fiber-firebase-functions 1.0.3 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/README.md +74 -0
  2. package/lib/auth/is_user_disabled.js +37 -36
  3. package/lib/auth/is_user_disabled.js.map +1 -1
  4. package/lib/auth/is_user_exists.js +31 -30
  5. package/lib/auth/is_user_exists.js.map +1 -1
  6. package/lib/auth/otp.js +92 -25
  7. package/lib/auth/otp.js.map +1 -1
  8. package/lib/auth/reset_password.js +366 -0
  9. package/lib/auth/reset_password.js.map +1 -0
  10. package/lib/auth/user.js +44 -32
  11. package/lib/auth/user.js.map +1 -1
  12. package/lib/common/config.js +9 -5
  13. package/lib/common/config.js.map +1 -1
  14. package/lib/common/locale.js +119 -0
  15. package/lib/common/locale.js.map +1 -0
  16. package/lib/email/email.js +96 -0
  17. package/lib/email/email.js.map +1 -0
  18. package/lib/email/templates/new_user.js +491 -0
  19. package/lib/email/templates/new_user.js.map +1 -0
  20. package/{src/email/send_email.ts → lib/email/templates.js} +7 -17
  21. package/lib/email/templates.js.map +1 -0
  22. package/lib/index.js +6 -0
  23. package/lib/index.js.map +1 -1
  24. package/lib/middleware/rate_limiter.js +8 -8
  25. package/lib/middleware/rate_limiter.js.map +1 -1
  26. package/package.json +7 -5
  27. package/src/auth/is_user_disabled.ts +31 -29
  28. package/src/auth/is_user_exists.ts +25 -23
  29. package/src/auth/otp.ts +89 -24
  30. package/src/auth/reset_password.ts +359 -0
  31. package/src/auth/user.ts +34 -24
  32. package/src/common/config.ts +20 -10
  33. package/src/common/locale.ts +121 -0
  34. package/src/email/email.ts +70 -0
  35. package/src/email/templates/new_user.ts +493 -0
  36. package/src/email/templates.ts +34 -0
  37. package/src/index.ts +6 -0
  38. package/src/middleware/rate_limiter.ts +8 -8
  39. package/src/auth/update_password.ts +0 -224
package/src/auth/is_user_disabled.ts CHANGED
@@ -39,7 +39,7 @@ export enum UserDisabledByIdStatus {
39
39
  MISSING_USER_ID = "MISSING_USER_ID",
40
40
  ENABLED = "ENABLED",
41
41
  DISABLED = "DISABLED",
42
- NOT_FOUND = "NOT_FOUND",
42
+ USER_NOT_FOUND = "USER_NOT_FOUND",
43
43
  INTERNAL_ERROR = "INTERNAL_ERROR",
44
44
  }
45
45
 
@@ -47,46 +47,48 @@ export enum UserDisabledByEmailStatus {
47
47
  MISSING_USER_ID = "MISSING_USER_ID",
48
48
  ENABLED = "ENABLED",
49
49
  DISABLED = "DISABLED",
50
- NOT_FOUND = "NOT_FOUND",
50
+ USER_NOT_FOUND = "USER_NOT_FOUND",
51
51
  INTERNAL_ERROR = "INTERNAL_ERROR",
52
52
  }
53
53
 
54
- export async function isUserDisabledById(userId: string): Promise<UserDisabledByIdStatus> {
55
- userId = userId.trim();
54
+ export class IsUserDisabled {
55
+ static async withId(userId: string): Promise<UserDisabledByIdStatus> {
56
+ userId = userId.trim();
56
57
 
57
- if (!userId) return UserDisabledByIdStatus.MISSING_USER_ID;
58
+ if (!userId || userId === "") return UserDisabledByIdStatus.MISSING_USER_ID;
58
59
 
59
- try {
60
- const user = await admin.auth().getUser(userId);
61
- const isUserDisabled = user.disabled;
60
+ try {
61
+ const user = await admin.auth().getUser(userId);
62
+ const isUserDisabled = user.disabled;
62
63
 
63
- return isUserDisabled
64
- ? UserDisabledByIdStatus.DISABLED
65
- : UserDisabledByIdStatus.ENABLED;
66
- } catch (error: any) {
67
- if (error.code === "auth/user-not-found") {
68
- return UserDisabledByIdStatus.NOT_FOUND;
64
+ return isUserDisabled
65
+ ? UserDisabledByIdStatus.DISABLED
66
+ : UserDisabledByIdStatus.ENABLED;
67
+ } catch (error: any) {
68
+ if (error.code === "auth/user-not-found") {
69
+ return UserDisabledByIdStatus.USER_NOT_FOUND;
70
+ }
71
+ return UserDisabledByIdStatus.INTERNAL_ERROR;
69
72
  }
70
- return UserDisabledByIdStatus.INTERNAL_ERROR;
71
73
  }
72
- }
73
74
 
