firebase-functions 3.15.4 → 3.16.0

package/lib/apps.js

@@ -103,7 +103,7 @@ exports.apps = apps;
             this._emulatedAdminApp = app;
         }
         get firebaseArgs() {
-            return _.assign({}, config_1.firebaseConfig(), {
+            return _.assign({}, (0, config_1.firebaseConfig)(), {
                 credential: firebase.credential.applicationDefault(),
             });
         }

package/lib/cloud-functions.d.ts

@@ -185,7 +185,9 @@ export interface TriggerAnnotated {
             service: string;
         };
         failurePolicy?: FailurePolicy;
-        httpsTrigger?: {};
+        httpsTrigger?: {
+            invoker?: string[];
+        };
         labels?: {
             [key: string]: string;
         };
@@ -196,7 +198,6 @@ export interface TriggerAnnotated {
         vpcConnectorEgressSettings?: string;
         serviceAccountEmail?: string;
         ingressSettings?: string;
-        invoker?: string[];
     };
 }
 /**

package/lib/cloud-functions.js

@@ -135,7 +135,7 @@ function makeCloudFunction({ after = () => { }, before = () => { }, contextOnlyH
             promise = handler(dataOrChange, context);
         }
         if (typeof promise === 'undefined') {
-            logger_1.warn('Function returned undefined, expected Promise or value');
+            (0, logger_1.warn)('Function returned undefined, expected Promise or value');
         }
         return Promise.resolve(promise)
             .then((result) => {
@@ -216,8 +216,8 @@ function _detectAuthType(event) {
 /** @hidden */
 function optionsToTrigger(options) {
     const trigger = {};
-    encoding_1.copyIfPresent(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels');
-    encoding_1.convertIfPresent(trigger, options, 'failurePolicy', 'failurePolicy', (policy) => {
+    (0, encoding_1.copyIfPresent)(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels');
+    (0, encoding_1.convertIfPresent)(trigger, options, 'failurePolicy', 'failurePolicy', (policy) => {
         if (policy === false) {
             return undefined;
         }
@@ -228,8 +228,8 @@ function optionsToTrigger(options) {
             return policy;
         }
     });
-    encoding_1.convertIfPresent(trigger, options, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
-    encoding_1.convertIfPresent(trigger, options, 'availableMemoryMb', 'memory', (mem) => {
+    (0, encoding_1.convertIfPresent)(trigger, options, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
+    (0, encoding_1.convertIfPresent)(trigger, options, 'availableMemoryMb', 'memory', (mem) => {
         const memoryLookup = {
             '128MB': 128,
             '256MB': 256,
@@ -241,8 +241,7 @@ function optionsToTrigger(options) {
         };
         return memoryLookup[mem];
     });
-    encoding_1.convertIfPresent(trigger, options, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
-    encoding_1.convertIfPresent(trigger, options, 'invoker', 'invoker', encoding_1.convertInvoker);
+    (0, encoding_1.convertIfPresent)(trigger, options, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
     return trigger;
 }
 exports.optionsToTrigger = optionsToTrigger;

package/lib/common/debug.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/common/debug.js

@@ -0,0 +1,54 @@
+"use strict";
+// The MIT License (MIT)
+//
+// Copyright (c) 2021 Firebase
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isDebugFeatureEnabled = exports.debugFeatureValue = void 0;
+// Do NOT turn on a debug feature in production.
+const debugMode = process.env.FIREBASE_DEBUG_MODE === 'true';
+function loadDebugFeatures() {
+    if (!debugMode) {
+        return {};
+    }
+    try {
+        const obj = JSON.parse(process.env.FIREBASE_DEBUG_FEATURES);
+        if (typeof obj !== 'object') {
+            return {};
+        }
+        return obj;
+    }
+    catch (e) {
+        return {};
+    }
+}
+/* @internal */
+function debugFeatureValue(feat) {
+    if (!debugMode) {
+        return;
+    }
+    return loadDebugFeatures()[feat];
+}
+exports.debugFeatureValue = debugFeatureValue;
+/* @internal */
+function isDebugFeatureEnabled(feat) {
+    return debugMode && !!debugFeatureValue(feat);
+}
+exports.isDebugFeatureEnabled = isDebugFeatureEnabled;

package/lib/common/encoding.js

@@ -52,9 +52,15 @@ function convertInvoker(invoker) {
     if (typeof invoker === 'string') {
         invoker = [invoker];
     }
+    if (invoker.length === 0) {
+        throw new Error('Invalid option for invoker: Must be a non-empty array.');
+    }
+    if (invoker.find((inv) => inv.length === 0)) {
+        throw new Error('Invalid option for invoker: Must be a non-empty string.');
+    }
     if (invoker.length > 1 &&
         invoker.find((inv) => inv === 'public' || inv === 'private')) {
-        throw new Error("Invalid option for invoker. Cannot have 'public' or 'private' in an array of service accounts");
+        throw new Error("Invalid option for invoker: Cannot have 'public' or 'private' in an array of service accounts.");
     }
     return invoker;
 }

