fiber-firebase-functions 1.0.2 → 1.0.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fiber-firebase-functions",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "A collection of ready-to-use Firebase Cloud Functions utilities and wrappers designed for any application built by Fiber. Provides reusable helpers, common patterns, and production-grade modules to streamline backend development across all Fiber projects.",
   "author": "Fiber",
   "license": "FIBER-PROPRIETARY",
@@ -20,10 +20,12 @@
   ],
   "dependencies": {
     "firebase-admin": "^13.6.0",
-    "firebase-functions": "^7.0.0"
+    "firebase-functions": "^7.0.0",
+    "validator": "^13.15.23"
   },
   "devDependencies": {
-    "typescript": "^5.9.3",
-    "ts-node": "^10.9.2"
+    "@types/validator": "^13.15.10",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3"
   }
 }

package/src/auth/is_user_disabled.ts

@@ -39,7 +39,7 @@ export enum UserDisabledByIdStatus {
     MISSING_USER_ID = "MISSING_USER_ID",
     ENABLED = "ENABLED",
     DISABLED = "DISABLED",
-    NOT_FOUND = "NOT_FOUND",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
     INTERNAL_ERROR = "INTERNAL_ERROR",
 }
 
@@ -47,46 +47,48 @@ export enum UserDisabledByEmailStatus {
     MISSING_USER_ID = "MISSING_USER_ID",
     ENABLED = "ENABLED",
     DISABLED = "DISABLED",
-    NOT_FOUND = "NOT_FOUND",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
     INTERNAL_ERROR = "INTERNAL_ERROR",
 }
 
-export async function isUserDisabledById(userId: string): Promise<UserDisabledByIdStatus> {
-    userId = userId.trim();
+export class IsUserDisabled {
+    static async withId(userId: string): Promise<UserDisabledByIdStatus> {
+        userId = userId.trim();
 
-    if (!userId) return UserDisabledByIdStatus.MISSING_USER_ID;
+        if (!userId || userId === "") return UserDisabledByIdStatus.MISSING_USER_ID;
 
-    try {
-        const user = await admin.auth().getUser(userId);
-        const isUserDisabled = user.disabled;
+        try {
+            const user = await admin.auth().getUser(userId);
+            const isUserDisabled = user.disabled;
 
-        return isUserDisabled
-            ? UserDisabledByIdStatus.DISABLED
-            : UserDisabledByIdStatus.ENABLED;
-    } catch (error: any) {
-        if (error.code === "auth/user-not-found") {
-            return UserDisabledByIdStatus.NOT_FOUND;
+            return isUserDisabled
+                ? UserDisabledByIdStatus.DISABLED
+                : UserDisabledByIdStatus.ENABLED;
+        } catch (error: any) {
+            if (error.code === "auth/user-not-found") {
+                return UserDisabledByIdStatus.USER_NOT_FOUND;
+            }
+            return UserDisabledByIdStatus.INTERNAL_ERROR;
         }
-        return UserDisabledByIdStatus.INTERNAL_ERROR;
     }
-}
 
-export async function isUserDisabledByEmail(email: string): Promise<UserDisabledByEmailStatus> {
-    email = email.trim();
+    static async withEmail(email: string): Promise<UserDisabledByEmailStatus> {
+        email = email.trim();
 
-    if (!email) return UserDisabledByEmailStatus.MISSING_USER_ID;
+        if (!email || email === "") return UserDisabledByEmailStatus.MISSING_USER_ID;
 
-    try {
-        const user = await admin.auth().getUserByEmail(email);
-        const isUserDisabled = user.disabled;
+        try {
+            const user = await admin.auth().getUserByEmail(email);
+            const isUserDisabled = user.disabled;
 
