@umituz/react-native-firebase 2.6.1 → 2.6.3

package/src/domains/account-deletion/infrastructure/services/AccountDeletionRepository_part_ab

@@ -0,0 +1,116 @@
+  }
+
+  /**
+   * Get account creation time
+   */
+  getCreationTime(user: User): Date | null {
+    if (!user.metadata.creationTime) {
+      return null;
+    }
+    return new Date(user.metadata.creationTime);
+  }
+
+  /**
+   * Get last sign-in time
+   */
+  getLastSignInTime(user: User): Date | null {
+    if (!user.metadata.lastSignInTime) {
+      return null;
+    }
+    return new Date(user.metadata.lastSignInTime);
+  }
+
+  /**
+   * Check if account is new (created within specified days)
+   */
+  isAccountNew(user: User, maxAgeDays: number = 1): boolean {
+    const creationTime = this.getCreationTime(user);
+    if (!creationTime) return false;
+
+    const ageMs = Date.now() - creationTime.getTime();
+    const maxAgeMs = maxAgeDays * 24 * 60 * 60 * 1000;
+
+    return ageMs <= maxAgeMs;
+  }
+
+  /**
+   * Check if user recently signed in
+   */
+  isRecentSignIn(user: User, maxAgeMinutes: number = 5): boolean {
+    const lastSignIn = this.getLastSignInTime(user);
+    if (!lastSignIn) return false;
+
+    const timeSinceSignIn = Date.now() - lastSignIn.getTime();
+    const maxAgeMs = maxAgeMinutes * 60 * 1000;
+
+    return timeSinceSignIn <= maxAgeMs;
+  }
+
+  /**
+   * Mark user as deleted in database
+   * Separate method for flexibility
+   */
+  async markUserDeleted(userId: string): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Marking user as deleted', { userId });
+
+      const marked = await markUserDeleted(userId);
+      if (!marked) {
+        this.logError('Failed to mark user as deleted in database');
+      }
+
+      return successResult();
+    }, 'account-deletion/mark-failed');
+  }
+
+  /**
+   * Cleanup user data
+   * Override in subclass for custom cleanup logic
+   */
+  protected async cleanupUserData(userId: string): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Cleaning up user data', { userId });
+      // Override in subclass for custom cleanup
+      return successResult();
+    }, 'account-deletion/cleanup-failed');
+  }
+
+  /**
+   * Complete deletion with cleanup
+   * Deletes account and cleans up user data
+   */
+  async deleteWithCleanup(user: User): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Starting deletion with cleanup', { userId: user.uid });
+
+      // Delete account (includes marking document as deleted)
+      const deleteResult = await this.deleteAccount(user);
+      if (!deleteResult.success) {
+        return deleteResult;
+      }
+
+      // Cleanup additional user data
+      const cleanupResult = await this.cleanupUserData(user.uid);
+      if (!cleanupResult.success) {
+        this.logError('Cleanup failed, but account was deleted', {
+          userId: user.uid,
+          error: cleanupResult.error,
+        });
+      }
+
+      this.log('Deletion with cleanup completed', { userId: user.uid });
+    }, 'account-deletion/complete-failed');
+  }
+}
+
+/**
+ * Factory function to create account deletion repository
+ */
+export function createAccountDeletionRepository(): AccountDeletionRepository {
+  return new AccountDeletionRepository();
+}
+
+/**
+ * Default singleton instance
+ */
+export const accountDeletionRepository = createAccountDeletionRepository();

package/src/domains/account-deletion/infrastructure/services/reauthentication.service_part_aa