package/lib/common/providers/https.d.ts

@@ -6,53 +6,54 @@ import * as firebase from 'firebase-admin';
 export interface Request extends express.Request {
     rawBody: Buffer;
 }
+interface DecodedAppCheckToken {
+    /**
+     * The issuer identifier for the issuer of the response.
+     *
+     * This value is a URL with the format
+     * `https://firebaseappcheck.googleapis.com/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
+     * same project number specified in the [`aud`](#aud) property.
+     */
+    iss: string;
+    /**
+     * The Firebase App ID corresponding to the app the token belonged to.
+     *
+     * As a convenience, this value is copied over to the [`app_id`](#app_id) property.
+     */
+    sub: string;
+    /**
+     * The audience for which this token is intended.
+     *
+     * This value is a JSON array of two strings, the first is the project number of your
+     * Firebase project, and the second is the project ID of the same project.
+     */
+    aud: string[];
+    /**
+     * The App Check token's expiration time, in seconds since the Unix epoch. That is, the
+     * time at which this App Check token expires and should no longer be considered valid.
+     */
+    exp: number;
+    /**
+     * The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
+     * time at which this App Check token was issued and should start to be considered
+     * valid.;
+     */
+    iat: number;
+    /**
+     * The App ID corresponding to the App the App Check token belonged to.
+     *
+     * This value is not actually one of the JWT token claims. It is added as a
+     * convenience, and is set as the value of the [`sub`](#sub) property.
+     */
+    app_id: string;
+    [key: string]: any;
+}
 /**
  * The interface for AppCheck tokens verified in Callable functions
  */
 export interface AppCheckData {
     appId: string;
-    token: {
-        /**
-         * The issuer identifier for the issuer of the response.
-         *
-         * This value is a URL with the format
-         * `https://firebaseappcheck.googleapis.com/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
-         * same project number specified in the [`aud`](#aud) property.
-         */
-        iss: string;
-        /**
-         * The Firebase App ID corresponding to the app the token belonged to.
-         *
-         * As a convenience, this value is copied over to the [`app_id`](#app_id) property.
-         */
-        sub: string;
-        /**
-         * The audience for which this token is intended.
-         *
-         * This value is a JSON array of two strings, the first is the project number of your
-         * Firebase project, and the second is the project ID of the same project.
-         */
-        aud: string[];
-        /**
-         * The App Check token's expiration time, in seconds since the Unix epoch. That is, the
-         * time at which this App Check token expires and should no longer be considered valid.
-         */
-        exp: number;
-        /**
-         * The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
-         * time at which this App Check token was issued and should start to be considered
-         * valid.
-         */
-        iat: number;
-        /**
-         * The App ID corresponding to the App the App Check token belonged to.
-         *
-         * This value is not actually one of the JWT token claims. It is added as a
-         * convenience, and is set as the value of the [`sub`](#sub) property.
-         */
-        app_id: string;
-        [key: string]: any;
-    };
+    token: DecodedAppCheckToken;
 }
 /**
  * The interface for Auth tokens verified in Callable functions
@@ -197,6 +198,11 @@ export declare function encode(data: any): any;
 export declare function decode(data: any): any;
 declare type v1Handler = (data: any, context: CallableContext) => any | Promise<any>;
 declare type v2Handler<Req, Res> = (request: CallableRequest<Req>) => Res;
+/** @hidden **/
+export interface CallableOptions {
+    cors: cors.CorsOptions;
+    allowInvalidAppCheckToken?: boolean;
+}
 /** @hidden */
-export declare function onCallHandler<Req = any, Res = any>(options: cors.CorsOptions, handler: v1Handler | v2Handler<Req, Res>): (req: Request, res: express.Response) => Promise<void>;
+export declare function onCallHandler<Req = any, Res = any>(options: CallableOptions, handler: v1Handler | v2Handler<Req, Res>): (req: Request, res: express.Response) => Promise<void>;
 export {};

