firebase-admin 10.2.0 → 11.0.1

package/lib/app-check/token-generator.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * @license
@@ -16,41 +16,30 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-var __assign = (this && this.__assign) || function () {
-    __assign = Object.assign || function(t) {
-        for (var s, i = 1, n = arguments.length; i < n; i++) {
-            s = arguments[i];
-            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
-                t[p] = s[p];
-        }
-        return t;
-    };
-    return __assign.apply(this, arguments);
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.appCheckErrorFromCryptoSignerError = exports.AppCheckTokenGenerator = void 0;
-var validator = require("../utils/validator");
-var utils_1 = require("../utils");
-var crypto_signer_1 = require("../utils/crypto-signer");
-var app_check_api_client_internal_1 = require("./app-check-api-client-internal");
-var ONE_MINUTE_IN_SECONDS = 60;
-var ONE_MINUTE_IN_MILLIS = ONE_MINUTE_IN_SECONDS * 1000;
-var ONE_DAY_IN_MILLIS = 24 * 60 * 60 * 1000;
+const validator = require("../utils/validator");
+const utils_1 = require("../utils");
+const crypto_signer_1 = require("../utils/crypto-signer");
+const app_check_api_client_internal_1 = require("./app-check-api-client-internal");
+const ONE_MINUTE_IN_SECONDS = 60;
+const ONE_MINUTE_IN_MILLIS = ONE_MINUTE_IN_SECONDS * 1000;
+const ONE_DAY_IN_MILLIS = 24 * 60 * 60 * 1000;
 // Audience to use for Firebase App Check Custom tokens
-var FIREBASE_APP_CHECK_AUDIENCE = 'https://firebaseappcheck.googleapis.com/google.firebase.appcheck.v1.TokenExchangeService';
+const FIREBASE_APP_CHECK_AUDIENCE = 'https://firebaseappcheck.googleapis.com/google.firebase.appcheck.v1.TokenExchangeService';
 /**
  * Class for generating Firebase App Check tokens.
  *
  * @internal
  */
-var AppCheckTokenGenerator = /** @class */ (function () {
+class AppCheckTokenGenerator {
     /**
      * The AppCheckTokenGenerator class constructor.
      *
      * @param signer - The CryptoSigner instance for this token generator.
      * @constructor
      */
-    function AppCheckTokenGenerator(signer) {
+    constructor(signer) {
         if (!validator.isNonNullObject(signer)) {
             throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'INTERNAL ASSERT: Must provide a CryptoSigner to use AppCheckTokenGenerator.');
         }
@@ -64,35 +53,42 @@ var AppCheckTokenGenerator = /** @class */ (function () {
      * @returns A Promise fulfilled with a custom token signed with a service account key
      * that can be exchanged to an App Check token.
      */
-    AppCheckTokenGenerator.prototype.createCustomToken = function (appId, options) {
-        var _this = this;
+    createCustomToken(appId, options) {
         if (!validator.isNonEmptyString(appId)) {
             throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', '`appId` must be a non-empty string.');
         }
-        var customOptions = {};
+        let customOptions = {};
         if (typeof options !== 'undefined') {
             customOptions = this.validateTokenOptions(options);
         }
-        return this.signer.getAccountId().then(function (account) {
-            var header = {
-                alg: _this.signer.algorithm,
+        return this.signer.getAccountId().then((account) => {
+            const header = {
+                alg: this.signer.algorithm,
                 typ: 'JWT',
             };
-            var iat = Math.floor(Date.now() / 1000);
-            var body = __assign({ iss: account, sub: account, app_id: appId, aud: FIREBASE_APP_CHECK_AUDIENCE, exp: iat + (ONE_MINUTE_IN_SECONDS * 5), iat: iat }, customOptions);
-            var token = _this.encodeSegment(header) + "." + _this.encodeSegment(body);
-            return _this.signer.sign(Buffer.from(token))
-                .then(function (signature) {
-                return token + "." + _this.encodeSegment(signature);
+            const iat = Math.floor(Date.now() / 1000);
+            const body = {
+                iss: account,
+                sub: account,
+                app_id: appId,
+                aud: FIREBASE_APP_CHECK_AUDIENCE,
+                exp: iat + (ONE_MINUTE_IN_SECONDS * 5),
+                iat,
+                ...customOptions,
+            };
+            const token = `${this.encodeSegment(header)}.${this.encodeSegment(body)}`;
+            return this.signer.sign(Buffer.from(token))
+                .then((signature) => {
+                return `${token}.${this.encodeSegment(signature)}`;
             });
-        }).catch(function (err) {
+        }).catch((err) => {
             throw appCheckErrorFromCryptoSignerError(err);
         });
-    };
-    AppCheckTokenGenerator.prototype.encodeSegment = function (segment) {
-        var buffer = (segment instanceof Buffer) ? segment : Buffer.from(JSON.stringify(segment));
-        return utils_1.toWebSafeBase64(buffer).replace(/=+$/, '');
-    };
+    }
+    encodeSegment(segment) {
+        const buffer = (segment instanceof Buffer) ? segment : Buffer.from(JSON.stringify(segment));
+        return (0, utils_1.toWebSafeBase64)(buffer).replace(/=+$/, '');
+    }
     /**
      * Checks if a given `AppCheckTokenOptions` object is valid. If successful, returns an object with
      * custom properties.