@@ -0,0 +1,150 @@
+/**
+ * Reauthentication Service
+ * Handles Firebase Auth reauthentication for sensitive operations
+ */
+
+import {
+  reauthenticateWithCredential,
+  GoogleAuthProvider,
+  OAuthProvider,
+  EmailAuthProvider,
+  type User,
+} from "firebase/auth";
+import { Platform } from "react-native";
+
+/**
+ * Lazy-loads expo-apple-authentication (optional peer dependency).
+ * Returns null if the package is not installed.
+ */
+function getAppleAuthModule(): typeof import("expo-apple-authentication") | null {
+  try {
+    // Dynamic require needed for optional peer dependency
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    return require("expo-apple-authentication");
+  } catch {
+    return null;
+  }
+}
+import { generateNonce, hashNonce } from "../../../auth/infrastructure/services/crypto.util";
+import { executeOperation, failureResultFrom, toErrorInfo, ERROR_MESSAGES } from "../../../../shared/domain/utils";
+import { isCancelledError } from "../../../../shared/domain/utils/error-handlers/error-checkers";
+import type {
+  ReauthenticationResult,
+  AuthProviderType,
+  ReauthCredentialResult
+} from "../../application/ports/reauthentication.types";
+
+/**
+ * Validates email format
+ */
+function isValidEmail(email: string): boolean {
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  return emailRegex.test(email);
+}
+
+/**
+ * Validates password (Firebase minimum is 6 characters)
+ */
+function isValidPassword(password: string): boolean {
+  return password.length >= 6;
+}
+
+export function getUserAuthProvider(user: User): AuthProviderType {
+  if (user.isAnonymous) return "anonymous";
+  const data = user.providerData;
+  if (!data?.length) return "unknown";
+  if (data.find(p => p.providerId === "google.com")) return "google.com";
+  if (data.find(p => p.providerId === "apple.com")) return "apple.com";
+  if (data.find(p => p.providerId === "password")) return "password";
+  return "unknown";
+}
+
+export async function reauthenticateWithGoogle(user: User, idToken: string): Promise<ReauthenticationResult> {
+  return executeOperation(async () => {
+    await reauthenticateWithCredential(user, GoogleAuthProvider.credential(idToken));
+  });
+}
+
+export async function reauthenticateWithPassword(user: User, pass: string): Promise<ReauthenticationResult> {
+  const email = user.email;
+  if (!email) {
+    return failureResultFrom("auth/no-email", ERROR_MESSAGES.AUTH.NO_USER);
+  }
+
+  // FIX: Add email validation
+  if (!isValidEmail(email)) {
+    return failureResultFrom("auth/invalid-email", ERROR_MESSAGES.AUTH.INVALID_EMAIL);
+  }
+
+  // FIX: Add password validation
+  if (!isValidPassword(pass)) {
+    return failureResultFrom("auth/invalid-password", ERROR_MESSAGES.AUTH.INVALID_PASSWORD);
+  }
+
+  return executeOperation(async () => {
+    await reauthenticateWithCredential(user, EmailAuthProvider.credential(email, pass));
+  });
+}
+
+export async function getAppleReauthCredential(): Promise<ReauthCredentialResult> {
+  if (Platform.OS !== "ios") {
+    return {
+      success: false,
+      error: { code: "auth/ios-only", message: "iOS only" }
+    };
+  }
+
+  const AppleAuthentication = getAppleAuthModule();
+  if (!AppleAuthentication) {
+    return {
+      success: false,
+      error: { code: "auth/unavailable", message: "expo-apple-authentication is not installed" }
+    };
+  }
+
+  try {
+    const isAvailable = await AppleAuthentication.isAvailableAsync();
+    if (!isAvailable) {
+      return {
+        success: false,
+        error: { code: "auth/unavailable", message: "Unavailable" }
+      };
+    }
+
+    const nonce = await generateNonce();
+    const hashed = await hashNonce(nonce);
+    const apple = await AppleAuthentication.signInAsync({
+      requestedScopes: [
+        AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
+        AppleAuthentication.AppleAuthenticationScope.EMAIL
+      ],
+      nonce: hashed,
+    });
+
+    if (!apple.identityToken) {
+      return {
+        success: false,
+        error: { code: "auth/no-token", message: "No token" }
+      };
+    }
+
+    const credential = new OAuthProvider("apple.com").credential({
+      idToken: apple.identityToken,
+      rawNonce: nonce
+    });
+
+    return {
+      success: true,
+      credential
+    };
+  } catch (error: unknown) {
+    const errorInfo = toErrorInfo(error, 'auth/failed');
+    const code = isCancelledError(errorInfo) ? "auth/cancelled" : errorInfo.code;
+    return {
+      success: false,
+      error: { code, message: errorInfo.message }
+    };
+  }
+}
+
+export async function reauthenticateWithApple(user: User): Promise<ReauthenticationResult> {

package/src/domains/account-deletion/infrastructure/services/reauthentication.service_part_ab