-        return isUserDisabled
-            ? UserDisabledByEmailStatus.DISABLED
-            : UserDisabledByEmailStatus.ENABLED;
-    } catch (error: any) {
-        if (error.code === "auth/user-not-found") {
-            return UserDisabledByEmailStatus.NOT_FOUND;
+            return isUserDisabled
+                ? UserDisabledByEmailStatus.DISABLED
+                : UserDisabledByEmailStatus.ENABLED;
+        } catch (error: any) {
+            if (error.code === "auth/user-not-found") {
+                return UserDisabledByEmailStatus.USER_NOT_FOUND;
+            }
+            return UserDisabledByEmailStatus.INTERNAL_ERROR;
         }
-        return UserDisabledByEmailStatus.INTERNAL_ERROR;
     }
 }

package/src/auth/is_user_exists.ts

@@ -38,47 +38,49 @@ if (admin.apps.length === 0) {
 export enum UserExistsByIdStatus {
     MISSING_USER_ID = "MISSING_USER_ID",
     EXISTS = "EXISTS",
-    NOT_FOUND = "NOT_FOUND",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
     INTERNAL_ERROR = "INTERNAL_ERROR",
 }
 
 export enum UserExistsByEmailStatus {
     MISSING_USER_EMAIL = "MISSING_USER_EMAIL",
     EXISTS = "EXISTS",
-    NOT_FOUND = "NOT_FOUND",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
     INTERNAL_ERROR = "INTERNAL_ERROR",
 }
 
-export async function isUserExistsById(userId: string): Promise<UserExistsByIdStatus> {
-    userId = userId.trim();
+export class IsUserExists {
+    static async withId(userId: string): Promise<UserExistsByIdStatus> {
+        userId = userId.trim();
 
-    if (!userId || userId === "") return UserExistsByIdStatus.MISSING_USER_ID;
+        if (!userId || userId === "") return UserExistsByIdStatus.MISSING_USER_ID;
 
-    try {
-        await admin.auth().getUser(userId);
+        try {
+            await admin.auth().getUser(userId);
 
-        return UserExistsByIdStatus.EXISTS;
-    } catch (error: any) {
-        if (error.code === "auth/user-not-found") {
-            return UserExistsByIdStatus.NOT_FOUND;
+            return UserExistsByIdStatus.EXISTS;
+        } catch (error: any) {
+            if (error.code === "auth/user-not-found") {
+                return UserExistsByIdStatus.USER_NOT_FOUND;
+            }
+            return UserExistsByIdStatus.INTERNAL_ERROR;
         }
-        return UserExistsByIdStatus.INTERNAL_ERROR;
     }
-}
 
-export async function isUserExistsByEmail(email: string): Promise<UserExistsByEmailStatus> {
-    email = email.trim();
+    static async withEmail(email: string): Promise<UserExistsByEmailStatus> {
+        email = email.trim();
 
-    if (!email || email === "") return UserExistsByEmailStatus.MISSING_USER_EMAIL;
+        if (!email || email === "") return UserExistsByEmailStatus.MISSING_USER_EMAIL;
 
-    try {
-        await admin.auth().getUserByEmail(email);
+        try {
+            await admin.auth().getUserByEmail(email);
 
-        return UserExistsByEmailStatus.EXISTS;
-    } catch (error: any) {
-        if (error.code === "auth/user-not-found") {
-            return UserExistsByEmailStatus.NOT_FOUND;
+            return UserExistsByEmailStatus.EXISTS;
+        } catch (error: any) {
+            if (error.code === "auth/user-not-found") {
+                return UserExistsByEmailStatus.USER_NOT_FOUND;
+            }
+            return UserExistsByEmailStatus.INTERNAL_ERROR;
         }
-        return UserExistsByEmailStatus.INTERNAL_ERROR;
     }
 }