package/lib/common/providers/https.js

@@ -21,12 +21,14 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onCallHandler = exports.decode = exports.encode = exports.HttpsError = void 0;
+exports.onCallHandler = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.decode = exports.encode = exports.HttpsError = void 0;
 const cors = require("cors");
 const logger = require("../../logger");
 // TODO(inlined): Decide whether we want to un-version apps or whether we want a
 // different strategy
 const apps_1 = require("../../apps");
+const debug_1 = require("../../common/debug");
+const JWT_REGEX = /^[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?\.([a-zA-Z0-9\-_=]+)?$/;
 /**
  * Standard error codes and HTTP statuses for different ways a request can fail,
  * as defined by:
@@ -148,7 +150,7 @@ function encode(data) {
     if (Array.isArray(data)) {
         return data.map(encode);
     }
-    if (typeof data === 'object') {
+    if (typeof data === 'object' || typeof data === 'function') {
         // Sadly we don't have Object.fromEntries in Node 10, so we can't use a single
         // list comprehension
         const obj = {};
@@ -206,6 +208,53 @@ function decode(data) {
     return data;
 }
 exports.decode = decode;
+function unsafeDecodeToken(token) {
+    if (!JWT_REGEX.test(token)) {
+        return {};
+    }
+    const components = token
+        .split('.')
+        .map((s) => Buffer.from(s, 'base64').toString());
+    let payload = components[1];
+    if (typeof payload === 'string') {
+        try {
+            const obj = JSON.parse(payload);
+            if (typeof obj === 'object') {
+                payload = obj;
+            }
+        }
+        catch (e) { }
+    }
+    return payload;
+}
+/**
+ * Decode, but not verify, a Auth ID token.
+ *
+ * Do not use in production. Token should always be verified using the Admin SDK.
+ *
+ * This is exposed only for testing.
+ */
+/** @internal */
+function unsafeDecodeIdToken(token) {
+    const decoded = unsafeDecodeToken(token);
+    decoded.uid = decoded.sub;
+    return decoded;
+}
+exports.unsafeDecodeIdToken = unsafeDecodeIdToken;
+/**
+ * Decode, but not verify, an App Check token.
+ *
+ * Do not use in production. Token should always be verified using the Admin SDK.
+ *
+ * This is exposed only for testing.
+ */
+/** @internal */
+function unsafeDecodeAppCheckToken(token) {
+    const decoded = unsafeDecodeToken(token);
+    decoded.app_id = decoded.sub;
+    return decoded;
+}
+exports.unsafeDecodeAppCheckToken = unsafeDecodeAppCheckToken;
 /**
  * Check and verify tokens included in the requests. Once verified, tokens
  * are injected into the callable context.
@@ -220,20 +269,25 @@ async function checkTokens(req, ctx) {
         app: 'MISSING',
         auth: 'MISSING',
     };
+    const skipTokenVerify = (0, debug_1.isDebugFeatureEnabled)('skipTokenVerification');
     const appCheck = req.header('X-Firebase-AppCheck');
     if (appCheck) {
         verifications.app = 'INVALID';
         try {
-            if (!apps_1.apps().admin.appCheck) {
+            if (!(0, apps_1.apps)().admin.appCheck) {
                 throw new Error('Cannot validate AppCheck token. Please update Firebase Admin SDK to >= v9.8.0');
             }
-            const appCheckToken = await apps_1.apps()
-                .admin.appCheck()
-                .verifyToken(appCheck);
-            ctx.app = {
-                appId: appCheckToken.appId,
-                token: appCheckToken.token,
-            };
+            let appCheckData;
+            if (skipTokenVerify) {
+                const decodedToken = unsafeDecodeAppCheckToken(appCheck);
+                appCheckData = { appId: decodedToken.app_id, token: decodedToken };
+            }
+            else {
+                appCheckData = await (0, apps_1.apps)()
+                    .admin.appCheck()
+                    .verifyToken(appCheck);
+            }
+            ctx.app = appCheckData;
             verifications.app = 'VALID';
         }
         catch (err) {
@@ -247,9 +301,15 @@ async function checkTokens(req, ctx) {
         if (match) {
             const idToken = match[1];
             try {
-                const authToken = await apps_1.apps()
-                    .admin.auth()
-                    .verifyIdToken(idToken);
+                let authToken;
+                if (skipTokenVerify) {
+                    authToken = unsafeDecodeIdToken(idToken);
+                }
+                else {
+                    authToken = await (0, apps_1.apps)()
+                        .admin.auth()
+                        .verifyIdToken(idToken);
+                }
                 verifications.auth = 'VALID';
                 ctx.auth = {
                     uid: authToken.uid,
@@ -284,11 +344,11 @@ async function checkTokens(req, ctx) {
 }
 /** @hidden */
 function onCallHandler(options, handler) {
-    const wrapped = wrapOnCallHandler(handler);
+    const wrapped = wrapOnCallHandler(options, handler);
     return (req, res) => {
         return new Promise((resolve) => {
             res.on('finish', resolve);
-            cors(options)(req, res, () => {
+            cors(options.cors)(req, res, () => {
                 resolve(wrapped(req, res));
             });
         });
@@ -296,7 +356,7 @@ function onCallHandler(options, handler) {
 }
 exports.onCallHandler = onCallHandler;
 /** @internal */
-function wrapOnCallHandler(handler) {
+function wrapOnCallHandler(options, handler) {
     return async (req, res) => {
         try {
             if (!isValidRequest(req)) {
@@ -305,7 +365,10 @@ function wrapOnCallHandler(handler) {
             }
             const context = { rawRequest: req };
             const tokenStatus = await checkTokens(req, context);
-            if (tokenStatus.app === 'INVALID' || tokenStatus.auth === 'INVALID') {
+            if (tokenStatus.auth === 'INVALID') {
+                throw new HttpsError('unauthenticated', 'Unauthenticated');
+            }
+            if (tokenStatus.app === 'INVALID' && !options.allowInvalidAppCheckToken) {
                 throw new HttpsError('unauthenticated', 'Unauthenticated');
             }
             const instanceId = req.header('Firebase-Instance-ID-Token');

package/lib/function-configuration.d.ts

@@ -68,7 +68,6 @@ export interface RuntimeOptions {
      * Min number of actual instances to be running at a given time.
      * Instances will be billed for memory allocation and 10% of CPU allocation
      * while idle.
-     * @hidden
      */
     minInstances?: number;
     /**
@@ -99,6 +98,7 @@ export interface RuntimeOptions {
      * Invoker to set access control on https functions.
      */
     invoker?: 'public' | 'private' | string | string[];
+    allowInvalidAppCheckToken?: boolean;
 }
 export interface DeploymentOptions extends RuntimeOptions {
     regions?: Array<typeof SUPPORTED_REGIONS[number] | string>;

package/lib/handler-builder.js

@@ -111,12 +111,12 @@ class HandlerBuilder {
             get instance() {
                 return {
                     get ref() {
-                        return new database.RefBuilder(apps_1.apps(), () => null, {});
+                        return new database.RefBuilder((0, apps_1.apps)(), () => null, {});
                     },
                 };
             },
             get ref() {
-                return new database.RefBuilder(apps_1.apps(), () => null, {});
+                return new database.RefBuilder((0, apps_1.apps)(), () => null, {});
             },
         };
     }

package/lib/index.js

@@ -64,4 +64,4 @@ __exportStar(require("./cloud-functions"), exports);
 __exportStar(require("./config"), exports);
 __exportStar(require("./function-builder"), exports);
 __exportStar(require("./function-configuration"), exports);
-setup_1.setup();
+(0, setup_1.setup)();

