@umituz/react-native-firebase 3.0.3 → 3.0.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@umituz/react-native-firebase",
-  "version": "3.0.3",
+  "version": "3.0.5",
   "description": "Unified Firebase package for React Native apps - Auth and Firestore services using Firebase JS SDK (no native modules).",
   "main": "./src/index.ts",
   "types": "./src/index.ts",
@@ -60,6 +60,9 @@
     "@react-native-async-storage/async-storage": "^2.2.0",
     "@react-native-community/datetimepicker": "^8.6.0",
     "@react-native-community/slider": "^5.1.1",
+    "@react-navigation/bottom-tabs": "^7.9.0",
+    "@react-navigation/native": "^7.1.26",
+    "@react-navigation/stack": "^7.6.13",
     "@tanstack/query-async-storage-persister": "^5.66.7",
     "@tanstack/react-query": "^5.66.7",
     "@tanstack/react-query-persist-client": "^5.66.7",
@@ -102,6 +105,9 @@
     "typescript": "~5.9.2",
     "zustand": "^5.0.3"
   },
+  "optionalDependencies": {
+    "firebase-admin": "^13.0.2"
+  },
   "publishConfig": {
     "access": "public"
   },

package/src/domains/account-deletion/index.ts

@@ -1,23 +1,28 @@
 /**
  * Account Deletion Domain
  * Handles Firebase account deletion with reauthentication
- *
- * Domain-Driven Design (DDD) Architecture
  */
 
-export type {
-  AccountDeletionOptions,
-  ReauthenticationResult,
-  AuthProviderType,
-  ReauthCredentialResult,
-} from './application/ports/reauthentication.types';
-
 export {
   deleteCurrentUser,
   deleteUserAccount,
-  isDeletionInProgress,
 } from './infrastructure/services/account-deletion.service';
 
 export type {
   AccountDeletionResult,
 } from './infrastructure/services/account-deletion.service';
+
+export type {
+  AccountDeletionOptions,
+  ReauthenticationResult,
+  AuthProviderType,
+  ReauthCredentialResult,
+} from './application/ports/reauthentication.types';
+
+export {
+  getUserAuthProvider,
+  reauthenticateWithPassword,
+  reauthenticateWithGoogle,
+  reauthenticateWithApple,
+  getAppleReauthCredential,
+} from './infrastructure/services/reauthentication.service';

package/src/domains/account-deletion/infrastructure/services/account-deletion.service.ts

@@ -1,41 +1,241 @@
 /**
  * Account Deletion Service
  * Handles Firebase account deletion with reauthentication support
- *
- * Max lines: 150 (enforced for maintainability)
  */
 
-import type { User } from "firebase/auth";
+import { deleteUser, type User } from "firebase/auth";
+import { getFirebaseAuth } from "../../../auth/infrastructure/config/FirebaseAuthClient";
+import { markUserDeleted } from "../../../auth/infrastructure/services/user-document.service";
+import {
+  getUserAuthProvider,
+  reauthenticateWithApple,
+  reauthenticateWithPassword,
+  reauthenticateWithGoogle,
+} from "./reauthentication.service";
+import { successResult, type Result, toErrorInfo } from "../../../../shared/domain/utils";
 import type { AccountDeletionOptions } from "../../application/ports/reauthentication.types";
-import { accountDeletionExecutor } from "./AccountDeletionExecutor";
-import type { AccountDeletionResult } from "./AccountDeletionTypes";
+import { validateUserUnchanged } from "../../../auth/domain/utils/user-validation.util";
+
+export interface AccountDeletionResult extends Result<void> {
+  requiresReauth?: boolean;
+}
+
+// Operation lock to prevent concurrent deletion attempts
+let deletionInProgress = false;
 
 export async function deleteCurrentUser(
   options: AccountDeletionOptions = { autoReauthenticate: true }
 ): Promise<AccountDeletionResult> {
-  return accountDeletionExecutor.deleteCurrentUser(options);
-}
+  if (deletionInProgress) {
+    return {
+      success: false,
+      error: { code: "auth/operation-in-progress", message: "Account deletion already in progress" },
+      requiresReauth: false
+    };
+  }
 