74
- export async function isUserDisabledByEmail(email: string): Promise<UserDisabledByEmailStatus> {
75
- email = email.trim();
75
+ static async withEmail(email: string): Promise<UserDisabledByEmailStatus> {
76
+ email = email.trim();
76
77
 
77
- if (!email) return UserDisabledByEmailStatus.MISSING_USER_ID;
78
+ if (!email || email === "") return UserDisabledByEmailStatus.MISSING_USER_ID;
78
79
 
79
- try {
80
- const user = await admin.auth().getUserByEmail(email);
81
- const isUserDisabled = user.disabled;
80
+ try {
81
+ const user = await admin.auth().getUserByEmail(email);
82
+ const isUserDisabled = user.disabled;
82
83
 
83
- return isUserDisabled
84
- ? UserDisabledByEmailStatus.DISABLED
85
- : UserDisabledByEmailStatus.ENABLED;
86
- } catch (error: any) {
87
- if (error.code === "auth/user-not-found") {
88
- return UserDisabledByEmailStatus.NOT_FOUND;
84
+ return isUserDisabled
85
+ ? UserDisabledByEmailStatus.DISABLED
86
+ : UserDisabledByEmailStatus.ENABLED;
87
+ } catch (error: any) {
88
+ if (error.code === "auth/user-not-found") {
89
+ return UserDisabledByEmailStatus.USER_NOT_FOUND;
90
+ }
91
+ return UserDisabledByEmailStatus.INTERNAL_ERROR;
89
92
  }
90
- return UserDisabledByEmailStatus.INTERNAL_ERROR;
91
93
  }
92
94
  }
package/src/auth/is_user_exists.ts CHANGED
@@ -38,47 +38,49 @@ if (admin.apps.length === 0) {
38
38
  export enum UserExistsByIdStatus {
39
39
  MISSING_USER_ID = "MISSING_USER_ID",
40
40
  EXISTS = "EXISTS",
41
- NOT_FOUND = "NOT_FOUND",
41
+ USER_NOT_FOUND = "USER_NOT_FOUND",
42
42
  INTERNAL_ERROR = "INTERNAL_ERROR",
43
43
  }
44
44
 
45
45
  export enum UserExistsByEmailStatus {
46
46
  MISSING_USER_EMAIL = "MISSING_USER_EMAIL",
47
47
  EXISTS = "EXISTS",
48
- NOT_FOUND = "NOT_FOUND",
48
+ USER_NOT_FOUND = "USER_NOT_FOUND",
49
49
  INTERNAL_ERROR = "INTERNAL_ERROR",
50
50
  }
51
51
 
52
- export async function isUserExistsById(userId: string): Promise<UserExistsByIdStatus> {
53
- userId = userId.trim();
52
+ export class IsUserExists {
53
+ static async withId(userId: string): Promise<UserExistsByIdStatus> {
54
+ userId = userId.trim();
54
55
 
55
- if (!userId || userId === "") return UserExistsByIdStatus.MISSING_USER_ID;
56
+ if (!userId || userId === "") return UserExistsByIdStatus.MISSING_USER_ID;
56
57
 
57
- try {
58
- await admin.auth().getUser(userId);
58
+ try {
59
+ await admin.auth().getUser(userId);
59
60
 
60
- return UserExistsByIdStatus.EXISTS;
61
- } catch (error: any) {
62
- if (error.code === "auth/user-not-found") {
63
- return UserExistsByIdStatus.NOT_FOUND;
61
+ return UserExistsByIdStatus.EXISTS;
62
+ } catch (error: any) {
63
+ if (error.code === "auth/user-not-found") {
64
+ return UserExistsByIdStatus.USER_NOT_FOUND;
65
+ }
66
+ return UserExistsByIdStatus.INTERNAL_ERROR;
64
67
  }
65
- return UserExistsByIdStatus.INTERNAL_ERROR;
66
68
  }
67
- }
68
69
 
69
- export async function isUserExistsByEmail(email: string): Promise<UserExistsByEmailStatus> {
70
- email = email.trim();
70
+ static async withEmail(email: string): Promise<UserExistsByEmailStatus> {
71
+ email = email.trim();
71
72
 
72
- if (!email || email === "") return UserExistsByEmailStatus.MISSING_USER_EMAIL;
73
+ if (!email || email === "") return UserExistsByEmailStatus.MISSING_USER_EMAIL;
73
74
 
74
- try {
75
- await admin.auth().getUserByEmail(email);
75
+ try {
76
+ await admin.auth().getUserByEmail(email);
76
77
 
