuthServiceInterface {
+  signInAnonymously(auth: Auth): Promise<AnonymousAuthResult>;
+  getCurrentAnonymousUser(auth: Auth | null): User | null;
+  isCurrentUserAnonymous(auth: Auth | null): boolean;
+}
+
+/**
+ * Anonymous Auth Service
+ * Handles anonymous authentication operations
+ */
+export class AnonymousAuthService implements AnonymousAuthServiceInterface {
+  /**
+   * Sign in anonymously
+   * IMPORTANT: Only signs in if NO user exists (preserves email/password sessions)
+   */
+  async signInAnonymously(auth: Auth): Promise<AnonymousAuthResult> {
+    if (!auth) {
+      throw new Error("Firebase Auth instance is required");
+    }
+
+    const currentUser = auth.currentUser;
+
+    // If user is already signed in with email/password, preserve that session
+    if (currentUser && !currentUser.isAnonymous) {
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        // eslint-disable-next-line no-console
+        console.log("[AnonymousAuthService] User already signed in with email/password, skipping anonymous auth");
+      }
+      // Return a "fake" anonymous result to maintain API compatibility
+      // The actual user is NOT anonymous
+      return {
+        user: currentUser,
+        anonymousUser: toAnonymousUser(currentUser),
+        wasAlreadySignedIn: true,
+      };
+    }
+
+    // If already signed in anonymously, return existing user
+    if (currentUser && currentUser.isAnonymous) {
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        // eslint-disable-next-line no-console
+        console.log("[AnonymousAuthService] User already signed in anonymously");
+      }
+      return {
+        user: currentUser,
+        anonymousUser: toAnonymousUser(currentUser),
+        wasAlreadySignedIn: true,
+      };
+    }
+
+    // No user exists, sign in anonymously
+    try {
+      const userCredential = await signInAnonymously(auth);
+      const anonymousUser = toAnonymousUser(userCredential.user);
+
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        // eslint-disable-next-line no-console
+        console.log("[AnonymousAuthService] Successfully signed in anonymously", { uid: anonymousUser.uid });
+      }
+
+      return {
+        user: userCredential.user,
+        anonymousUser,
+        wasAlreadySignedIn: false,
+      };
+    } catch (error) {
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        // eslint-disable-next-line no-console
+        console.error("[AnonymousAuthService] Failed to sign in anonymously", error);
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Get current anonymous user
+   */
+  getCurrentAnonymousUser(auth: Auth | null): User | null {
+    if (!auth) {
+      return null;
+    }
+
+    try {
+      const state = checkAuthState(auth);
+      if (state.isAnonymous && state.currentUser) {
+        return state.currentUser;
+      }
+      return null;
+    } catch (error) {
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        // eslint-disable-next-line no-console
+        console.error("[AnonymousAuthService] Error getting current anonymous user", error);
+      }
+      return null;
+    }
+  }
+
+  /**
+   * Check if current user is anonymous
+   */
+  isCurrentUserAnonymous(auth: Auth | null): boolean {
+    if (!auth) {
+      return false;
+    }
+
+    try {
+      return checkAuthState(auth).isAnonymous;
+    } catch (error) {
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        // eslint-disable-next-line no-console
+        console.error("[AnonymousAuthService] Error checking if user is anonymous", error);
+      }
+      return false;
+    }
+  }
+}
+
+export const anonymousAuthService = new AnonymousAuthService();