@@ -0,0 +1,10 @@
+  const res = await getAppleReauthCredential();
+  if (!res.success || !res.credential) {
+    return { success: false, error: res.error ?? { code: "auth/failed", message: "Failed to get credential" } };
+  }
+
+  const credential = res.credential;
+  return executeOperation(async () => {
+    await reauthenticateWithCredential(user, credential);
+  });
+}

package/src/domains/auth/infrastructure_part_aa

@@ -0,0 +1,150 @@
+/**
+ * Firebase Auth Infrastructure Layer
+ * Domain-Driven Design (DDD) - Infrastructure Exports
+ *
+ * Infrastructure implementation including:
+ * - Firebase Auth client configuration
+ * - Auth utilities and services
+ * - Social auth providers
+ * - Email/password authentication
+ * - User document management
+ */
+
+// =============================================================================
+// Firebase Auth Client
+// =============================================================================
+
+export {
+  getFirebaseAuth,
+  isFirebaseAuthInitialized,
+  getFirebaseAuthInitializationError,
+  resetFirebaseAuthClient,
+  firebaseAuthClient,
+  initializeFirebaseAuth,
+} from './infrastructure/config/FirebaseAuthClient';
+
+export type {
+  Auth,
+} from './infrastructure/config/FirebaseAuthClient';
+
+// =============================================================================
+// Auth Utilities
+// =============================================================================
+
+export {
+  checkAuthState,
+  isAuthenticated,
+  isAnonymous,
+  getCurrentUserId,
+  getCurrentUser,
+  getCurrentUserIdFromGlobal,
+  getCurrentUserFromGlobal,
+  isCurrentUserAuthenticated,
+  isCurrentUserAnonymous,
+  verifyUserId,
+  isValidUser,
+} from './infrastructure/services/auth-utils.service';
+
+export type {
+  AuthCheckResult,
+} from './infrastructure/services/auth-utils.service';
+
+// =============================================================================
+// Anonymous Auth Service
+// =============================================================================
+
+export {
+  AnonymousAuthService,
+  anonymousAuthService,
+} from './infrastructure/services/anonymous-auth.service';
+
+export type {
+  AnonymousAuthResult,
+  AnonymousAuthServiceInterface,
+} from './infrastructure/services/anonymous-auth.service';
+
+// =============================================================================
+// Firestore Utilities
+// =============================================================================
+
+export {
+  shouldSkipFirestoreQuery,
+  createFirestoreQueryOptions,
+} from './infrastructure/services/firestore-utils.service';
+
+export type {
+  FirestoreQueryOptions,
+  FirestoreQueryResult,
+  FirestoreQuerySkipReason,
+} from './infrastructure/services/firestore-utils.service';
+
+// =============================================================================
+// Social Auth Services
+// =============================================================================
+
+export {
+  GoogleAuthService,
+  googleAuthService,
+} from './infrastructure/services/google-auth.service';
+export type {
+  GoogleAuthConfig,
+  GoogleAuthResult,
+} from './infrastructure/services/google-auth.types';
+
+export {
+  GoogleOAuthService,
+  googleOAuthService,
+} from './infrastructure/services/google-oauth.service';
+export type {
+  GoogleOAuthConfig,
+} from './infrastructure/services/google-oauth.service';
+
+export {
+  AppleAuthService,
+  appleAuthService,
+} from './infrastructure/services/apple-auth.service';
+export type { AppleAuthResult } from './infrastructure/services/apple-auth.types';
+
+// =============================================================================
+// Email/Password Authentication
+// =============================================================================
+
+export {
+  signInWithEmail,
+  signUpWithEmail,
+  signOut,
+  linkAnonymousWithEmail,
+} from './infrastructure/services/email-auth.service';
+export type {
+  EmailCredentials,
+  EmailAuthResult,
+} from './infrastructure/services/email-auth.service';
+
+// =============================================================================
+// Password Management
+// =============================================================================
+
+export {
+  updateUserPassword,
+} from './infrastructure/services/password.service';
+
+// =============================================================================
+// Auth Listener
+// =============================================================================
+
+export {
+  setupAuthListener,
+} from './infrastructure/services/auth-listener.service';
+export type {
+  AuthListenerConfig,
+  AuthListenerResult,
+} from './infrastructure/services/auth-listener.service';
+
+// =============================================================================
+// User Document Service
+// =============================================================================
+
+export {
+  ensureUserDocument,
+  markUserDeleted,
+  configureUserDocumentService,