-/**
- * Delete specific user account
- * Direct deletion without reauthentication
- *
- * @param user - User to delete
- * @returns Result of deletion operation
- */
-export async function deleteUserAccount(user: User | null): Promise<AccountDeletionResult> {
-  return accountDeletionExecutor.deleteUserAccount(user);
+  deletionInProgress = true;
+
+  try {
+    const auth = getFirebaseAuth();
+    const user = auth?.currentUser;
+
+    if (!auth || !user) {
+      return {
+        success: false,
+        error: { code: "auth/not-ready", message: "Auth not ready" },
+        requiresReauth: false
+      };
+    }
+
+    const originalUserId = user.uid;
+
+    if (user.isAnonymous) {
+      return {
+        success: false,
+        error: { code: "auth/anonymous", message: "Cannot delete anonymous" },
+        requiresReauth: false
+      };
+    }
+
+    const provider = getUserAuthProvider(user);
+
+    if (provider === "password" && options.autoReauthenticate && options.onPasswordRequired) {
+      const reauth = await attemptReauth(user, options, originalUserId);
+      if (reauth) {
+        return reauth;
+      }
+    }
+
+    try {
+      const validation = validateUserUnchanged(auth, originalUserId);
+      if (!('valid' in validation)) {
+        return {
+          success: false,
+          error: validation.error,
+          requiresReauth: false
+        };
+      }
+
+      const marked = await markUserDeleted(user.uid);
+      if (!marked && __DEV__) {
+        console.warn('[AccountDeletion] Failed to mark user document as deleted before account removal');
+      }
+      await deleteUser(user);
+      return successResult();
+    } catch (error: unknown) {
+      const errorInfo = toErrorInfo(error, 'auth/failed');
+      const code = errorInfo.code;
+      const message = errorInfo.message;
+
+      const hasCredentials = !!(options.password || options.googleIdToken);
+      const shouldReauth = options.autoReauthenticate === true || hasCredentials;
+
+      if (code === "auth/requires-recent-login" && shouldReauth) {
+        const reauth = await attemptReauth(user, options, originalUserId);
+        if (reauth) return reauth;
+      }
+
+      return {
+        success: false,
+        error: { code, message },
+        requiresReauth: code === "auth/requires-recent-login"
+      };
+    }
+  } finally {
+    deletionInProgress = false;
+  }
 }
 
-/**
- * Check if deletion is in progress
- * Useful for preventing concurrent deletion attempts
- *
- * @returns True if deletion is currently in progress
- */
-export function isDeletionInProgress(): boolean {
-  return accountDeletionExecutor.isDeletionInProgress();
+async function attemptReauth(user: User, options: AccountDeletionOptions, originalUserId?: string): Promise<AccountDeletionResult | null> {
+  if (originalUserId) {
+    const authInstance = getFirebaseAuth();
+    const validation = validateUserUnchanged(authInstance, originalUserId);
+    if (!('valid' in validation)) {
+      return {
+        success: false,
+        error: validation.error,
+        requiresReauth: false
+      };
+    }
+  }
+
+  const provider = getUserAuthProvider(user);
+
+  let res: { success: boolean; error?: { code?: string; message?: string } };
+
+  if (provider === "apple.com") {
+    res = await reauthenticateWithApple(user);
+  } else if (provider === "google.com") {
+    let googleToken = options.googleIdToken;
+    if (!googleToken && options.onGoogleReauthRequired) {
+      const token = await options.onGoogleReauthRequired();
+      if (!token) {
+        return {
+          success: false,
+          error: { code: "auth/google-reauth-cancelled", message: "Google reauth cancelled" },
+          requiresReauth: true
+        };
+      }
+      googleToken = token;
+    }
+    if (!googleToken) {
+      return {
+        success: false,
+        error: { code: "auth/google-reauth", message: "Google reauth required" },
+        requiresReauth: true
+      };
+    }
+    res = await reauthenticateWithGoogle(user, googleToken);
+  } else if (provider === "password") {
+    let password = options.password;
+    if (!password && options.onPasswordRequired) {
+      const pwd = await options.onPasswordRequired();
+      if (!pwd) {
+        return {
+          success: false,
+          error: { code: "auth/password-reauth-cancelled", message: "Password reauth cancelled" },
+          requiresReauth: true
+        };
+      }
+      password = pwd;
+    }
+    if (!password) {
+      return {
+        success: false,
+        error: { code: "auth/password-reauth", message: "Password required" },
+        requiresReauth: true
+      };
+    }
+    res = await reauthenticateWithPassword(user, password);
+  } else {
+    return null;
+  }
+
+  if (res.success) {
+    try {
+      const postReauthAuth = getFirebaseAuth();
+      const currentUser = postReauthAuth?.currentUser || user;
+
+      if (originalUserId) {
+        const validationCheck = validateUserUnchanged(postReauthAuth, originalUserId);
+        if (!('valid' in validationCheck)) {
+          return {
+            success: false,
+            error: validationCheck.error,
+            requiresReauth: false
+          };
+        }
+      }
+
+      const marked = await markUserDeleted(currentUser.uid);
+      if (!marked && __DEV__) {
+        console.warn('[AccountDeletion] Failed to mark user document as deleted before account removal (reauth path)');
+      }
+      await deleteUser(currentUser);
+      return successResult();
+    } catch (err: unknown) {
+      const errorInfo = toErrorInfo(err, 'auth/failed');
+      return {
+        success: false,
+        error: { code: errorInfo.code, message: errorInfo.message },
+        requiresReauth: false
+      };
+    }
+  }
+
+  return {
+    success: false,
+    error: {
+      code: res.error?.code || "auth/reauth-failed",
+      message: res.error?.message || "Reauth failed",
+    },
+    requiresReauth: true
+  };
 }
 