77
- return UserExistsByEmailStatus.EXISTS;
78
- } catch (error: any) {
79
- if (error.code === "auth/user-not-found") {
80
- return UserExistsByEmailStatus.NOT_FOUND;
78
+ return UserExistsByEmailStatus.EXISTS;
79
+ } catch (error: any) {
80
+ if (error.code === "auth/user-not-found") {
81
+ return UserExistsByEmailStatus.USER_NOT_FOUND;
82
+ }
83
+ return UserExistsByEmailStatus.INTERNAL_ERROR;
81
84
  }
82
- return UserExistsByEmailStatus.INTERNAL_ERROR;
83
85
  }
84
86
  }
package/src/auth/otp.ts CHANGED
@@ -29,42 +29,107 @@
29
29
  * in legal action.
30
30
  */
31
31
 
32
+ import crypto from 'crypto';
32
33
  import * as admin from "firebase-admin";
34
+ import { appInitialize } from "../common/config";
33
35
 
34
36
  if (admin.apps.length === 0) {
35
37
  admin.initializeApp();
36
38
  }
37
39
 
38
- export enum GenerateOTPStatus {
39
- MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
40
- TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
40
+ export enum GenerateStatus {
41
+ MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
41
42
  SUCCESS = "SUCCESS",
42
- INTERNAL_ERROR = "INTERNAL_ERROR",
43
43
  }
44
44
 
45
- export interface GenerateOTPIdentifier {
46
- id: string;
47
- target: string;
45
+ export enum GetOTPStatus {
46
+ MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
47
+ OTP_NOT_FOUND = "OTP_NOT_FOUND",
48
+ OTP_FOUND = "OTP_FOUND",
48
49
  }
49
50
 
50
- // export async function generateOTP(identifier: GenerateOTPIdentifier): Promise<GenerateOTPStatus> {
51
- // const config = appInitialize();
52
- // const security = config.security;
51
+ export class Otp {
52
+ static async generate(userId: string, type: string): Promise<GenerateStatus> {
53
+ const config = appInitialize();
54
+ const otp = config.otp;
53
55
 
54
- // if (!security) return GenerateOTPStatus.MISSING_DATABASE_CONFIG;
56
+ if (otp.collection === undefined) return GenerateStatus.MISSING_OTP_CONFIG;
55
57
 
56
- // if (await isRateLimited(identifier, rule, databaseConfig) !== RateLimitCheckStatus.LIMIT_NOT_FOUND) {
57
- // return GenerateOTPStatus.TOO_MANY_REQUEST;
58
- // }
59
- // await recordRateLimitHit(identifier, rule, databaseConfig);
58
+ const now = Date.now();
59
+ const otpCode = OTPUtils.generate();
60
+ const hashOtp = OTPUtils.hash(otpCode);
60
61
 
61
- // try {
62
- // const database = realtimeDatabase(databaseConfig);
63
- // const reference = database.ref("__fbs__otp").child("feature");
64
- // const query = await reference.get();
62
+ await admin.firestore().collection(otp.collection).add({
63
+ __fbs__user_id: userId,
64
+ __fbs__created_at: now,
65
+ __fbs__otp_type: type,
66
+ __fbs__otp: hashOtp,
67
+ });
65
68
 
