backend-manager 5.0.129 → 5.0.130

package/CHANGELOG.md

@@ -14,6 +14,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
+# [5.0.129] - 2026-03-11
+### Added
+- Usage proxy system: `setUser()` to bill usage to a different user, `addMirror()`/`setMirrors()` to write usage to additional Firestore docs in parallel
+- Admin post route image rewriting: `extractImages()` now returns a URL map and rewrites markdown body to use `@post/` prefix for uploaded images
+- `metadata` object on user schema with `created` and `updated` timestamps
+- Firestore security rules: added `metadata` to server-only write fields
+- Test for admin post creation route
+- CLAUDE.md and README.md documentation for usage proxy and admin post route
+
+### Changed
+- User schema: moved `activity.lastActivity` to `metadata.updated` and `activity.created` to `metadata.created`
+- `before-signin` event handler writes to `metadata.updated` instead of `activity.lastActivity`
+- Admin user sync route writes to `metadata.created`/`metadata.updated` instead of `activity.created`/`activity.lastActivity`
+- `Usage.update()` refactored to execute primary + mirror writes in parallel via `Promise.all()`
+- Bumped version to 5.0.129
+
 # [5.0.123] - 2026-03-10
 ### Added
 - Dispute alert system: `POST /payments/dispute-alert` endpoint with Chargeblast processor for ingesting payment dispute webhooks

package/README.md

@@ -630,7 +630,7 @@ await utilities.iterateUsers(
 
 // Get document with owner user
 const { document, user } = await utilities.getDocumentWithOwnerUser('posts/abc123', {
-  owner: 'owner.uid',
+  owner: 'owner',
   resolve: {
     schema: 'posts',
     assistant: assistant,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "backend-manager",
-  "version": "5.0.129",
+  "version": "5.0.130",
   "description": "Quick tools for developing Firebase functions",
   "main": "src/manager/index.js",
   "bin": {

package/src/manager/events/firestore/notifications/on-write.js

@@ -41,7 +41,7 @@ module.exports = async ({ Manager, assistant, change, context, libraries }) => {
 
     Manager.Analytics({
       assistant: assistant,
-      uuid: dataBefore?.owner?.uid,
+      uuid: dataBefore?.owner,
     }).event('notification-unsubscribe', {});
 
     assistant.log('Notification subscription deleted:', dataBefore);
@@ -63,7 +63,7 @@ module.exports = async ({ Manager, assistant, change, context, libraries }) => {
 
     Manager.Analytics({
       assistant: assistant,
-      uuid: dataAfter?.owner?.uid,
+      uuid: dataAfter?.owner,
     }).event('notification-subscribe', {});
 
     assistant.log('Notification subscription created:', dataAfter);

package/src/manager/events/firestore/payments-webhooks/analytics.js

@@ -168,7 +168,7 @@ const META_EVENTS = {
  */
 function fireMeta({ resolved, currency, uid, processor, assistant, config }) {
   try {
-    const pixelId = config.meta?.pixelId;
+    const pixelId = config.analytics?.providers?.meta?.id;
     const accessToken = process.env.META_ACCESS_TOKEN;
 
     if (!pixelId || !accessToken) {
@@ -238,7 +238,7 @@ const TIKTOK_EVENTS = {
  */
 function fireTikTok({ resolved, currency, uid, processor, assistant, config }) {
   try {
-    const pixelCode = config.tiktok?.pixelCode;
+    const pixelCode = config.analytics?.providers?.tiktok?.id;
     const accessToken = process.env.TIKTOK_ACCESS_TOKEN;
 
     if (!pixelCode || !accessToken) {

package/src/manager/functions/core/actions/api/user/submit-feedback.js

@@ -50,13 +50,13 @@ Module.prototype.main = function () {
       // Save feedback to firestore
       self.libraries.admin.firestore().doc(`feedback/${docId}`)
       .set({
-        created: assistant.meta.startTime,
         feedback: request,
         decision: decision,
-        owner: {
-          uid: user?.auth?.uid ?? null,
+        owner: user?.auth?.uid ?? null,
+        metadata: {
+          ...Manager.Metadata().set({tag: 'user:submit-feedback'}),
+          created: assistant.meta.startTime,
         },
-        metadata: Manager.Metadata().set({tag: 'user:submit-feedback'}),
       }, {merge: true})
       .then(r => {
         return resolve({

package/src/manager/helpers/analytics.js

@@ -161,8 +161,8 @@ function Analytics(Manager, options) {
   };
 