package/src/auth/otp.ts

@@ -0,0 +1,135 @@
+/*
+ * Copyright (C) 2025 Fiber
+ *
+ * All rights reserved. This script, including its code and logic, is the
+ * exclusive property of Fiber. Redistribution, reproduction,
+ * or modification of any part of this script is strictly prohibited
+ * without prior written permission from Fiber.
+ *
+ * Conditions of use:
+ * - The code may not be copied, duplicated, or used, in whole or in part,
+ *   for any purpose without explicit authorization.
+ * - Redistribution of this code, with or without modification, is not
+ *   permitted unless expressly agreed upon by Fiber.
+ * - The name "Fiber" and any associated branding, logos, or
+ *   trademarks may not be used to endorse or promote derived products
+ *   or services without prior written approval.
+ *
+ * Disclaimer:
+ * THIS SCRIPT AND ITS CODE ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL
+ * FIBER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO LOSS OF USE,
+ * DATA, PROFITS, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATED TO THE USE
+ * OR INABILITY TO USE THIS SCRIPT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Unauthorized copying or reproduction of this script, in whole or in part,
+ * is a violation of applicable intellectual property laws and will result
+ * in legal action.
+ */
+
+import crypto from 'crypto';
+import * as admin from "firebase-admin";
+import { appInitialize } from "../common/config";
+
+if (admin.apps.length === 0) {
+    admin.initializeApp();
+}
+
+export enum GenerateStatus {
+    MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
+    SUCCESS = "SUCCESS",
+}
+
+export enum GetOTPStatus {
+    MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
+    OTP_NOT_FOUND = "OTP_NOT_FOUND",
+    OTP_FOUND = "OTP_FOUND",
+}
+
+export class Otp {
+    static async generate(userId: string, type: string): Promise<GenerateStatus> {
+        const config = appInitialize();
+        const otp = config.otp;
+
+        if (otp.collection === undefined) return GenerateStatus.MISSING_OTP_CONFIG;
+
+        const now = Date.now();
+        const otpCode = OTPUtils.generate();
+        const hashOtp = OTPUtils.hash(otpCode);
+
+        await admin.firestore().collection(otp.collection).add({
+            __fbs__user_id: userId,
+            __fbs__created_at: now,
+            __fbs__otp_type: type,
+            __fbs__otp: hashOtp,
+        });
+
+        return GenerateStatus.SUCCESS;
+    }
+
+    static async get(userId: string, type: string): Promise<{ status: GetOTPStatus; otp?: string; }> {
+        const config = appInitialize();
+        const otp = config.otp;
+
+        if (otp.collection === undefined) return { status: GetOTPStatus.MISSING_OTP_CONFIG };
+
+        const snapshot = await admin.firestore()
+            .collection(otp.collection)
+            .where("__fbs__user_id", "==", userId)
+            .where("__fbs__otp_type", "==", type)
+            .orderBy("__fbs__created_at", "desc")
+            .limit(1)
+            .get();
+
+        if (snapshot.docs.length === 0) return { status: GetOTPStatus.OTP_NOT_FOUND };
+
+        const doc = snapshot.docs[0];
+        const data = doc?.data();
+        const otpCode = data?.__fbs__otp as string;
+
+        return { status: GetOTPStatus.MISSING_OTP_CONFIG, otp: otpCode };
+    }
+}
+
+class OTPUtils {
+    static generate(): string {
+        while (true) {
+            const buffer = crypto.randomBytes(4);
+            const number = buffer.readUInt32BE();
+            const otp = (number % 1000000).toString().padStart(6, '0');
+
+            if (this.hasAllIdenticalDigits(otp)) continue;
+            if (this.hasRepeatingPattern(otp)) continue;
+            if (this.hasMoreThanThreeConsecutiveIdenticalDigits(otp)) continue;
+
+            return otp;
+        }
+    }
+
+    static hash(otp: string): string {
+        return crypto.createHash('sha256').update(otp).digest('hex');
+    }
+
+    private static hasAllIdenticalDigits(str: string): boolean {
+        return /^(\d)\1{5}$/.test(str);
+    }
+
+    private static hasMoreThanThreeConsecutiveIdenticalDigits(str: string): boolean {
+        return /(\d)\1{3,}/.test(str);
+    }
+
+    private static hasRepeatingPattern(str: string): boolean {
+        const half = str.slice(0, 3);
+        if (half.repeat(2) === str) return true;
+
+        const pairs = str.match(/(..)/g);
+        if (pairs && pairs.length === 3 && new Set(pairs).size === 1) return true;
+
+        const mirror = half + half.split('').reverse().join('');
+        if (str === mirror) return true;
+
+        return false;
+    }
+}