66
- // return GenerateOTPStatus.SUCCESS;
67
- // } catch (e) {
68
- // return GenerateOTPStatus.INTERNAL_ERROR;
69
- // }
70
- // }
69
+ return GenerateStatus.SUCCESS;
70
+ }
71
+
72
+ static async get(userId: string, type: string): Promise<{ status: GetOTPStatus; otp?: string; }> {
73
+ const config = appInitialize();
74
+ const otp = config.otp;
75
+
76
+ if (otp.collection === undefined) return { status: GetOTPStatus.MISSING_OTP_CONFIG };
77
+
78
+ const snapshot = await admin.firestore()
79
+ .collection(otp.collection)
80
+ .where("__fbs__user_id", "==", userId)
81
+ .where("__fbs__otp_type", "==", type)
82
+ .orderBy("__fbs__created_at", "desc")
83
+ .limit(1)
84
+ .get();
85
+
86
+ if (snapshot.docs.length === 0) return { status: GetOTPStatus.OTP_NOT_FOUND };
87
+
88
+ const doc = snapshot.docs[0];
89
+ const data = doc?.data();
90
+ const otpCode = data?.__fbs__otp as string;
91
+
92
+ return { status: GetOTPStatus.MISSING_OTP_CONFIG, otp: otpCode };
93
+ }
94
+ }
95
+
96
+ class OTPUtils {
97
+ static generate(): string {
98
+ while (true) {
99
+ const buffer = crypto.randomBytes(4);
100
+ const number = buffer.readUInt32BE();
101
+ const otp = (number % 1000000).toString().padStart(6, '0');
102
+
103
+ if (this.hasAllIdenticalDigits(otp)) continue;
104
+ if (this.hasRepeatingPattern(otp)) continue;
105
+ if (this.hasMoreThanThreeConsecutiveIdenticalDigits(otp)) continue;
106
+
107
+ return otp;
108
+ }
109
+ }
110
+
111
+ static hash(otp: string): string {
112
+ return crypto.createHash('sha256').update(otp).digest('hex');
113
+ }
114
+
115
+ private static hasAllIdenticalDigits(str: string): boolean {
116
+ return /^(\d)\1{5}$/.test(str);
117
+ }
118
+
119
+ private static hasMoreThanThreeConsecutiveIdenticalDigits(str: string): boolean {
120
+ return /(\d)\1{3,}/.test(str);
121
+ }
122
+
123
+ private static hasRepeatingPattern(str: string): boolean {
124
+ const half = str.slice(0, 3);
125
+ if (half.repeat(2) === str) return true;
126
+
127
+ const pairs = str.match(/(..)/g);
128
+ if (pairs && pairs.length === 3 && new Set(pairs).size === 1) return true;
129
+
130
+ const mirror = half + half.split('').reverse().join('');
131
+ if (str === mirror) return true;
132
+
133
+ return false;
134
+ }
135
+ }
package/src/auth/reset_password.ts ADDED
@@ -0,0 +1,359 @@
1
+ /*
2
+ * Copyright (C) 2025 Fiber
3
+ *
4
+ * All rights reserved. This script, including its code and logic, is the
5
+ * exclusive property of Fiber. Redistribution, reproduction,
6
+ * or modification of any part of this script is strictly prohibited
7
+ * without prior written permission from Fiber.
8
+ *
9
+ * Conditions of use:
10
+ * - The code may not be copied, duplicated, or used, in whole or in part,
11
+ * for any purpose without explicit authorization.
12
+ * - Redistribution of this code, with or without modification, is not
13
+ * permitted unless expressly agreed upon by Fiber.
14
+ * - The name "Fiber" and any associated branding, logos, or
15
+ * trademarks may not be used to endorse or promote derived products
16
+ * or services without prior written approval.
17
+ *
18
+ * Disclaimer:
19
+ * THIS SCRIPT AND ITS CODE ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
20
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY,
21
+ * FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL
22
+ * FIBER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO LOSS OF USE,
24
+ * DATA, PROFITS, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATED TO THE USE
25
+ * OR INABILITY TO USE THIS SCRIPT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
+ *
27
+ * Unauthorized copying or reproduction of this script, in whole or in part,
28
+ * is a violation of applicable intellectual property laws and will result
29
+ * in legal action.
30
+ */
31
+
32
+ import * as admin from "firebase-admin";
33
+ import validator from "validator";