   // Set id and secret
-  self.analyticsId = self?.Manager?.config?.googleAnalytics?.id;
-  self.analyticsSecret = self?.Manager?.config?.googleAnalytics?.secret;
+  self.analyticsId = self?.Manager?.config?.analytics?.providers?.google?.id;
+  self.analyticsSecret = process.env.GOOGLE_ANALYTICS_SECRET;
 
   // Check if we have the required properties
   if (!self.analyticsId) {

package/src/manager/helpers/utilities.js

@@ -272,7 +272,7 @@ Utilities.prototype.getDocumentWithOwnerUser = function (path, options) {
 
     // Set defaults
     options = options || {};
-    options.owner = options.owner || 'owner.uid';
+    options.owner = options.owner || 'owner';
     options.log = typeof options.log === 'undefined' ? false : options.log;
 
     // Set resolve/schema options

package/src/manager/routes/app/get.js

@@ -10,7 +10,7 @@ module.exports = async ({ assistant, Manager }) => {
 
 /**
  * Build a public-safe config object from Manager.config
- * Excludes sensitive fields: sentry, googleAnalytics, ghostii, etc.
+ * Excludes sensitive fields: sentry, analytics, ghostii, etc.
  */
 function buildPublicConfig(config) {
   return {

package/src/manager/routes/user/feedback/post.js

@@ -46,7 +46,6 @@ module.exports = async ({ assistant, Manager, user, settings, libraries }) => {
   // Save feedback to Firestore
   await admin.firestore().doc(`feedback/${docId}`)
     .set({
-      created: assistant.meta.startTime,
       feedback: {
         rating: settings.rating,
         like: settings.like,
@@ -54,10 +53,11 @@ module.exports = async ({ assistant, Manager, user, settings, libraries }) => {
         comments: settings.comments,
       },
       decision: decision,
-      owner: {
-        uid: user?.auth?.uid ?? null,
+      owner: user?.auth?.uid ?? null,
+      metadata: {
+        ...Manager.Metadata().set({ tag: 'user/feedback' }),
+        created: assistant.meta.startTime,
       },
-      metadata: Manager.Metadata().set({ tag: 'user/feedback' }),
     }, { merge: true })
     .catch((e) => {
       return assistant.respond(`Failed to save feedback: ${e.message}`, { code: 500, sentry: true });

package/templates/_.env

@@ -15,6 +15,11 @@ STRIPE_SECRET_KEY=""
 CHARGEBEE_API_KEY=""
 COINBASE_API_KEY=""
 
+# Analytics
+GOOGLE_ANALYTICS_SECRET=""
+META_ACCESS_TOKEN=""
+TIKTOK_ACCESS_TOKEN=""
+
 # Security
 CLOUDFLARE_TOKEN=""
 RECAPTCHA_SECRET_KEY=""

package/templates/backend-manager-config.json

@@ -20,15 +20,18 @@
   sentry: {
     dsn: 'https://d965557418748jd749d837asf00552f@o777489.ingest.sentry.io/8789941',
   },
-  googleAnalytics: {
-    id: 'UA-123456789-1',
-    secret: 'ABCx1234567890ABCDEFGH',
-  },
-  meta: {
-    pixelId: null,
-  },
-  tiktok: {
-    pixelCode: null,
+  analytics: {
+    providers: {
+      google: {
+        id: null,
+      },
+      meta: {
+        id: null,
+      },
+      tiktok: {
+        id: null,
+      },
+    },
   },
   oauth2: {},
   payment: {