package/lib/logger/compat.js

@@ -6,7 +6,7 @@ const common_1 = require("./common");
 function patchedConsole(severity) {
     return function (data, ...args) {
         if (common_1.SUPPORTS_STRUCTURED_LOGS) {
-            common_1.UNPATCHED_CONSOLE[common_1.CONSOLE_SEVERITY[severity]](JSON.stringify({ severity, message: util_1.format(data, ...args) }));
+            common_1.UNPATCHED_CONSOLE[common_1.CONSOLE_SEVERITY[severity]](JSON.stringify({ severity, message: (0, util_1.format)(data, ...args) }));
             return;
         }
         common_1.UNPATCHED_CONSOLE[common_1.CONSOLE_SEVERITY[severity]](data, ...args);

package/lib/providers/analytics.js

@@ -73,7 +73,7 @@ class AnalyticsEventBuilder {
         const dataConstructor = (raw) => {
             return new AnalyticsEvent(raw.data);
         };
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             handler,
             provider: exports.provider,
             eventType: 'event.log',

package/lib/providers/auth.js

@@ -78,7 +78,7 @@ class UserBuilder {
         return this.onOperation(handler, 'user.delete');
     }
     onOperation(handler, eventType) {
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             handler,
             provider: exports.provider,
             eventType,

package/lib/providers/database.js

@@ -104,20 +104,20 @@ class InstanceBuilder {
      * @return Firebase Realtime Database reference builder interface.
      */
     ref(path) {
-        const normalized = path_1.normalizePath(path);
-        return new RefBuilder(apps_1.apps(), () => `projects/_/instances/${this.instance}/refs/${normalized}`, this.options);
+        const normalized = (0, path_1.normalizePath)(path);
+        return new RefBuilder((0, apps_1.apps)(), () => `projects/_/instances/${this.instance}/refs/${normalized}`, this.options);
     }
 }
 exports.InstanceBuilder = InstanceBuilder;
 /** @hidden */
 function _refWithOptions(path, options) {
     const resourceGetter = () => {
-        const normalized = path_1.normalizePath(path);
-        const databaseURL = config_1.firebaseConfig().databaseURL;
+        const normalized = (0, path_1.normalizePath)(path);
+        const databaseURL = (0, config_1.firebaseConfig)().databaseURL;
         if (!databaseURL) {
             throw new Error('Missing expected firebase config value databaseURL, ' +
                 'config is actually' +
-                JSON.stringify(config_1.firebaseConfig()) +
+                JSON.stringify((0, config_1.firebaseConfig)()) +
                 '\n If you are unit testing, please set process.env.FIREBASE_CONFIG');
         }
         let instance;
@@ -136,7 +136,7 @@ function _refWithOptions(path, options) {
         }
         return `projects/_/instances/${instance}/refs/${normalized}`;
     };
-    return new RefBuilder(apps_1.apps(), resourceGetter, options);
+    return new RefBuilder((0, apps_1.apps)(), resourceGetter, options);
 }
 exports._refWithOptions = _refWithOptions;
 /**
@@ -153,7 +153,7 @@ class RefBuilder {
         this.changeConstructor = (raw) => {
             const [dbInstance, path] = extractInstanceAndPath(raw.context.resource.name, raw.context.domain);
             const before = new DataSnapshot(raw.data.data, path, this.apps.admin, dbInstance);
-            const after = new DataSnapshot(utils_1.applyChange(raw.data.data, raw.data.delta), path, this.apps.admin, dbInstance);
+            const after = new DataSnapshot((0, utils_1.applyChange)(raw.data.data, raw.data.delta), path, this.apps.admin, dbInstance);
             return {
                 before,
                 after,
@@ -214,7 +214,7 @@ class RefBuilder {
         return this.onOperation(handler, 'ref.delete', dataConstructor);
     }
     onOperation(handler, eventType, dataConstructor) {
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             handler,
             provider: exports.provider,
             service: exports.service,
@@ -310,7 +310,7 @@ class DataSnapshot {
      * However, accessing the key on the root URL of a Database will return `null`.
      */
     get key() {
-        const last = _.last(path_1.pathParts(this._fullPath()));
+        const last = _.last((0, path_1.pathParts)(this._fullPath()));
         return !last || last === '' ? null : last;
     }
     /**
@@ -325,7 +325,7 @@ class DataSnapshot {
      *   Array, string, number, boolean, or `null`).
      */
     val() {
-        const parts = path_1.pathParts(this._childPath);
+        const parts = (0, path_1.pathParts)(this._childPath);
         const source = this._data;
         const node = _.cloneDeep(parts.length ? _.get(source, parts, null) : source);
         return this._checkAndConvertToArray(node);
@@ -493,7 +493,7 @@ class DataSnapshot {
         const dup = new DataSnapshot(this._data, undefined, this.app, this.instance);
         [dup._path, dup._childPath] = [this._path, this._childPath];
         if (childPath) {
-            dup._childPath = path_1.joinPath(dup._childPath, childPath);
+            dup._childPath = (0, path_1.joinPath)(dup._childPath, childPath);
         }
         return dup;
     }