-// Re-export types for backward compatibility
-export type { AccountDeletionResult };
+export async function deleteUserAccount(user: User | null): Promise<AccountDeletionResult> {
+  if (!user || user.isAnonymous) {
+    return {
+      success: false,
+      error: { code: "auth/invalid", message: "Invalid user" },
+      requiresReauth: false
+    };
+  }
+
+  try {
+    const marked = await markUserDeleted(user.uid);
+    if (!marked && __DEV__) {
+      console.warn('[AccountDeletion] Failed to mark user document as deleted (deleteUserAccount)');
+    }
+    await deleteUser(user);
+    return successResult();
+  } catch (error: unknown) {
+    const errorInfo = toErrorInfo(error, 'auth/failed');
+    return {
+      success: false,
+      error: { code: errorInfo.code, message: errorInfo.message },
+      requiresReauth: errorInfo.code === "auth/requires-recent-login"
+    };
+  }
+}

package/src/domains/account-deletion/infrastructure/services/reauthentication.service.ts

@@ -0,0 +1,160 @@
+/**
+ * Reauthentication Service
+ * Handles Firebase Auth reauthentication for sensitive operations
+ */
+
+import {
+  reauthenticateWithCredential,
+  GoogleAuthProvider,
+  OAuthProvider,
+  EmailAuthProvider,
+  type User,
+} from "firebase/auth";
+import { Platform } from "react-native";
+
+/**
+ * Lazy-loads expo-apple-authentication (optional peer dependency).
+ * Returns null if the package is not installed.
+ */
+function getAppleAuthModule(): typeof import("expo-apple-authentication") | null {
+  try {
+    // Dynamic require needed for optional peer dependency
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    return require("expo-apple-authentication");
+  } catch {
+    return null;
+  }
+}
+import { generateNonce, hashNonce } from "../../../auth/infrastructure/services/crypto.util";
+import { executeOperation, failureResultFrom, toErrorInfo, ERROR_MESSAGES } from "../../../../shared/domain/utils";
+import { isCancelledError } from "../../../../shared/domain/utils/error-handlers/error-checkers";
+import type {
+  ReauthenticationResult,
+  AuthProviderType,
+  ReauthCredentialResult
+} from "../../application/ports/reauthentication.types";
+
+/**
+ * Validates email format
+ */
+function isValidEmail(email: string): boolean {
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  return emailRegex.test(email);
+}
+
+/**
+ * Validates password (Firebase minimum is 6 characters)
+ */
+function isValidPassword(password: string): boolean {
+  return password.length >= 6;
+}
+
+export function getUserAuthProvider(user: User): AuthProviderType {
+  if (user.isAnonymous) return "anonymous";
+  const data = user.providerData;
+  if (!data?.length) return "unknown";
+  if (data.find(p => p.providerId === "google.com")) return "google.com";
+  if (data.find(p => p.providerId === "apple.com")) return "apple.com";
+  if (data.find(p => p.providerId === "password")) return "password";
+  return "unknown";
+}
+
+export async function reauthenticateWithGoogle(user: User, idToken: string): Promise<ReauthenticationResult> {
+  return executeOperation(async () => {
+    await reauthenticateWithCredential(user, GoogleAuthProvider.credential(idToken));
+  });
+}
+
+export async function reauthenticateWithPassword(user: User, pass: string): Promise<ReauthenticationResult> {
+  const email = user.email;
+  if (!email) {
+    return failureResultFrom("auth/no-email", ERROR_MESSAGES.AUTH.NO_USER);
+  }
+