package/src/domains/auth/infrastructure_part_ab

@@ -0,0 +1,6 @@
+} from './infrastructure/services/user-document.service';
+export type {
+  UserDocumentUser,
+  UserDocumentConfig,
+  UserDocumentExtras,
+} from './infrastructure/services/user-document.types';

package/src/domains/auth/presentation/hooks/GoogleOAuthHookService_part_aa

@@ -0,0 +1,150 @@
+/**
+ * Google OAuth Hook Service
+ * Single Responsibility: Handle Google OAuth business logic
+ *
+ * Service class that manages Google OAuth flow.
+ * Separates business logic from React hook concerns.
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import type { Auth } from 'firebase/auth';
+import { googleOAuthService } from '../../infrastructure/services/google-oauth.service';
+import type { GoogleOAuthConfig } from '../../infrastructure/services/google-oauth.service';
+
+// Conditional import for expo-auth-session
+interface AuthSessionResponse {
+  type: string;
+  authentication?: { idToken?: string } | null;
+}
+
+interface ExpoAuthSessionModule {
+  useAuthRequest: (config: {
+    iosClientId: string;
+    webClientId: string;
+    androidClientId: string;
+  }) => [unknown, AuthSessionResponse | null, (() => Promise<AuthSessionResponse>) | null];
+}
+
+let ExpoAuthSession: ExpoAuthSessionModule | null = null;
+let isExpoAuthAvailable = false;
+
+try {
+  // eslint-disable-next-line @typescript-eslint/no-require-imports
+  ExpoAuthSession = require('expo-auth-session/providers/google') as ExpoAuthSessionModule;
+  isExpoAuthAvailable = true;
+} catch {
+  // expo-auth-session not available
+}
+
+/**
+ * Google OAuth hook service
+ * Manages OAuth flow, response handling, and errors
+ */
+export class GoogleOAuthHookService {
+  private config: GoogleOAuthConfig | undefined;
+  private authRequest: [unknown, AuthSessionResponse | null, (() => Promise<AuthSessionResponse>) | null];
+
+  constructor(config?: GoogleOAuthConfig) {
+    this.config = config;
+    this.authRequest = this.initAuthRequest();
+  }
+
+  /**
+   * Initialize auth request
+   * Uses expo-auth-session if available
+   */
+  private initAuthRequest(): [unknown, AuthSessionResponse | null, (() => Promise<AuthSessionResponse>) | null] {
+    if (!isExpoAuthAvailable || !ExpoAuthSession) {
+      return [null, null, null];
+    }
+
+    return ExpoAuthSession.useAuthRequest({
+      iosClientId: this.config?.iosClientId ?? '',
+      webClientId: this.config?.webClientId ?? '',
+      androidClientId: this.config?.androidClientId ?? '',
+    });
+  }
+
+  /**
+   * Check if Google OAuth is available
+   */
+  isAvailable(): boolean {
+    return isExpoAuthAvailable;
+  }
+
+  /**
+   * Check if Google OAuth is configured
+   */
+  isConfigured(): boolean {
+    return googleOAuthService.isConfigured(this.config);
+  }
+
+  /**
+   * Update configuration
+   */
+  updateConfig(config: GoogleOAuthConfig | undefined): void {
+    this.config = config;
+  }
+
+  /**
+   * Get auth request tuple
+   */
+  getAuthRequest(): [unknown, AuthSessionResponse | null, (() => Promise<AuthSessionResponse>) | null] {
+    return this.authRequest;
+  }
+
+  /**
+   * Handle OAuth response
+   * Called when expo-auth-session returns a response
+   */
+  async handleResponse(response: AuthSessionResponse | null, auth: Auth | null): Promise<void> {
+    if (!response) return;
+
+    if (response.type === 'success' && response.authentication?.idToken) {
+      if (!auth) {
+        throw new Error('Firebase Auth not initialized');
+      }
+
+      await googleOAuthService.signInWithOAuth(
+        auth,
+        this.config,
+        async () => response
+      );
+    } else if (response.type === 'error') {
+      throw new Error('Google authentication failed');
+    }
+  }
+
+  /**
+   * Sign in with Google
+   * Initiates OAuth flow and returns result
+   */
+  async signIn(auth: Auth | null): Promise<{ success: boolean; isNewUser?: boolean; error?: string }> {
+    if (!this.isAvailable()) {
+      const error = 'expo-auth-session is not available. Please install expo-auth-session and expo-web-browser.';
+      throw new Error(error);
+    }
+
+    if (!this.isConfigured()) {
+      const error = 'Google Sign-In is not configured. Please provide valid client IDs.';
+      throw new Error(error);
+    }
+
+    const [, , promptAsync] = this.authRequest;
+
+    if (!promptAsync) {
+      throw new Error('Google Sign-In not ready');
+    }
+
+    if (!auth) {
+      throw new Error('Firebase Auth not initialized');
+    }
+
+    return await googleOAuthService.signInWithOAuth(auth, this.config, promptAsync);
+  }
+
+  /**
+   * Validate OAuth state
+   */
+  validate(): { valid: boolean; error?: string } {