package/lib/providers/firestore.js

@@ -113,8 +113,8 @@ function _getValueProto(data, resource, valueFieldName) {
     }
     const proto = {
         fields: _.get(data, [valueFieldName, 'fields'], {}),
-        createTime: encoder_1.dateToTimestampProto(_.get(data, [valueFieldName, 'createTime'])),
-        updateTime: encoder_1.dateToTimestampProto(_.get(data, [valueFieldName, 'updateTime'])),
+        createTime: (0, encoder_1.dateToTimestampProto)(_.get(data, [valueFieldName, 'createTime'])),
+        updateTime: (0, encoder_1.dateToTimestampProto)(_.get(data, [valueFieldName, 'updateTime'])),
         name: _.get(data, [valueFieldName, 'name'], resource),
     };
     return proto;
@@ -123,7 +123,7 @@ function _getValueProto(data, resource, valueFieldName) {
 function snapshotConstructor(event) {
     var _a;
     if (!firestoreInstance) {
-        firestoreInstance = firebase.firestore(apps_1.apps().admin);
+        firestoreInstance = firebase.firestore((0, apps_1.apps)().admin);
     }
     const valueProto = _getValueProto(event.data, event.context.resource.name, 'value');
     let timeString = (_a = _.get(event, 'data.value.readTime')) !== null && _a !== void 0 ? _a : _.get(event, 'data.value.updateTime');
@@ -131,7 +131,7 @@ function snapshotConstructor(event) {
         logger.warn('Snapshot has no readTime. Using now()');
         timeString = new Date().toISOString();
     }
-    const readTime = encoder_1.dateToTimestampProto(timeString);
+    const readTime = (0, encoder_1.dateToTimestampProto)(timeString);
     return firestoreInstance.snapshot_(valueProto, readTime, 'json');
 }
 exports.snapshotConstructor = snapshotConstructor;
@@ -139,10 +139,10 @@ exports.snapshotConstructor = snapshotConstructor;
 // TODO remove this function when wire format changes to new format
 function beforeSnapshotConstructor(event) {
     if (!firestoreInstance) {
-        firestoreInstance = firebase.firestore(apps_1.apps().admin);
+        firestoreInstance = firebase.firestore((0, apps_1.apps)().admin);
     }
     const oldValueProto = _getValueProto(event.data, event.context.resource.name, 'oldValue');
-    const oldReadTime = encoder_1.dateToTimestampProto(_.get(event, 'data.oldValue.readTime'));
+    const oldReadTime = (0, encoder_1.dateToTimestampProto)(_.get(event, 'data.oldValue.readTime'));
     return firestoreInstance.snapshot_(oldValueProto, oldReadTime, 'json');
 }
 exports.beforeSnapshotConstructor = beforeSnapshotConstructor;
@@ -173,7 +173,7 @@ class DocumentBuilder {
         return this.onOperation(handler, 'document.delete', beforeSnapshotConstructor);
     }
     onOperation(handler, eventType, dataConstructor) {
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             handler,
             provider: exports.provider,
             eventType,

package/lib/providers/https.js

@@ -23,6 +23,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports._onCallWithOptions = exports._onRequestWithOptions = exports.onCall = exports.onRequest = exports.HttpsError = void 0;
 const cloud_functions_1 = require("../cloud-functions");
+const encoding_1 = require("../common/encoding");
 const https_1 = require("../common/providers/https");
 Object.defineProperty(exports, "HttpsError", { enumerable: true, get: function () { return https_1.HttpsError; } });
 /**
@@ -49,9 +50,10 @@ function _onRequestWithOptions(handler, options) {
         return handler(req, res);
     };
     cloudFunction.__trigger = {
-        ...cloud_functions_1.optionsToTrigger(options),
+        ...(0, cloud_functions_1.optionsToTrigger)(options),
         httpsTrigger: {},
     };
+    (0, encoding_1.convertIfPresent)(cloudFunction.__trigger.httpsTrigger, options, 'invoker', 'invoker', encoding_1.convertInvoker);
     // TODO parse the options
     return cloudFunction;
 }
@@ -62,10 +64,13 @@ function _onCallWithOptions(handler, options) {
     // and the user could have only tried to listen to data. Wrap their handler
     // in another handler to avoid accidentally triggering the v2 API
     const fixedLen = (data, context) => handler(data, context);
-    const func = https_1.onCallHandler({ origin: true, methods: 'POST' }, fixedLen);
+    const func = (0, https_1.onCallHandler)({
+        allowInvalidAppCheckToken: options.allowInvalidAppCheckToken,
+        cors: { origin: true, methods: 'POST' },
+    }, fixedLen);
     func.__trigger = {
         labels: {},
-        ...cloud_functions_1.optionsToTrigger(options),
+        ...(0, cloud_functions_1.optionsToTrigger)(options),
         httpsTrigger: {},
     };
     func.__trigger.labels['deployment-callable'] = 'true';

package/lib/providers/pubsub.js

@@ -71,7 +71,7 @@ class TopicBuilder {
      * @return A Cloud Function that you can export and deploy.
      */
     onPublish(handler) {
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             handler,
             provider: exports.provider,
             service: exports.service,
@@ -140,7 +140,7 @@ class ScheduleBuilder {
      * @return A Cloud Function that you can export and deploy.
      */
     onRun(handler) {
-        const cloudFunction = cloud_functions_1.makeCloudFunction({
+        const cloudFunction = (0, cloud_functions_1.makeCloudFunction)({
             contextOnlyHandler: handler,
             provider: exports.provider,
             service: exports.service,

package/lib/providers/remoteConfig.js

@@ -65,7 +65,7 @@ class UpdateBuilder {
      * version metadata as an argument.
      */
     onUpdate(handler) {
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             handler,
             provider: exports.provider,
             service: exports.service,