@@ -100,7 +96,7 @@ var AppCheckTokenGenerator = /** @class */ (function () {
      * @param options - An options object to be validated.
      * @returns A custom object with ttl converted to protobuf Duration string format.
      */
-    AppCheckTokenGenerator.prototype.validateTokenOptions = function (options) {
+    validateTokenOptions(options) {
         if (!validator.isNonNullObject(options)) {
             throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'AppCheckTokenOptions must be a non-null object.');
         }
@@ -112,12 +108,11 @@ var AppCheckTokenGenerator = /** @class */ (function () {
             if (options.ttlMillis < (ONE_MINUTE_IN_MILLIS * 30) || options.ttlMillis > (ONE_DAY_IN_MILLIS * 7)) {
                 throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'ttlMillis must be a duration in milliseconds between 30 minutes and 7 days (inclusive).');
             }
-            return { ttl: utils_1.transformMillisecondsToSecondsString(options.ttlMillis) };
+            return { ttl: (0, utils_1.transformMillisecondsToSecondsString)(options.ttlMillis) };
         }
         return {};
-    };
-    return AppCheckTokenGenerator;
-}());
+    }
+}
 exports.AppCheckTokenGenerator = AppCheckTokenGenerator;
 /**
  * Creates a new `FirebaseAppCheckError` by extracting the error code, message and other relevant
@@ -131,16 +126,16 @@ function appCheckErrorFromCryptoSignerError(err) {
         return err;
     }
     if (err.code === crypto_signer_1.CryptoSignerErrorCode.SERVER_ERROR && validator.isNonNullObject(err.cause)) {
-        var httpError = err.cause;
-        var errorResponse = httpError.response.data;
-        if (errorResponse === null || errorResponse === void 0 ? void 0 : errorResponse.error) {
-            var status = errorResponse.error.status;
-            var description = errorResponse.error.message || JSON.stringify(httpError.response);
-            var code = 'unknown-error';
+        const httpError = err.cause;
+        const errorResponse = httpError.response.data;
+        if (errorResponse?.error) {
+            const status = errorResponse.error.status;
+            const description = errorResponse.error.message || JSON.stringify(httpError.response);
+            let code = 'unknown-error';
             if (status && status in app_check_api_client_internal_1.APP_CHECK_ERROR_CODE_MAPPING) {
                 code = app_check_api_client_internal_1.APP_CHECK_ERROR_CODE_MAPPING[status];
             }
-            return new app_check_api_client_internal_1.FirebaseAppCheckError(code, "Error returned from server while signing a custom token: " + description);
+            return new app_check_api_client_internal_1.FirebaseAppCheckError(code, `Error returned from server while signing a custom token: ${description}`);
         }
         return new app_check_api_client_internal_1.FirebaseAppCheckError('internal-error', 'Error returned from server: ' + JSON.stringify(errorResponse) + '.');
     }

package/lib/app-check/token-verifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/app-check/token-verifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.
@@ -17,19 +17,19 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AppCheckTokenVerifier = void 0;
-var validator = require("../utils/validator");
-var util = require("../utils/index");
-var app_check_api_client_internal_1 = require("./app-check-api-client-internal");
-var jwt_1 = require("../utils/jwt");
-var APP_CHECK_ISSUER = 'https://firebaseappcheck.googleapis.com/';
-var JWKS_URL = 'https://firebaseappcheck.googleapis.com/v1/jwks';
+const validator = require("../utils/validator");
+const util = require("../utils/index");
+const app_check_api_client_internal_1 = require("./app-check-api-client-internal");
+const jwt_1 = require("../utils/jwt");
+const APP_CHECK_ISSUER = 'https://firebaseappcheck.googleapis.com/';
+const JWKS_URL = 'https://firebaseappcheck.googleapis.com/v1/jwks';
 /**
  * Class for verifying Firebase App Check tokens.