package/src/domains/auth/presentation/hooks/GoogleOAuthHookService_part_ab

@@ -0,0 +1,97 @@
+    if (!this.isAvailable()) {
+      return {
+        valid: false,
+        error: 'expo-auth-session is not available. Please install expo-auth-session and expo-web-browser.',
+      };
+    }
+
+    if (!this.isConfigured()) {
+      return {
+        valid: false,
+        error: 'Google Sign-In is not configured. Please provide valid client IDs.',
+      };
+    }
+
+    return { valid: true };
+  }
+
+  /**
+   * Get error message from error
+   */
+  getErrorMessage(error: unknown): string {
+    if (error instanceof Error) {
+      return error.message;
+    }
+    return 'Google sign-in failed';
+  }
+
+  /**
+   * Check if response is successful
+   */
+  isSuccessfulResponse(response: AuthSessionResponse | null): boolean {
+    return response?.type === 'success' && !!response.authentication?.idToken;
+  }
+
+  /**
+   * Check if response is error
+   */
+  isErrorResponse(response: AuthSessionResponse | null): boolean {
+    return response?.type === 'error';
+  }
+
+  /**
+   * Extract ID token from response
+   */
+  extractIdToken(response: AuthSessionResponse | null): string | null {
+    return response?.authentication?.idToken || null;
+  }
+
+  /**
+   * Create error result
+   */
+  createErrorResult(error: string): { success: false; error: string } {
+    return { success: false, error };
+  }
+
+  /**
+   * Check if auth request is ready
+   */
+  isReady(): boolean {
+    const [request, , promptAsync] = this.authRequest;
+    return request !== null && promptAsync !== null;
+  }
+
+  /**
+   * Get configuration
+   */
+  getConfig(): GoogleOAuthConfig | undefined {
+    return this.config;
+  }
+
+  /**
+   * Reset service state
+   */
+  reset(): void {
+    this.config = undefined;
+  }
+}
+
+/**
+ * Factory function to create Google OAuth hook service
+ */
+export function createGoogleOAuthHookService(config?: GoogleOAuthConfig): GoogleOAuthHookService {
+  return new GoogleOAuthHookService(config);
+}
+
+/**
+ * Check if expo-auth-session is available
+ * Useful for conditional rendering
+ */
+export function isExpoAuthSessionAvailable(): boolean {
+  return isExpoAuthAvailable;
+}
+
+/**
+ * Re-export types for convenience
+ */
+export type { AuthSessionResponse, ExpoAuthSessionModule };