+  // FIX: Add email validation
+  if (!isValidEmail(email)) {
+    return failureResultFrom("auth/invalid-email", ERROR_MESSAGES.AUTH.INVALID_EMAIL);
+  }
+
+  // FIX: Add password validation
+  if (!isValidPassword(pass)) {
+    return failureResultFrom("auth/invalid-password", ERROR_MESSAGES.AUTH.INVALID_PASSWORD);
+  }
+
+  return executeOperation(async () => {
+    await reauthenticateWithCredential(user, EmailAuthProvider.credential(email, pass));
+  });
+}
+
+export async function getAppleReauthCredential(): Promise<ReauthCredentialResult> {
+  if (Platform.OS !== "ios") {
+    return {
+      success: false,
+      error: { code: "auth/ios-only", message: "iOS only" }
+    };
+  }
+
+  const AppleAuthentication = getAppleAuthModule();
+  if (!AppleAuthentication) {
+    return {
+      success: false,
+      error: { code: "auth/unavailable", message: "expo-apple-authentication is not installed" }
+    };
+  }
+
+  try {
+    const isAvailable = await AppleAuthentication.isAvailableAsync();
+    if (!isAvailable) {
+      return {
+        success: false,
+        error: { code: "auth/unavailable", message: "Unavailable" }
+      };
+    }
+
+    const nonce = await generateNonce();
+    const hashed = await hashNonce(nonce);
+    const apple = await AppleAuthentication.signInAsync({
+      requestedScopes: [
+        AppleAuthentication.AppleAuthenticationScope.FULL_NAME,
+        AppleAuthentication.AppleAuthenticationScope.EMAIL
+      ],
+      nonce: hashed,
+    });
+
+    if (!apple.identityToken) {
+      return {
+        success: false,
+        error: { code: "auth/no-token", message: "No token" }
+      };
+    }
+
+    const credential = new OAuthProvider("apple.com").credential({
+      idToken: apple.identityToken,
+      rawNonce: nonce
+    });
+
+    return {
+      success: true,
+      credential
+    };
+  } catch (error: unknown) {
+    const errorInfo = toErrorInfo(error, 'auth/failed');
+    const code = isCancelledError(errorInfo) ? "auth/cancelled" : errorInfo.code;
+    return {
+      success: false,
+      error: { code, message: errorInfo.message }
+    };
+  }
+}
+
+export async function reauthenticateWithApple(user: User): Promise<ReauthenticationResult> {
+  const res = await getAppleReauthCredential();
+  if (!res.success || !res.credential) {
+    return { success: false, error: res.error ?? { code: "auth/failed", message: "Failed to get credential" } };
+  }
+
+  const credential = res.credential;
+  return executeOperation(async () => {
+    await reauthenticateWithCredential(user, credential);
+  });
+}

package/src/domains/auth/domain/value-objects/FirebaseAuthConfig.ts

@@ -21,7 +21,7 @@ export interface FirebaseAuthConfig {
 
   /**
    * Auth state persistence type
-   * - 'local': Persist across app restarts (default)
+   * - 'local': Persist across browser/app restarts (default)
    * - 'session': Persist only for current session
    * - 'none': No persistence
    */

package/src/domains/auth/index.ts

@@ -3,13 +3,163 @@
  * Domain-Driven Design (DDD) Architecture
  */
 
-// Domain Layer
-export * from './domain';
+// =============================================================================
+// DOMAIN LAYER - Business Logic
+// =============================================================================
 
-// Infrastructure Layer
-export * from './infrastructure';
+export type { FirebaseAuthConfig } from './domain/value-objects/FirebaseAuthConfig';
 