package/lib/providers/storage.js

@@ -53,7 +53,7 @@ exports.object = object;
 /** @hidden */
 function _bucketWithOptions(options, bucket) {
     const resourceGetter = () => {
-        bucket = bucket || config_1.firebaseConfig().storageBucket;
+        bucket = bucket || (0, config_1.firebaseConfig)().storageBucket;
         if (!bucket) {
             throw new Error('Missing bucket name. If you are unit testing, please provide a bucket name' +
                 ' through `functions.storage.bucket(bucketName)`, or set process.env.FIREBASE_CONFIG.');
@@ -170,7 +170,7 @@ class ObjectBuilder {
     }
     /** @hidden */
     onOperation(handler, eventType) {
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             handler,
             provider: exports.provider,
             service: exports.service,

package/lib/providers/testLab.js

@@ -57,7 +57,7 @@ class TestMatrixBuilder {
         const dataConstructor = (raw) => {
             return new TestMatrix(raw.data);
         };
-        return cloud_functions_1.makeCloudFunction({
+        return (0, cloud_functions_1.makeCloudFunction)({
             provider: exports.PROVIDER,
             eventType: exports.TEST_MATRIX_COMPLETE_EVENT_TYPE,
             triggerResource: this.triggerResource,

package/lib/setup.js

@@ -31,7 +31,7 @@ function setup() {
     // Until the Cloud Functions builder can publish FIREBASE_CONFIG, automatically provide it on import based on what
     // we can deduce.
     if (!process.env.FIREBASE_CONFIG) {
-        const cfg = config_1.firebaseConfig();
+        const cfg = (0, config_1.firebaseConfig)();
         if (cfg) {
             process.env.FIREBASE_CONFIG = JSON.stringify(cfg);
         }
@@ -43,7 +43,7 @@ function setup() {
     // If FIREBASE_CONFIG is still not found, try using GCLOUD_PROJECT to estimate
     if (!process.env.FIREBASE_CONFIG) {
         if (process.env.GCLOUD_PROJECT) {
-            logger_1.warn('Warning, estimating Firebase Config based on GCLOUD_PROJECT. Initializing firebase-admin may fail');
+            (0, logger_1.warn)('Warning, estimating Firebase Config based on GCLOUD_PROJECT. Initializing firebase-admin may fail');
             process.env.FIREBASE_CONFIG = JSON.stringify({
                 databaseURL: process.env.DATABASE_URL ||
                     `https://${process.env.GCLOUD_PROJECT}.firebaseio.com`,
@@ -53,7 +53,7 @@ function setup() {
             });
         }
         else {
-            logger_1.warn('Warning, FIREBASE_CONFIG and GCLOUD_PROJECT environment variables are missing. Initializing firebase-admin will fail');
+            (0, logger_1.warn)('Warning, FIREBASE_CONFIG and GCLOUD_PROJECT environment variables are missing. Initializing firebase-admin will fail');
         }
     }
 }

package/lib/v2/index.d.ts

@@ -2,6 +2,7 @@ import * as logger from '../logger';
 import * as params from './params';
 import * as https from './providers/https';
 import * as pubsub from './providers/pubsub';
-export { https, pubsub, logger, params };
+import * as storage from './providers/storage';
+export { https, pubsub, storage, logger, params };
 export { setGlobalOptions, GlobalOptions } from './options';
 export { CloudFunction, CloudEvent } from './core';

package/lib/v2/index.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.setGlobalOptions = exports.params = exports.logger = exports.pubsub = exports.https = void 0;
+exports.setGlobalOptions = exports.params = exports.logger = exports.storage = exports.pubsub = exports.https = void 0;
 const logger = require("../logger");
 exports.logger = logger;
 const params = require("./params");
@@ -30,5 +30,7 @@ const https = require("./providers/https");
 exports.https = https;
 const pubsub = require("./providers/pubsub");
 exports.pubsub = pubsub;
+const storage = require("./providers/storage");
+exports.storage = storage;
 var options_1 = require("./options");
 Object.defineProperty(exports, "setGlobalOptions", { enumerable: true, get: function () { return options_1.setGlobalOptions; } });

package/lib/v2/options.d.ts

@@ -2,7 +2,7 @@ import { ParamSpec } from './params/types';
 /**
  * List of all regions supported by Cloud Functions v2
  */
-export declare const SUPPORTED_REGIONS: readonly ["us-west1"];
+export declare const SUPPORTED_REGIONS: readonly ["us-west1", "europe-west4"];
 /**
  * A region known to be supported by CloudFunctions v2
  */

package/lib/v2/options.js

@@ -29,7 +29,7 @@ const params_1 = require("./params");
 /**
  * List of all regions supported by Cloud Functions v2
  */
-exports.SUPPORTED_REGIONS = ['us-west1'];
+exports.SUPPORTED_REGIONS = ['us-west1', 'europe-west4'];
 /**
  * Cloud Functions v2 min timeout value.
  */
@@ -107,22 +107,21 @@ exports.getGlobalOptions = getGlobalOptions;
  */
 function optionsToTriggerAnnotations(opts) {
     const annotation = {};
-    encoding_2.copyIfPresent(annotation, opts, 'concurrency', 'minInstances', 'maxInstances', 'ingressSettings', 'labels', 'vpcConnector', 'vpcConnectorEgressSettings');
-    encoding_2.convertIfPresent(annotation, opts, 'availableMemoryMb', 'memory', (mem) => {
+    (0, encoding_2.copyIfPresent)(annotation, opts, 'concurrency', 'minInstances', 'maxInstances', 'ingressSettings', 'labels', 'vpcConnector', 'vpcConnectorEgressSettings');
+    (0, encoding_2.convertIfPresent)(annotation, opts, 'availableMemoryMb', 'memory', (mem) => {
         return MemoryOptionToMB[mem];
     });
-    encoding_2.convertIfPresent(annotation, opts, 'regions', 'region', (region) => {
+    (0, encoding_2.convertIfPresent)(annotation, opts, 'regions', 'region', (region) => {
         if (typeof region === 'string') {
             return [region];
         }
         return region;
     });
-    encoding_2.convertIfPresent(annotation, opts, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
-    encoding_2.convertIfPresent(annotation, opts, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
-    encoding_2.convertIfPresent(annotation, opts, 'failurePolicy', 'retry', (retry) => {
+    (0, encoding_2.convertIfPresent)(annotation, opts, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
+    (0, encoding_2.convertIfPresent)(annotation, opts, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
+    (0, encoding_2.convertIfPresent)(annotation, opts, 'failurePolicy', 'retry', (retry) => {
         return retry ? { retry: true } : null;
     });
-    encoding_2.convertIfPresent(annotation, opts, 'invoker', 'invoker', encoding_1.convertInvoker);
     return annotation;
 }
 exports.optionsToTriggerAnnotations = optionsToTriggerAnnotations;