34
+ import { appInitialize } from "../common/config";
35
+ import { isRateLimited, RateLimitCheckStatus, RateLimitIdentifier, RateLimitRule, recordRateLimitHit } from "../middleware/rate_limiter";
36
+ import { IsUserDisabled, UserDisabledByIdStatus } from "./is_user_disabled";
37
+ import { IsUserExists, UserExistsByIdStatus } from "./is_user_exists";
38
+ import { Otp } from "./otp";
39
+ import { User, UserByEmailStatus } from "./user";
40
+
41
+ if (admin.apps.length === 0) {
42
+ admin.initializeApp();
43
+ }
44
+
45
+ export enum ResetPasswordByEmailStatus {
46
+ MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
47
+ MISSING_USER_EMAIL = "MISSING_USER_EMAIL",
48
+ MISSING_NEW_PASSWORD = "MISSING_NEW_PASSWORD",
49
+ MISSING_CONFIRM_NEW_PASSWORD = "MISSING_CONFIRM_NEW_PASSWORD",
50
+ MISSING_PASSWORD_POLICY = "MISSING_PASSWORD_POLICY",
51
+ NOT_IDENTICAL_CONFIRM_PASSWORD = "NOT_IDENTICAL_CONFIRM_PASSWORD",
52
+ USER_NOT_FOUND = "USER_NOT_FOUND",
53
+ USER_DISABLED = "USER_DISABLED",
54
+ WEAK_NEW_PASSWORD = "WEAK_NEW_PASSWORD",
55
+ MISSING_PASSWORD_UPPERCASE = "MISSING_PASSWORD_UPPERCASE",
56
+ MISSING_PASSWORD_LOWERCASE = "MISSING_PASSWORD_LOWERCASE",
57
+ MISSING_PASSWORD_DIGIT = "MISSING_PASSWORD_DIGIT",
58
+ MISSING_PASSWORD_SPECIAL_CHAR = "MISSING_PASSWORD_SPECIAL_CHAR",
59
+ TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
60
+ INVALID_EMAIL_FORMAT = "INVALID_EMAIL_FORMAT",
61
+ SUCCESS = "SUCCESS",
62
+ INTERNAL_ERROR = "INTERNAL_ERROR",
63
+ }
64
+
65
+ export enum ResetPasswordByIdStatus {
66
+ MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
67
+ MISSING_USER_ID = "MISSING_USER_ID",
68
+ MISSING_NEW_PASSWORD = "MISSING_NEW_PASSWORD",
69
+ MISSING_CONFIRM_NEW_PASSWORD = "MISSING_CONFIRM_NEW_PASSWORD",
70
+ MISSING_PASSWORD_POLICY = "MISSING_PASSWORD_POLICY",
71
+ NOT_IDENTICAL_CONFIRM_PASSWORD = "NOT_IDENTICAL_CONFIRM_PASSWORD",
72
+ USER_NOT_FOUND = "USER_NOT_FOUND",
73
+ USER_DISABLED = "USER_DISABLED",
74
+ WEAK_NEW_PASSWORD = "WEAK_NEW_PASSWORD",
75
+ MISSING_PASSWORD_UPPERCASE = "MISSING_PASSWORD_UPPERCASE",
76
+ MISSING_PASSWORD_LOWERCASE = "MISSING_PASSWORD_LOWERCASE",
77
+ MISSING_PASSWORD_DIGIT = "MISSING_PASSWORD_DIGIT",
78
+ MISSING_PASSWORD_SPECIAL_CHAR = "MISSING_PASSWORD_SPECIAL_CHAR",
79
+ TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
80
+ SUCCESS = "SUCCESS",
81
+ INTERNAL_ERROR = "INTERNAL_ERROR",
82
+ }
83
+
84
+ export enum RequestResetPasswordByIdStatus {
85
+ MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
86
+ MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
87
+ MISSING_USER_ID = "MISSING_USER_ID",
88
+ TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
89
+ USER_NOT_FOUND = "USER_NOT_FOUND",
90
+ USER_DISABLED = "USER_DISABLED",
91
+ SUCCESS = "SUCCESS",
92
+ INTERNAL_ERROR = "INTERNAL_ERROR",
93
+ }
94
+
95
+ export enum RequestResetPasswordByEmailStatus {
96
+ MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
97
+ MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
98
+ MISSING_USER_EMAIL = "MISSING_USER_EMAIL",
99
+ TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
100
+ USER_NOT_FOUND = "USER_NOT_FOUND",
101
+ USER_DISABLED = "USER_DISABLED",
102
+ INVALID_EMAIL_FORMAT = "INVALID_EMAIL_FORMAT",
103
+ SUCCESS = "SUCCESS",
104
+ INTERNAL_ERROR = "INTERNAL_ERROR",
105
+ }
106
+
107
+ export enum VerifyResetPasswordOtpStatus {
108
+ MISSING_OTP_CONFIG = "MISSING_OTP_CONFIG",
109
+ MISSING_DATABASE_CONFIG = "MISSING_DATABASE_CONFIG",
110
+ MISSING_USER_EMAIL = "MISSING_USER_EMAIL",
111
+ TOO_MANY_REQUEST = "TOO_MANY_REQUEST",
112
+ USER_NOT_FOUND = "USER_NOT_FOUND",
113
+ USER_DISABLED = "USER_DISABLED",
114
+ INVALID_EMAIL_FORMAT = "INVALID_EMAIL_FORMAT",
115
+ SUCCESS = "SUCCESS",
116
+ INTERNAL_ERROR = "INTERNAL_ERROR",
117
+ }
118
+
119
+ export interface PasswordPolicy {
120
+ minLength: number;