package/src/auth/reset_password.ts

@@ -0,0 +1,317 @@
+/*
+ * Copyright (C) 2025 Fiber
+ *
+ * All rights reserved. This script, including its code and logic, is the
+ * exclusive property of Fiber. Redistribution, reproduction,
+ * or modification of any part of this script is strictly prohibited
+ * without prior written permission from Fiber.
+ *
+ * Conditions of use:
+ * - The code may not be copied, duplicated, or used, in whole or in part,
+ *   for any purpose without explicit authorization.
+ * - Redistribution of this code, with or without modification, is not
+ *   permitted unless expressly agreed upon by Fiber.
+ * - The name "Fiber" and any associated branding, logos, or
+ *   trademarks may not be used to endorse or promote derived products
+ *   or services without prior written approval.
+ *
+ * Disclaimer:
+ * THIS SCRIPT AND ITS CODE ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL
+ * FIBER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO LOSS OF USE,
+ * DATA, PROFITS, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATED TO THE USE
+ * OR INABILITY TO USE THIS SCRIPT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Unauthorized copying or reproduction of this script, in whole or in part,
+ * is a violation of applicable intellectual property laws and will result
+ * in legal action.
+ */
+
+import * as admin from "firebase-admin";
+import validator from "validator";
+import { appInitialize } from "../common/config";
+import { isRateLimited, RateLimitCheckStatus, RateLimitIdentifier, RateLimitRule, recordRateLimitHit } from "../middleware/rate_limiter";
+import { IsUserDisabled, UserDisabledByIdStatus } from "./is_user_disabled";
+import { IsUserExists, UserExistsByIdStatus } from "./is_user_exists";
+import { Otp } from "./otp";
+import { User, UserByEmailStatus } from "./user";
+
+if (admin.apps.length === 0) {
+    admin.initializeApp();
+}
+
+export enum ResetPasswordByEmailStatus {
+    MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
+    MISSING_USER_EMAIL = "MISSING_USER_EMAIL",
+    MISSING_NEW_PASSWORD = "MISSING_NEW_PASSWORD",
+    MISSING_CONFIRM_NEW_PASSWORD = "MISSING_CONFIRM_NEW_PASSWORD",
+    MISSING_PASSWORD_POLICY = "MISSING_PASSWORD_POLICY",
+    NOT_IDENTICAL_CONFIRM_PASSWORD = "NOT_IDENTICAL_CONFIRM_PASSWORD",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
+    USER_DISABLED = "USER_DISABLED",
+    WEAK_NEW_PASSWORD = "WEAK_NEW_PASSWORD",
+    MISSING_PASSWORD_UPPERCASE = "MISSING_PASSWORD_UPPERCASE",
+    MISSING_PASSWORD_LOWERCASE = "MISSING_PASSWORD_LOWERCASE",
+    MISSING_PASSWORD_DIGIT = "MISSING_PASSWORD_DIGIT",
+    MISSING_PASSWORD_SPECIAL_CHAR = "MISSING_PASSWORD_SPECIAL_CHAR",
+    TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
+    INVALID_EMAIL_FORMAT = "INVALID_EMAIL_FORMAT",
+    SUCCESS = "SUCCESS",
+    INTERNAL_ERROR = "INTERNAL_ERROR",
+}
+
+export enum ResetPasswordByIdStatus {
+    MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
+    MISSING_USER_ID = "MISSING_USER_ID",
+    MISSING_NEW_PASSWORD = "MISSING_NEW_PASSWORD",
+    MISSING_CONFIRM_NEW_PASSWORD = "MISSING_CONFIRM_NEW_PASSWORD",
+    MISSING_PASSWORD_POLICY = "MISSING_PASSWORD_POLICY",
+    NOT_IDENTICAL_CONFIRM_PASSWORD = "NOT_IDENTICAL_CONFIRM_PASSWORD",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
+    USER_DISABLED = "USER_DISABLED",
+    WEAK_NEW_PASSWORD = "WEAK_NEW_PASSWORD",
+    MISSING_PASSWORD_UPPERCASE = "MISSING_PASSWORD_UPPERCASE",
+    MISSING_PASSWORD_LOWERCASE = "MISSING_PASSWORD_LOWERCASE",
+    MISSING_PASSWORD_DIGIT = "MISSING_PASSWORD_DIGIT",
+    MISSING_PASSWORD_SPECIAL_CHAR = "MISSING_PASSWORD_SPECIAL_CHAR",
+    TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
+    SUCCESS = "SUCCESS",
+    INTERNAL_ERROR = "INTERNAL_ERROR",
+}