  *
  * @internal
  */
-var AppCheckTokenVerifier = /** @class */ (function () {
-    function AppCheckTokenVerifier(app) {
+class AppCheckTokenVerifier {
+    constructor(app) {
         this.app = app;
         this.signatureVerifier = jwt_1.PublicKeySignatureVerifier.withJwksUrl(JWKS_URL);
     }
@@ -39,61 +39,59 @@ var AppCheckTokenVerifier = /** @class */ (function () {
      * @param token - The Firebase Auth JWT token to verify.
      * @returns A promise fulfilled with the decoded claims of the Firebase App Check token.
      */
-    AppCheckTokenVerifier.prototype.verifyToken = function (token) {
-        var _this = this;
+    verifyToken(token) {
         if (!validator.isString(token)) {
             throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'App check token must be a non-null string.');
         }
         return this.ensureProjectId()
-            .then(function (projectId) {
-            return _this.decodeAndVerify(token, projectId);
+            .then((projectId) => {
+            return this.decodeAndVerify(token, projectId);
         })
-            .then(function (decoded) {
-            var decodedAppCheckToken = decoded.payload;
+            .then((decoded) => {
+            const decodedAppCheckToken = decoded.payload;
             decodedAppCheckToken.app_id = decodedAppCheckToken.sub;
             return decodedAppCheckToken;
         });
-    };
-    AppCheckTokenVerifier.prototype.ensureProjectId = function () {
+    }
+    ensureProjectId() {
         return util.findProjectId(this.app)
-            .then(function (projectId) {
+            .then((projectId) => {
             if (!validator.isNonEmptyString(projectId)) {
                 throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-credential', 'Must initialize app with a cert credential or set your Firebase project ID as the ' +
                     'GOOGLE_CLOUD_PROJECT environment variable to verify an App Check token.');
             }
             return projectId;
         });
-    };
-    AppCheckTokenVerifier.prototype.decodeAndVerify = function (token, projectId) {
-        var _this = this;
+    }
+    decodeAndVerify(token, projectId) {
         return this.safeDecode(token)
-            .then(function (decodedToken) {
-            _this.verifyContent(decodedToken, projectId);
-            return _this.verifySignature(token)
-                .then(function () { return decodedToken; });
+            .then((decodedToken) => {
+            this.verifyContent(decodedToken, projectId);
+            return this.verifySignature(token)
+                .then(() => decodedToken);
         });
-    };
-    AppCheckTokenVerifier.prototype.safeDecode = function (jwtToken) {
-        return jwt_1.decodeJwt(jwtToken)
-            .catch(function () {
-            var errorMessage = 'Decoding App Check token failed. Make sure you passed ' +
+    }
+    safeDecode(jwtToken) {
+        return (0, jwt_1.decodeJwt)(jwtToken)
+            .catch(() => {
+            const errorMessage = 'Decoding App Check token failed. Make sure you passed ' +
                 'the entire string JWT which represents the Firebase App Check token.';
             throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
         });
-    };
+    }
     /**
      * Verifies the content of a Firebase App Check JWT.
      *
      * @param fullDecodedToken - The decoded JWT.
      * @param projectId - The Firebase Project Id.
      */
-    AppCheckTokenVerifier.prototype.verifyContent = function (fullDecodedToken, projectId) {
-        var header = fullDecodedToken.header;
-        var payload = fullDecodedToken.payload;
-        var projectIdMatchMessage = ' Make sure the App Check token comes from the same ' +
+    verifyContent(fullDecodedToken, projectId) {
+        const header = fullDecodedToken.header;
+        const payload = fullDecodedToken.payload;
+        const projectIdMatchMessage = ' Make sure the App Check token comes from the same ' +
             'Firebase project as the service account used to authenticate this SDK.';
-        var scopedProjectId = "projects/" + projectId;
-        var errorMessage;
+        const scopedProjectId = `projects/${projectId}`;
+        let errorMessage;
         if (header.alg !== jwt_1.ALGORITHM_RS256) {
             errorMessage = 'The provided App Check token has incorrect algorithm. Expected "' +
                 jwt_1.ALGORITHM_RS256 + '" but got ' + '"' + header.alg + '".';
@@ -114,38 +112,36 @@ var AppCheckTokenVerifier = /** @class */ (function () {
         if (errorMessage) {
             throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
         }
-    };
-    AppCheckTokenVerifier.prototype.verifySignature = function (jwtToken) {
-        var _this = this;
+    }
+    verifySignature(jwtToken) {
         return this.signatureVerifier.verify(jwtToken)
-            .catch(function (error) {
-            throw _this.mapJwtErrorToAppCheckError(error);
+            .catch((error) => {
+            throw this.mapJwtErrorToAppCheckError(error);
         });
-    };
+    }
     /**
      * Maps JwtError to FirebaseAppCheckError
      *
      * @param error - JwtError to be mapped.