121
+ requireUppercase: boolean;
122
+ requireLowercase: boolean;
123
+ requireDigit: boolean;
124
+ requireSpecial: boolean;
125
+ }
126
+
127
+ export interface ResetPassword {
128
+ newPassword: string;
129
+ confirmNewPassword: string;
130
+ passwordPolicy: PasswordPolicy;
131
+ }
132
+
133
+ export class RequestResetPassword {
134
+ static async withId(userId: string): Promise<RequestResetPasswordByIdStatus> {
135
+ const config = appInitialize();
136
+ const otp = config.otp;
137
+ const rateLimiter = config.rateLimiter;
138
+
139
+ if (!otp || otp.collection === undefined) return RequestResetPasswordByIdStatus.MISSING_OTP_CONFIG;
140
+ if (!rateLimiter || rateLimiter.appName === undefined || rateLimiter.url === undefined) {
141
+ return RequestResetPasswordByIdStatus.MISSING_DATABASE_CONFIG;
142
+ }
143
+
144
+ userId = userId.trim();
145
+ if (!userId || userId === "") return RequestResetPasswordByIdStatus.MISSING_USER_ID;
146
+
147
+ const identifier: RateLimitIdentifier = {
148
+ id: userId,
149
+ target: "request_reset_password"
150
+ };
151
+
152
+ const rule: RateLimitRule = {
153
+ ttl: 2 * 60 * 1000,
154
+ windowMs: 3 * 60 * 1000,
155
+ maxHits: 5,
156
+ };
157
+
158
+ const userExists = await IsUserExists.withId(userId);
159
+ if (userExists === UserExistsByIdStatus.MISSING_USER_ID) return RequestResetPasswordByIdStatus.MISSING_USER_ID;
160
+ if (userExists === UserExistsByIdStatus.INTERNAL_ERROR) return RequestResetPasswordByIdStatus.INTERNAL_ERROR;
161
+ if (userExists === UserExistsByIdStatus.USER_NOT_FOUND) return RequestResetPasswordByIdStatus.USER_NOT_FOUND;
162
+
163
+ const userDisabled = await IsUserDisabled.withId(userId);
164
+ if (userDisabled === UserDisabledByIdStatus.MISSING_USER_ID) {
165
+ return RequestResetPasswordByIdStatus.MISSING_USER_ID;
166
+ }
167
+ if (userDisabled === UserDisabledByIdStatus.INTERNAL_ERROR) {
168
+ return RequestResetPasswordByIdStatus.INTERNAL_ERROR;
169
+ }
170
+ if (userDisabled === UserDisabledByIdStatus.USER_NOT_FOUND) {
171
+ return RequestResetPasswordByIdStatus.USER_NOT_FOUND;
172
+ }
173
+
174
+ const rateLimited = await isRateLimited(identifier, rule);
175
+ if (rateLimited === RateLimitCheckStatus.MISSING_DATABASE_CONFIG ||
176
+ rateLimited === RateLimitCheckStatus.MISSING_IDENTIFIER_ID ||
177
+ rateLimited === RateLimitCheckStatus.MISSING_IDENTIFIER_TARGET
178
+ ) {
179
+ return RequestResetPasswordByIdStatus.MISSING_DATABASE_CONFIG;
180
+ }
181
+ if (rateLimited === RateLimitCheckStatus.INTERNAL_ERROR) return RequestResetPasswordByIdStatus.INTERNAL_ERROR;
182
+ if (rateLimited === RateLimitCheckStatus.LIMIT_EXISTS) return RequestResetPasswordByIdStatus.TOO_MANY_REQUEST;
183
+
184
+ await recordRateLimitHit(identifier, rule);
185
+
186
+ await Otp.generate(userId, "request_reset_password");
187
+
188
+ return RequestResetPasswordByIdStatus.SUCCESS;
189
+ }
190
+
191
+ static async withEmail(email: string): Promise<RequestResetPasswordByEmailStatus> {
192
+ email = email.trim();
193
+ if (!email || email === "") return RequestResetPasswordByEmailStatus.MISSING_USER_EMAIL;
194
+
195
+ if (!validator.isEmail(email)) return RequestResetPasswordByEmailStatus.INVALID_EMAIL_FORMAT;
196
+
197
+ const user = await User.withEmail(email);
198
+ if (user.status === UserByEmailStatus.INTERNAL_ERROR) return RequestResetPasswordByEmailStatus.INTERNAL_ERROR;
199
+ if (user.status === UserByEmailStatus.MISSING_EMAIL) {
200
+ return RequestResetPasswordByEmailStatus.MISSING_USER_EMAIL;
201
+ }
202
+ if (user.status === UserByEmailStatus.USER_NOT_FOUND) return RequestResetPasswordByEmailStatus.USER_NOT_FOUND;
203
+
204
+ const userId = user.user?.uid;
205
+ if (!userId || userId === undefined) return RequestResetPasswordByEmailStatus.INTERNAL_ERROR;
206
+
207
+ const result = await this.withId(userId);
208
+
209
+ const map = {
210