+
+export enum RequestResetPasswordByIdStatus {
+    MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
+    MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
+    MISSING_USER_ID = "MISSING_USER_ID",
+    TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
+    USER_DISABLED = "USER_DISABLED",
+    SUCCESS = "SUCCESS",
+    INTERNAL_ERROR = "INTERNAL_ERROR",
+}
+
+export enum RequestResetPasswordByEmailStatus {
+    MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
+    MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
+    MISSING_USER_EMAIL = "MISSING_USER_EMAIL",
+    TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
+    USER_NOT_FOUND = "USER_NOT_FOUND",
+    USER_DISABLED = "USER_DISABLED",
+    INVALID_EMAIL_FORMAT = "INVALID_EMAIL_FORMAT",
+    SUCCESS = "SUCCESS",
+    INTERNAL_ERROR = "INTERNAL_ERROR",
+}
+
+export interface PasswordPolicy {
+    minLength: number;
+    requireUppercase: boolean;
+    requireLowercase: boolean;
+    requireDigit: boolean;
+    requireSpecial: boolean;
+}
+
+export interface ResetPassword {
+    newPassword: string;
+    confirmNewPassword: string;
+    passwordPolicy: PasswordPolicy;
+}
+
+export class RequestResetPassword {
+    static async withId(userId: string): Promise<RequestResetPasswordByIdStatus> {
+        const config = appInitialize();
+        const otp = config.otp;
+        const rateLimiter = config.rateLimiter;
+
+        if (otp.collection === undefined) return RequestResetPasswordByIdStatus.MISSING_OTP_CONFIG;
+        if (rateLimiter.appName === undefined || rateLimiter.url === undefined) {
+            return RequestResetPasswordByIdStatus.MISSING_DATABASE_CONFIG;
+        }
+
+        userId = userId.trim();
+        if (!userId || userId === "") return RequestResetPasswordByIdStatus.MISSING_USER_ID;
+
+        const identifier: RateLimitIdentifier = {
+            id: userId,
+            target: "request_reset_password"
+        };
+
+        const rule: RateLimitRule = {
+            ttl: 2 * 60 * 1000,
+            windowMs: 3 * 60 * 1000,
+            maxHits: 5,
+        };
+
+        const userExists = await IsUserExists.withId(userId);
+        if (userExists === UserExistsByIdStatus.MISSING_USER_ID) return RequestResetPasswordByIdStatus.MISSING_USER_ID;
+        if (userExists === UserExistsByIdStatus.INTERNAL_ERROR) return RequestResetPasswordByIdStatus.INTERNAL_ERROR;
+        if (userExists === UserExistsByIdStatus.USER_NOT_FOUND) return RequestResetPasswordByIdStatus.USER_NOT_FOUND;
+
+        const userDisabled = await IsUserDisabled.withId(userId);
+        if (userDisabled === UserDisabledByIdStatus.MISSING_USER_ID) {
+            return RequestResetPasswordByIdStatus.MISSING_USER_ID;
+        }
+        if (userDisabled === UserDisabledByIdStatus.INTERNAL_ERROR) {
+            return RequestResetPasswordByIdStatus.INTERNAL_ERROR;
+        }
+        if (userDisabled === UserDisabledByIdStatus.USER_NOT_FOUND) {
+            return RequestResetPasswordByIdStatus.USER_NOT_FOUND;
+        }
+
+        if (await isRateLimited(identifier, rule) !== RateLimitCheckStatus.LIMIT_NOT_FOUND) {
+            return RequestResetPasswordByIdStatus.TOO_MANY_REQUEST;
+        }
+        await recordRateLimitHit(identifier, rule);
+
+        if (await IsUserExists.withId(userId)) return RequestResetPasswordByIdStatus.USER_NOT_FOUND;
+        if (await IsUserDisabled.withId(userId)) return RequestResetPasswordByIdStatus.USER_DISABLED;
+
+        await Otp.generate(userId, "request_reset_password");
+
+        return RequestResetPasswordByIdStatus.SUCCESS;
+    }
+
+    static async withEmail(email: string): Promise<RequestResetPasswordByEmailStatus> {
+        email = email.trim();
+        if (!email || email === "") return RequestResetPasswordByEmailStatus.MISSING_USER_EMAIL;