package/lib/v2/providers/https.d.ts

@@ -4,7 +4,7 @@ import * as options from '../options';
 export { Request, CallableRequest, FunctionsErrorCode, HttpsError };
 export interface HttpsOptions extends Omit<options.GlobalOptions, 'region'> {
     region?: options.SupportedRegion | string | Array<options.SupportedRegion | string>;
-    cors?: string | boolean;
+    cors?: string | boolean | RegExp | Array<string | RegExp>;
 }
 export declare type HttpsFunction = ((req: Request, res: express.Response) => void | Promise<void>) & {
     __trigger: unknown;

package/lib/v2/providers/https.js

@@ -23,6 +23,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.onCall = exports.onRequest = exports.HttpsError = void 0;
 const cors = require("cors");
+const encoding_1 = require("../../common/encoding");
 const https_1 = require("../../common/providers/https");
 Object.defineProperty(exports, "HttpsError", { enumerable: true, get: function () { return https_1.HttpsError; } });
 const options = require("../options");
@@ -52,7 +53,7 @@ function onRequest(optsOrHandler, handler) {
             // global options calls region a scalar and https allows it to be an array,
             // but optionsToTriggerAnnotations handles both cases.
             const specificOpts = options.optionsToTriggerAnnotations(opts);
-            return {
+            const trigger = {
                 // TODO(inlined): Remove "apiVersion" once the latest version of the CLI
                 // has migrated to "platform".
                 apiVersion: 2,
@@ -67,6 +68,8 @@ function onRequest(optsOrHandler, handler) {
                     allowInsecure: false,
                 },
             };
+            (0, encoding_1.convertIfPresent)(trigger.httpsTrigger, opts, 'invoker', 'invoker', encoding_1.convertInvoker);
+            return trigger;
         },
     });
     return handler;
@@ -85,7 +88,7 @@ function onCall(optsOrHandler, handler) {
     // onCallHandler sniffs the function length to determine which API to present.
     // fix the length to prevent api versions from being mismatched.
     const fixedLen = (req) => handler(req);
-    const func = https_1.onCallHandler({ origin, methods: 'POST' }, fixedLen);
+    const func = (0, https_1.onCallHandler)({ cors: { origin, methods: 'POST' } }, fixedLen);
     Object.defineProperty(func, '__trigger', {
         get: () => {
             const baseOpts = options.optionsToTriggerAnnotations(options.getGlobalOptions());