+ [RequestResetPasswordByIdStatus.MISSING_OTP_CONFIG]: RequestResetPasswordByEmailStatus.MISSING_OTP_CONFIG,
211
+ [RequestResetPasswordByIdStatus.MISSING_DATABASE_CONFIG]: RequestResetPasswordByEmailStatus.MISSING_DATABASE_CONFIG,
212
+ [RequestResetPasswordByIdStatus.MISSING_USER_ID]: RequestResetPasswordByEmailStatus.MISSING_USER_EMAIL,
213
+ [RequestResetPasswordByIdStatus.TOO_MANY_REQUEST]: RequestResetPasswordByEmailStatus.TOO_MANY_REQUEST,
214
+ [RequestResetPasswordByIdStatus.USER_NOT_FOUND]: RequestResetPasswordByEmailStatus.USER_NOT_FOUND,
215
+ [RequestResetPasswordByIdStatus.USER_DISABLED]: RequestResetPasswordByEmailStatus.USER_DISABLED,
216
+ [RequestResetPasswordByIdStatus.SUCCESS]: RequestResetPasswordByEmailStatus.SUCCESS,
217
+ [RequestResetPasswordByIdStatus.INTERNAL_ERROR]: RequestResetPasswordByEmailStatus.INTERNAL_ERROR,
218
+ };
219
+
220
+ return map[result];
221
+ }
222
+ }
223
+
224
+ export class VerifyRequestResetPasswordOTP {
225
+ static async withId(userId: string, otp: string): Promise<void> {
226
+
227
+ }
228
+
229
+ static async withEmail(email: string, otp: string): Promise<void> {
230
+
231
+ }
232
+ }
233
+
234
+ export class ResetPassword {
235
+ static async withId(userId: string, password: ResetPassword): Promise<ResetPasswordByIdStatus> {
236
+ const config = appInitialize();
237
+ const rateLimiter = config.rateLimiter;
238
+
239
+ if (rateLimiter.appName === undefined || rateLimiter.url === undefined) {
240
+ return ResetPasswordByIdStatus.MISSING_DATABASE_CONFIG;
241
+ }
242
+
243
+ userId = userId.trim();
244
+
245
+ if (!userId || userId === "") return ResetPasswordByIdStatus.MISSING_USER_ID;
246
+
247
+ const newPassword = password.newPassword.trim();
248
+ const confirmNewPassword = password.confirmNewPassword.trim();
249
+
250
+ if (!newPassword || newPassword === "") return ResetPasswordByIdStatus.MISSING_NEW_PASSWORD;
251
+ if (!confirmNewPassword || confirmNewPassword === "") return ResetPasswordByIdStatus.MISSING_CONFIRM_NEW_PASSWORD;
252
+
253
+ const passwordPolicy = password.passwordPolicy;
254
+
255
+ if (!passwordPolicy) return ResetPasswordByIdStatus.MISSING_PASSWORD_POLICY;
256
+
257
+ const identifier: RateLimitIdentifier = {
258
+ id: userId,
259
+ target: "reset_password"
260
+ };
261
+
262
+ const rule: RateLimitRule = {
263
+ ttl: 2 * 60 * 1000,
264
+ windowMs: 3 * 60 * 1000,
265
+ maxHits: 5,
266
+ };
267
+
268
+ const rateLimited = await isRateLimited(identifier, rule);
269
+ if (rateLimited === RateLimitCheckStatus.MISSING_DATABASE_CONFIG ||
270
+ rateLimited === RateLimitCheckStatus.MISSING_IDENTIFIER_ID ||
271
+ rateLimited === RateLimitCheckStatus.MISSING_IDENTIFIER_TARGET
272
+ ) {
273
+ return ResetPasswordByIdStatus.MISSING_DATABASE_CONFIG;
274
+ }
275
+ if (rateLimited === RateLimitCheckStatus.INTERNAL_ERROR) return ResetPasswordByIdStatus.INTERNAL_ERROR;
276
+ if (rateLimited === RateLimitCheckStatus.LIMIT_EXISTS) return ResetPasswordByIdStatus.TOO_MANY_REQUEST;
277
+
278
+ await recordRateLimitHit(identifier, rule);
279
+
280
+ const userExists = await IsUserExists.withId(userId);
281
+ if (userExists === UserExistsByIdStatus.MISSING_USER_ID) return ResetPasswordByIdStatus.MISSING_USER_ID;
282
+ if (userExists === UserExistsByIdStatus.INTERNAL_ERROR) return ResetPasswordByIdStatus.INTERNAL_ERROR;
283
+ if (userExists === UserExistsByIdStatus.USER_NOT_FOUND) return ResetPasswordByIdStatus.USER_NOT_FOUND;
284
+
285
+ const userDisabled = await IsUserDisabled.withId(userId);
286
+ if (userDisabled === UserDisabledByIdStatus.MISSING_USER_ID) {
287
+ return ResetPasswordByIdStatus.MISSING_USER_ID;
288
+ }
289
+ if (userDisabled === UserDisabledByIdStatus.INTERNAL_ERROR) {
290
+ return ResetPasswordByIdStatus.INTERNAL_ERROR;
291
+ }
292
+ if (userDisabled === UserDisabledByIdStatus.USER_NOT_FOUND) {
293
+ return ResetPasswordByIdStatus.USER_NOT_FOUND;