+
+        if (!validator.isEmail(email)) return RequestResetPasswordByEmailStatus.INVALID_EMAIL_FORMAT;
+
+        const user = await User.withEmail(email);
+        if (user.status === UserByEmailStatus.INTERNAL_ERROR) return RequestResetPasswordByEmailStatus.INTERNAL_ERROR;
+        if (user.status === UserByEmailStatus.MISSING_EMAIL) {
+            return RequestResetPasswordByEmailStatus.MISSING_USER_EMAIL;
+        }
+        if (user.status === UserByEmailStatus.USER_NOT_FOUND) return RequestResetPasswordByEmailStatus.USER_NOT_FOUND;
+
+        const userId = user.user?.uid;
+        if (!userId || userId === undefined) return RequestResetPasswordByEmailStatus.INTERNAL_ERROR;
+
+        const result = await this.withId(userId);
+
+        const map = {
+            [RequestResetPasswordByIdStatus.MISSING_OTP_CONFIG]: RequestResetPasswordByEmailStatus.MISSING_OTP_CONFIG,
+            [RequestResetPasswordByIdStatus.MISSING_DATABASE_CONFIG]: RequestResetPasswordByEmailStatus.MISSING_DATABASE_CONFIG,
+            [RequestResetPasswordByIdStatus.MISSING_USER_ID]: RequestResetPasswordByEmailStatus.MISSING_USER_EMAIL,
+            [RequestResetPasswordByIdStatus.TOO_MANY_REQUEST]: RequestResetPasswordByEmailStatus.TOO_MANY_REQUEST,
+            [RequestResetPasswordByIdStatus.USER_NOT_FOUND]: RequestResetPasswordByEmailStatus.USER_NOT_FOUND,
+            [RequestResetPasswordByIdStatus.USER_DISABLED]: RequestResetPasswordByEmailStatus.USER_DISABLED,
+            [RequestResetPasswordByIdStatus.SUCCESS]: RequestResetPasswordByEmailStatus.SUCCESS,
+            [RequestResetPasswordByIdStatus.INTERNAL_ERROR]: RequestResetPasswordByEmailStatus.INTERNAL_ERROR,
+        };
+
+        return map[result];
+    }
+}
+
+export class VerifyRequestResetPasswordOTP {
+
+}
+
+export class ResetPassword {
+    static async withId(userId: string, password: ResetPassword): Promise<ResetPasswordByIdStatus> {
+        const config = appInitialize();
+        const rateLimiter = config.rateLimiter;
+
+        if (rateLimiter.appName === undefined || rateLimiter.url === undefined) {
+            return ResetPasswordByIdStatus.MISSING_DATABASE_CONFIG;
+        }
+
+        userId = userId.trim();
+
+        if (!userId || userId === "") return ResetPasswordByIdStatus.MISSING_USER_ID;
+
+        const newPassword = password.newPassword.trim();
+        const confirmNewPassword = password.confirmNewPassword.trim();
+
+        if (!newPassword || newPassword === "") return ResetPasswordByIdStatus.MISSING_NEW_PASSWORD;
+        if (!confirmNewPassword || confirmNewPassword === "") return ResetPasswordByIdStatus.MISSING_CONFIRM_NEW_PASSWORD;
+
+        const passwordPolicy = password.passwordPolicy;
+
+        if (!passwordPolicy) return ResetPasswordByIdStatus.MISSING_PASSWORD_POLICY;
+
+        const identifier: RateLimitIdentifier = {
+            id: userId,
+            target: "reset_password"
+        };
+
+        const rule: RateLimitRule = {
+            ttl: 2 * 60 * 1000,
+            windowMs: 3 * 60 * 1000,
+            maxHits: 5,
+        };
+
+        if (await isRateLimited(identifier, rule) !== RateLimitCheckStatus.LIMIT_NOT_FOUND) {
+            return ResetPasswordByIdStatus.TOO_MANY_REQUEST;
+        }
+        await recordRateLimitHit(identifier, rule);
+
+        if (await IsUserExists.withId(userId)) return ResetPasswordByIdStatus.USER_NOT_FOUND;
+        if (await IsUserDisabled.withId(userId)) return ResetPasswordByIdStatus.USER_DISABLED;
+
+        if (newPassword !== confirmNewPassword) return ResetPasswordByIdStatus.NOT_IDENTICAL_CONFIRM_PASSWORD;
+
+        const requiredMin = Math.max(6, passwordPolicy.minLength);
+        if (newPassword.length < requiredMin) return ResetPasswordByIdStatus.WEAK_NEW_PASSWORD;