      * @returns FirebaseAppCheckError instance.
      */
-    AppCheckTokenVerifier.prototype.mapJwtErrorToAppCheckError = function (error) {
+    mapJwtErrorToAppCheckError(error) {
         if (error.code === jwt_1.JwtErrorCode.TOKEN_EXPIRED) {
-            var errorMessage = 'The provided App Check token has expired. Get a fresh App Check token' +
+            const errorMessage = 'The provided App Check token has expired. Get a fresh App Check token' +
                 ' from your client app and try again.';
             return new app_check_api_client_internal_1.FirebaseAppCheckError('app-check-token-expired', errorMessage);
         }
         else if (error.code === jwt_1.JwtErrorCode.INVALID_SIGNATURE) {
-            var errorMessage = 'The provided App Check token has invalid signature.';
+            const errorMessage = 'The provided App Check token has invalid signature.';
             return new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
         }
         else if (error.code === jwt_1.JwtErrorCode.NO_MATCHING_KID) {
-            var errorMessage = 'The provided App Check token has "kid" claim which does not ' +
+            const errorMessage = 'The provided App Check token has "kid" claim which does not ' +
                 'correspond to a known public key. Most likely the provided App Check token ' +
                 'is expired, so get a fresh token from your client app and try again.';
             return new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', errorMessage);
         }
         return new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', error.message);
-    };
-    return AppCheckTokenVerifier;
-}());
+    }
+}
 exports.AppCheckTokenVerifier = AppCheckTokenVerifier;

package/lib/auth/action-code-settings-builder.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * Copyright 2018 Google Inc.
  *

package/lib/auth/action-code-settings-builder.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.
@@ -17,15 +17,15 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ActionCodeSettingsBuilder = void 0;
-var validator = require("../utils/validator");
-var error_1 = require("../utils/error");
+const validator = require("../utils/validator");
+const error_1 = require("../utils/error");
 /**
  * Defines the ActionCodeSettings builder class used to convert the
  * ActionCodeSettings object to its corresponding server request.
  *
  * @internal
  */
-var ActionCodeSettingsBuilder = /** @class */ (function () {
+class ActionCodeSettingsBuilder {
     /**
      * ActionCodeSettingsBuilder constructor.
      *
@@ -33,7 +33,7 @@ var ActionCodeSettingsBuilder = /** @class */ (function () {
      *     object used to initiliaze this server request builder.
      * @constructor
      */
-    function ActionCodeSettingsBuilder(actionCodeSettings) {
+    constructor(actionCodeSettings) {
         if (!validator.isNonNullObject(actionCodeSettings)) {
             throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"ActionCodeSettings" must be a non-null object.');
         }
@@ -95,8 +95,8 @@ var ActionCodeSettingsBuilder = /** @class */ (function () {
      *
      * @returns The constructed EmailActionCodeRequest request.
      */
-    ActionCodeSettingsBuilder.prototype.buildRequest = function () {
-        var request = {
+    buildRequest() {
+        const request = {
             continueUrl: this.continueUrl,
             canHandleCodeInApp: this.canHandleCodeInApp,
             dynamicLinkDomain: this.dynamicLinkDomain,
@@ -106,7 +106,7 @@ var ActionCodeSettingsBuilder = /** @class */ (function () {
             iOSBundleId: this.ibi,
         };
         // Remove all null and undefined fields from request.
-        for (var key in request) {
+        for (const key in request) {
             if (Object.prototype.hasOwnProperty.call(request, key)) {
                 if (typeof request[key] === 'undefined' || request[key] === null) {
                     delete request[key];
@@ -114,7 +114,6 @@ var ActionCodeSettingsBuilder = /** @class */ (function () {
             }
         }
         return request;
-    };
-    return ActionCodeSettingsBuilder;
-}());
+    }
+}
 exports.ActionCodeSettingsBuilder = ActionCodeSettingsBuilder;

package/lib/auth/auth-api-request.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * @license
  * Copyright 2017 Google Inc.