-// Presentation Layer
-export * from './presentation';
+// Anonymous User Entity
+export {
+  isAnonymousUser,
+} from './domain/entities/AnonymousUser';
+export type { AnonymousUser } from './domain/entities/AnonymousUser';
+
+// =============================================================================
+// INFRASTRUCTURE LAYER - Implementation
+// =============================================================================
+
+export {
+  getFirebaseAuth,
+  isFirebaseAuthInitialized,
+  getFirebaseAuthInitializationError,
+  resetFirebaseAuthClient,
+  firebaseAuthClient,
+  initializeFirebaseAuth,
+} from './infrastructure/config/FirebaseAuthClient';
+
+export type {
+  Auth,
+} from './infrastructure/config/FirebaseAuthClient';
+
+// Auth Utilities
+export {
+  checkAuthState,
+  isAuthenticated,
+  isAnonymous,
+  getCurrentUserId,
+  getCurrentUser,
+  getCurrentUserIdFromGlobal,
+  getCurrentUserFromGlobal,
+  isCurrentUserAuthenticated,
+  isCurrentUserAnonymous,
+  verifyUserId,
+  isValidUser,
+} from './infrastructure/services/auth-utils.service';
+
+export type {
+  AuthCheckResult,
+} from './infrastructure/services/auth-utils.service';
+
+// Anonymous Auth Service
+export {
+  AnonymousAuthService,
+  anonymousAuthService,
+} from './infrastructure/services/anonymous-auth.service';
+
+export type {
+  AnonymousAuthResult,
+  AnonymousAuthServiceInterface,
+} from './infrastructure/services/anonymous-auth.service';
+
+// Firestore Utilities
+export {
+  shouldSkipFirestoreQuery,
+  createFirestoreQueryOptions,
+} from './infrastructure/services/firestore-utils.service';
+
+export type {
+  FirestoreQueryOptions,
+  FirestoreQueryResult,
+  FirestoreQuerySkipReason,
+} from './infrastructure/services/firestore-utils.service';
+
+
+// =============================================================================
+// INFRASTRUCTURE LAYER - Social Auth Services
+// =============================================================================
+
+export {
+  GoogleAuthService,
+  googleAuthService,
+} from './infrastructure/services/google-auth.service';
+export type {
+  GoogleAuthConfig,
+  GoogleAuthResult,
+} from './infrastructure/services/google-auth.types';
+
+export {
+  GoogleOAuthService,
+  googleOAuthService,
+} from './infrastructure/services/google-oauth.service';
+export type {
+  GoogleOAuthConfig,
+} from './infrastructure/services/google-oauth.service';
+
+export {
+  AppleAuthService,
+  appleAuthService,
+} from './infrastructure/services/apple-auth.service';
+export type { AppleAuthResult } from './infrastructure/services/apple-auth.types';
+
+// =============================================================================
+// PRESENTATION LAYER - Hooks
+// =============================================================================
+
+export { useFirebaseAuth } from './presentation/hooks/useFirebaseAuth';
+export type { UseFirebaseAuthResult } from './presentation/hooks/useFirebaseAuth';
+
+export { useAnonymousAuth } from './presentation/hooks/useAnonymousAuth';
+export type { UseAnonymousAuthResult } from './presentation/hooks/useAnonymousAuth';
+
+export { useSocialAuth } from './presentation/hooks/useSocialAuth';
+export type {
+  SocialAuthConfig,
+  SocialAuthResult,
+  UseSocialAuthResult,
+} from './presentation/hooks/useSocialAuth';
+
+export { useGoogleOAuth } from './presentation/hooks/useGoogleOAuth';
+export type {
+  UseGoogleOAuthResult,
+} from './presentation/hooks/useGoogleOAuth';
+
+// Password Management
+export {
+  updateUserPassword,
+} from './infrastructure/services/password.service';
+
+// Email/Password Authentication
+export {
+  signInWithEmail,
+  signUpWithEmail,
+  signOut,
+  linkAnonymousWithEmail,
+} from './infrastructure/services/email-auth.service';
+export type {
+  EmailCredentials,
+  EmailAuthResult,
+} from './infrastructure/services/email-auth.service';
+
+// Auth Listener
+export {
+  setupAuthListener,
+} from './infrastructure/services/auth-listener.service';
+export type {
+  AuthListenerConfig,
+  AuthListenerResult,
+} from './infrastructure/services/auth-listener.service';
+
+// User Document Service
+export {
+  ensureUserDocument,
+  markUserDeleted,
+  configureUserDocumentService,
+} from './infrastructure/services/user-document.service';
+export type {
+  UserDocumentUser,
+  UserDocumentConfig,
+  UserDocumentExtras,
+} from './infrastructure/services/user-document.types';