+
+        const rules = [
+            { enabled: passwordPolicy.requireUppercase, regex: /[A-Z]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_UPPERCASE },
+            { enabled: passwordPolicy.requireLowercase, regex: /[a-z]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_LOWERCASE },
+            { enabled: passwordPolicy.requireDigit, regex: /[0-9]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_DIGIT },
+            { enabled: passwordPolicy.requireSpecial, regex: /[^A-Za-z0-9]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_SPECIAL_CHAR },
+        ];
+
+        for (const rule of rules) {
+            if (rule.enabled && !rule.regex.test(newPassword)) return rule.error;
+        }
+
+        try {
+            await admin.auth().updateUser(userId, { password: newPassword });
+            return ResetPasswordByIdStatus.SUCCESS;
+        } catch (error: any) {
+            return ResetPasswordByIdStatus.INTERNAL_ERROR;
+        }
+    }
+
+    static async withEmail(email: string, password: ResetPassword): Promise<ResetPasswordByEmailStatus> {
+        email = email.trim();
+        if (!email || email === "") return ResetPasswordByEmailStatus.MISSING_USER_EMAIL;
+
+        if (!validator.isEmail(email)) return ResetPasswordByEmailStatus.INVALID_EMAIL_FORMAT;
+
+        const user = await User.withEmail(email);
+        if (user.status === UserByEmailStatus.INTERNAL_ERROR) return ResetPasswordByEmailStatus.INTERNAL_ERROR;
+        if (user.status === UserByEmailStatus.MISSING_EMAIL) {
+            return ResetPasswordByEmailStatus.MISSING_USER_EMAIL;
+        }
+        if (user.status === UserByEmailStatus.USER_NOT_FOUND) return ResetPasswordByEmailStatus.USER_NOT_FOUND;
+
+        const userId = user.user?.uid;
+        if (!userId || userId === undefined) return ResetPasswordByEmailStatus.INTERNAL_ERROR;
+
+        const result = await this.withId(userId, password);
+
+        const map = {
+            [ResetPasswordByIdStatus.MISSING_DATABASE_CONFIG]: ResetPasswordByEmailStatus.MISSING_DATABASE_CONFIG,
+            [ResetPasswordByIdStatus.MISSING_USER_ID]: ResetPasswordByEmailStatus.MISSING_USER_EMAIL,
+            [ResetPasswordByIdStatus.MISSING_NEW_PASSWORD]: ResetPasswordByEmailStatus.MISSING_NEW_PASSWORD,
+            [ResetPasswordByIdStatus.MISSING_CONFIRM_NEW_PASSWORD]: ResetPasswordByEmailStatus.MISSING_CONFIRM_NEW_PASSWORD,
+            [ResetPasswordByIdStatus.MISSING_PASSWORD_POLICY]: ResetPasswordByEmailStatus.MISSING_PASSWORD_POLICY,
+            [ResetPasswordByIdStatus.NOT_IDENTICAL_CONFIRM_PASSWORD]: ResetPasswordByEmailStatus.NOT_IDENTICAL_CONFIRM_PASSWORD,
+            [ResetPasswordByIdStatus.USER_NOT_FOUND]: ResetPasswordByEmailStatus.USER_NOT_FOUND,
+            [ResetPasswordByIdStatus.USER_DISABLED]: ResetPasswordByEmailStatus.USER_DISABLED,
+            [ResetPasswordByIdStatus.WEAK_NEW_PASSWORD]: ResetPasswordByEmailStatus.WEAK_NEW_PASSWORD,
+            [ResetPasswordByIdStatus.MISSING_PASSWORD_UPPERCASE]: ResetPasswordByEmailStatus.MISSING_PASSWORD_UPPERCASE,
+            [ResetPasswordByIdStatus.MISSING_PASSWORD_LOWERCASE]: ResetPasswordByEmailStatus.MISSING_PASSWORD_LOWERCASE,
+            [ResetPasswordByIdStatus.MISSING_PASSWORD_DIGIT]: ResetPasswordByEmailStatus.MISSING_PASSWORD_DIGIT,
+            [ResetPasswordByIdStatus.MISSING_PASSWORD_SPECIAL_CHAR]: ResetPasswordByEmailStatus.MISSING_PASSWORD_SPECIAL_CHAR,
+            [ResetPasswordByIdStatus.TOO_MANY_REQUEST]: ResetPasswordByEmailStatus.TOO_MANY_REQUEST,
+            [ResetPasswordByIdStatus.SUCCESS]: ResetPasswordByEmailStatus.SUCCESS,
+            [ResetPasswordByIdStatus.INTERNAL_ERROR]: ResetPasswordByEmailStatus.INTERNAL_ERROR,
+        };
+
+        return map[result];
+    }
+}