package/src/auth/infrastructure/services/apple-auth.service.ts

@@ -0,0 +1,146 @@
+/**
+ * Apple Auth Service
+ * Handles Apple Sign-In with Firebase Authentication
+ * Uses expo-apple-authentication for native Apple Sign-In
+ */
+
+import {
+  OAuthProvider,
+  signInWithCredential,
+  type Auth,
+  type UserCredential,
+} from "firebase/auth";
+import * as AppleAuthentication from "expo-apple-authentication";
+import * as Crypto from "expo-crypto";
+import { Platform } from "react-native";
+
+/**
+ * Apple Auth result
+ */
+export interface AppleAuthResult {
+  success: boolean;
+  userCredential?: UserCredential;
+  error?: string;
+  isNewUser?: boolean;
+}
+
+/**
+ * Apple Auth Service
+ * Provides Apple Sign-In functionality for Firebase (iOS only)
+ */
+export class AppleAuthService {
+  /**
+   * Check if Apple Sign-In is available
+   * Only available on iOS 13+
+   */
+  async isAvailable(): Promise<boolean> {
+    if (Platform.OS !== "ios") {
+      return false;
+    }
+
+    try {
+      return await AppleAuthentication.isAvailableAsync();
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Sign in with Apple
+   * Handles the complete Apple Sign-In flow
+   */
+  async signIn(auth: Auth): Promise<AppleAuthResult> {
+    try {
+      // Check availability
+      const isAvailable = await this.isAvailable();
+      if (!isAvailable) {
+        return {
+          success: false,
+          error: "Apple Sign-In is not available on this device",
+        };
+      }
+
+      // Generate nonce for security
+      const nonce = await this.generateNonce();
+      const hashedNonce = await Crypto.digestStringAsync(
+        Crypto.CryptoDigestAlgorithm.SHA256,
+        nonce,
+      );
+
+      // Request Apple Sign-In
+      const appleCredential = await AppleAuthentication.signInAsync({
+        requestedScopes: [
+          AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
+          AppleAuthentication.AppleAuthenticationScope.EMAIL,
+        ],
+        nonce: hashedNonce,
+      });
+
+      // Check for identity token
+      if (!appleCredential.identityToken) {
+        return {
+          success: false,
+          error: "No identity token received from Apple",
+        };
+      }
+
+      // Create Firebase credential
+      const provider = new OAuthProvider("apple.com");
+      const credential = provider.credential({
+        idToken: appleCredential.identityToken,
+        rawNonce: nonce,
+      });
+
+      // Sign in to Firebase
+      const userCredential = await signInWithCredential(auth, credential);
+
+      // Check if this is a new user
+      const isNewUser =
+        userCredential.user.metadata.creationTime ===
+        userCredential.user.metadata.lastSignInTime;
+
+      return {
+        success: true,
+        userCredential,
+        isNewUser,
+      };
+    } catch (error) {
+      // Handle user cancellation
+      if (
+        error instanceof Error &&
+        error.message.includes("ERR_CANCELED")
+      ) {
+        return {
+          success: false,
+          error: "Apple Sign-In was cancelled",
+        };
+      }
+
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Apple sign-in failed",
+      };
+    }
+  }
+
+  /**
+   * Generate a random nonce for Apple Sign-In security
+   */
+  private async generateNonce(length: number = 32): Promise<string> {
+    const randomBytes = await Crypto.getRandomBytesAsync(length);
+    const chars =
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    let result = "";
+
+    for (let i = 0; i < randomBytes.length; i++) {
+      result += chars.charAt(randomBytes[i] % chars.length);
+    }
+
+    return result;
+  }
+}
+
+/**
+ * Singleton instance
+ */
+export const appleAuthService = new AppleAuthService();

package/src/auth/infrastructure/services/auth-guard.service.ts

@@ -0,0 +1,97 @@
+/**
+ * Auth Guard Service
+ * Single Responsibility: Validate authenticated user access
+ *
+ * SOLID: Single Responsibility - Only handles auth validation
+ * Generic implementation for all React Native apps
+ */
+
+import { getFirebaseAuth } from '../config/FirebaseAuthClient';
+import {
+  getCurrentUserId,
+  getCurrentUser,
+} from './auth-utils.service';
+
+/**
+ * Auth Guard Service
+ * Provides authentication validation for protected operations
+ */
+export class AuthGuardService {
+  /**
+   * Check if user is authenticated (not guest)
+   * @throws Error if user is not authenticated
+   */
+  async requireAuthenticatedUser(): Promise<string> {
+    const auth = getFirebaseAuth();
+    if (!auth) {
+      throw new Error('Firebase Auth is not initialized');
+    }
+
+    const userId = getCurrentUserId(auth);
+    if (!userId) {
+      throw new Error('User must be authenticated to perform this action');
+    }
+
+    const currentUser = getCurrentUser(auth);
+    if (!currentUser) {
+      throw new Error('User must be authenticated to perform this action');
+    }
+
+    // Check if user is anonymous (guest)
+    if (currentUser.isAnonymous) {
+      throw new Error('Guest users cannot perform this action');
+    }
+
+    return userId;
+  }
+
+  /**
+   * Check if user is authenticated (not guest)
+   * Returns null if not authenticated instead of throwing
+   */
+  async getAuthenticatedUserId(): Promise<string | null> {
+    try {
+      return await this.requireAuthenticatedUser();
+    } catch {
+      return null;
+    }
+  }
+
+  /**
+   * Check if current user is authenticated (not guest)
+   */
+  isAuthenticated(): boolean {
+    const auth = getFirebaseAuth();
+    if (!auth) {
+      return false;
+    }
+
+    const currentUser = getCurrentUser(auth);
+    if (!currentUser) {
+      return false;
+    }
+
+    // User must not be anonymous
+    return !currentUser.isAnonymous;
+  }
+
+  /**
+   * Check if current user is guest (anonymous)
+   */
+  isGuest(): boolean {
+    const auth = getFirebaseAuth();
+    if (!auth) {
+      return false;
+    }
+
+    const currentUser = getCurrentUser(auth);
+    if (!currentUser) {
+      return false;
+    }
+
+    return currentUser.isAnonymous;
+  }
+}
+
+export const authGuardService = new AuthGuardService();
+