294
+ }
295
+
296
+ if (newPassword !== confirmNewPassword) return ResetPasswordByIdStatus.NOT_IDENTICAL_CONFIRM_PASSWORD;
297
+
298
+ const requiredMin = Math.max(6, passwordPolicy.minLength);
299
+ if (newPassword.length < requiredMin) return ResetPasswordByIdStatus.WEAK_NEW_PASSWORD;
300
+
301
+ const rules = [
302
+ { enabled: passwordPolicy.requireUppercase, regex: /[A-Z]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_UPPERCASE },
303
+ { enabled: passwordPolicy.requireLowercase, regex: /[a-z]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_LOWERCASE },
304
+ { enabled: passwordPolicy.requireDigit, regex: /[0-9]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_DIGIT },
305
+ { enabled: passwordPolicy.requireSpecial, regex: /[^A-Za-z0-9]/, error: ResetPasswordByIdStatus.MISSING_PASSWORD_SPECIAL_CHAR },
306
+ ];
307
+
308
+ for (const rule of rules) {
309
+ if (rule.enabled && !rule.regex.test(newPassword)) return rule.error;
310
+ }
311
+
312
+ try {
313
+ await admin.auth().updateUser(userId, { password: newPassword });
314
+ return ResetPasswordByIdStatus.SUCCESS;
315
+ } catch (error: any) {
316
+ return ResetPasswordByIdStatus.INTERNAL_ERROR;
317
+ }
318
+ }
319
+
320
+ static async withEmail(email: string, password: ResetPassword): Promise<ResetPasswordByEmailStatus> {
321
+ email = email.trim();
322
+ if (!email || email === "") return ResetPasswordByEmailStatus.MISSING_USER_EMAIL;
323
+
324
+ if (!validator.isEmail(email)) return ResetPasswordByEmailStatus.INVALID_EMAIL_FORMAT;
325
+
326
+ const user = await User.withEmail(email);
327
+ if (user.status === UserByEmailStatus.INTERNAL_ERROR) return ResetPasswordByEmailStatus.INTERNAL_ERROR;
328
+ if (user.status === UserByEmailStatus.MISSING_EMAIL) {
329
+ return ResetPasswordByEmailStatus.MISSING_USER_EMAIL;
330
+ }
331
+ if (user.status === UserByEmailStatus.USER_NOT_FOUND) return ResetPasswordByEmailStatus.USER_NOT_FOUND;
332
+
333
+ const userId = user.user?.uid;
334
+ if (!userId || userId === undefined) return ResetPasswordByEmailStatus.INTERNAL_ERROR;
335
+
336
+ const result = await this.withId(userId, password);
337
+
338
+ const map = {
339
+ [ResetPasswordByIdStatus.MISSING_DATABASE_CONFIG]: ResetPasswordByEmailStatus.MISSING_DATABASE_CONFIG,
340
+ [ResetPasswordByIdStatus.MISSING_USER_ID]: ResetPasswordByEmailStatus.MISSING_USER_EMAIL,
341
+ [ResetPasswordByIdStatus.MISSING_NEW_PASSWORD]: ResetPasswordByEmailStatus.MISSING_NEW_PASSWORD,
342
+ [ResetPasswordByIdStatus.MISSING_CONFIRM_NEW_PASSWORD]: ResetPasswordByEmailStatus.MISSING_CONFIRM_NEW_PASSWORD,
343
+ [ResetPasswordByIdStatus.MISSING_PASSWORD_POLICY]: ResetPasswordByEmailStatus.MISSING_PASSWORD_POLICY,
344
+ [ResetPasswordByIdStatus.NOT_IDENTICAL_CONFIRM_PASSWORD]: ResetPasswordByEmailStatus.NOT_IDENTICAL_CONFIRM_PASSWORD,
345
+ [ResetPasswordByIdStatus.USER_NOT_FOUND]: ResetPasswordByEmailStatus.USER_NOT_FOUND,
346
+ [ResetPasswordByIdStatus.USER_DISABLED]: ResetPasswordByEmailStatus.USER_DISABLED,
347
+ [ResetPasswordByIdStatus.WEAK_NEW_PASSWORD]: ResetPasswordByEmailStatus.WEAK_NEW_PASSWORD,
348
+ [ResetPasswordByIdStatus.MISSING_PASSWORD_UPPERCASE]: ResetPasswordByEmailStatus.MISSING_PASSWORD_UPPERCASE,
349
+ [ResetPasswordByIdStatus.MISSING_PASSWORD_LOWERCASE]: ResetPasswordByEmailStatus.MISSING_PASSWORD_LOWERCASE,
350
+ [ResetPasswordByIdStatus.MISSING_PASSWORD_DIGIT]: ResetPasswordByEmailStatus.MISSING_PASSWORD_DIGIT,
351
+ [ResetPasswordByIdStatus.MISSING_PASSWORD_SPECIAL_CHAR]: ResetPasswordByEmailStatus.MISSING_PASSWORD_SPECIAL_CHAR,
352
+ [ResetPasswordByIdStatus.TOO_MANY_REQUEST]: ResetPasswordByEmailStatus.TOO_MANY_REQUEST,
353
+ [ResetPasswordByIdStatus.SUCCESS]: ResetPasswordByEmailStatus.SUCCESS,
354
+ [ResetPasswordByIdStatus.INTERNAL_ERROR]: ResetPasswordByEmailStatus.INTERNAL_ERROR,
355
+ };
356
+
357
+ return map[result];
358
+ }
359
+ }