package/lib/v2/providers/storage.d.ts

@@ -0,0 +1,170 @@
+import { CloudEvent, CloudFunction } from '../core';
+import * as options from '../options';
+/**
+ * An object within Google Cloud Storage.
+ * Ref: https://github.com/googleapis/google-cloudevents-nodejs/blob/main/cloud/storage/v1/StorageObjectData.ts
+ */
+export interface StorageObjectData {
+    /**
+     * The name of the bucket containing this object.
+     */
+    bucket?: string;
+    /**
+     * Cache-Control directive for the object data, matching
+     * [https://tools.ietf.org/html/rfc7234#section-5.2"][RFC 7234 §5.2].
+     */
+    cacheControl?: string;
+    /**
+     * Number of underlying components that make up this object. Components are
+     * accumulated by compose operations.
+     * Attempting to set this field will result in an error.
+     */
+    componentCount?: number;
+    /**
+     * Content-Disposition of the object data, matching
+     * [https://tools.ietf.org/html/rfc6266][RFC 6266].
+     */
+    contentDisposition?: string;
+    /**
+     * Content-Encoding of the object data, matching
+     * [https://tools.ietf.org/html/rfc7231#section-3.1.2.2][RFC 7231 §3.1.2.2]
+     */
+    contentEncoding?: string;
+    /**
+     * Content-Language of the object data, matching
+     * [https://tools.ietf.org/html/rfc7231#section-3.1.3.2][RFC 7231 §3.1.3.2].
+     */
+    contentLanguage?: string;
+    /**
+     * Content-Type of the object data, matching
+     * [https://tools.ietf.org/html/rfc7231#section-3.1.1.5][RFC 7231 §3.1.1.5].
+     * If an object is stored without a Content-Type, it is served as
+     * `application/octet-stream`.
+     */
+    contentType?: string;
+    /**
+     * CRC32c checksum. For more information about using the CRC32c
+     * checksum, see
+     * [https://cloud.google.com/storage/docs/hashes-etags#_JSONAPI][Hashes and
+     * ETags: Best Practices].
+     */
+    crc32c?: string;
+    /**
+     * Metadata of customer-supplied encryption key, if the object is encrypted by
+     * such a key.
+     */
+    customerEncryption?: CustomerEncryption;
+    /**
+     * HTTP 1.1 Entity tag for the object. See
+     * [https://tools.ietf.org/html/rfc7232#section-2.3][RFC 7232 §2.3].
+     */
+    etag?: string;
+    /**
+     * The content generation of this object. Used for object versioning.
+     * Attempting to set this field will result in an error.
+     */
+    generation?: number;
+    /**
+     * The ID of the object, including the bucket name, object name, and
+     * generation number.
+     */
+    id?: string;
+    /**
+     * The kind of item this is. For objects, this is always "storage#object".
+     */
+    kind?: string;
+    /**
+     * MD5 hash of the data; encoded using base64 as per
+     * [https://tools.ietf.org/html/rfc4648#section-4][RFC 4648 §4]. For more
+     * information about using the MD5 hash, see
+     * [https://cloud.google.com/storage/docs/hashes-etags#_JSONAPI][Hashes and
+     * ETags: Best Practices].
+     */
+    md5Hash?: string;
+    /**
+     * Media download link.
+     */
+    mediaLink?: string;
+    /**
+     * User-provided metadata, in key/value pairs.
+     */
+    metadata?: {
+        [key: string]: string;
+    };
+    /**
+     * The version of the metadata for this object at this generation. Used for
+     * preconditions and for detecting changes in metadata. A metageneration
+     * number is only meaningful in the context of a particular generation of a
+     * particular object.
+     */
+    metageneration?: number;
+    /**
+     * The name of the object.
+     */
+    name?: string;
+    /**
+     * The link to this object.
+     */
+    selfLink?: string;
+    /**
+     * Content-Length of the object data in bytes, matching
+     * [https://tools.ietf.org/html/rfc7230#section-3.3.2][RFC 7230 §3.3.2].
+     */
+    size?: number;
+    /**
+     * Storage class of the object.
+     */
+    storageClass?: string;
+    /**
+     * The creation time of the object.
+     * Attempting to set this field will result in an error.
+     */
+    timeCreated?: Date | string;
+    /**
+     * The deletion time of the object. Will be returned if and only if this
+     * version of the object has been deleted.
+     */
+    timeDeleted?: Date | string;
+    /**
+     * The time at which the object's storage class was last changed.
+     */
+    timeStorageClassUpdated?: Date | string;
+    /**
+     * The modification time of the object metadata.
+     */
+    updated?: Date | string;
+}
+/**
+ * Metadata of customer-supplied encryption key, if the object is encrypted by
+ * such a key.
+ */
+export interface CustomerEncryption {
+    /**
+     * The encryption algorithm.
+     */
+    encryptionAlgorithm?: string;
+    /**
+     * SHA256 hash value of the encryption key.
+     */
+    keySha256?: string;
+}
+/** StorageOptions extend EventHandlerOptions with a bucket name  */
+export interface StorageOptions extends options.EventHandlerOptions {
+    bucket?: string;
+}
+/** Handle a storage object archived */
+export declare function onObjectArchived(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectArchived(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectArchived(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+/** Handle a storage object finalized */
+export declare function onObjectFinalized(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectFinalized(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectFinalized(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+/** Handle a storage object deleted */
+export declare function onObjectDeleted(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectDeleted(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectDeleted(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+/** Handle a storage object metadata updated */
+export declare function onObjectMetadataUpdated(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectMetadataUpdated(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectMetadataUpdated(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;

package/lib/v2/providers/storage.js

@@ -0,0 +1,110 @@
+"use strict";
+// The MIT License (MIT)
+//
+// Copyright (c) 2017 Firebase
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOptsAndBucket = exports.onOperation = exports.onObjectMetadataUpdated = exports.onObjectDeleted = exports.onObjectFinalized = exports.onObjectArchived = exports.metadataUpdatedEvent = exports.deletedEvent = exports.finalizedEvent = exports.archivedEvent = void 0;
+const config_1 = require("../../config");
+const options = require("../options");
+/** @internal */
+exports.archivedEvent = 'google.cloud.storage.object.v1.archived';
+/** @internal */
+exports.finalizedEvent = 'google.cloud.storage.object.v1.finalized';
+/** @internal */
+exports.deletedEvent = 'google.cloud.storage.object.v1.deleted';
+/** @internal */
+exports.metadataUpdatedEvent = 'google.cloud.storage.object.v1.metadataUpdated';
+function onObjectArchived(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.archivedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectArchived = onObjectArchived;
+function onObjectFinalized(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.finalizedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectFinalized = onObjectFinalized;
+function onObjectDeleted(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.deletedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectDeleted = onObjectDeleted;
+function onObjectMetadataUpdated(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.metadataUpdatedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectMetadataUpdated = onObjectMetadataUpdated;
+/** @internal */
+function onOperation(eventType, bucketOrOptsOrHandler, handler) {
+    if (typeof bucketOrOptsOrHandler === 'function') {
+        handler = bucketOrOptsOrHandler;
+        bucketOrOptsOrHandler = {};
+    }
+    const [opts, bucket] = getOptsAndBucket(bucketOrOptsOrHandler);
+    const func = (raw) => {
+        return handler(raw);
+    };
+    func.run = handler;
+    // TypeScript doesn't recongize defineProperty as adding a property and complains
+    // that __trigger doesn't exist. We can either cast to any and lose all type safety
+    // or we can just assign a meaningless value before calling defineProperty.
+    func.__trigger = 'silence the transpiler';
+    Object.defineProperty(func, '__trigger', {
+        get: () => {
+            const baseOpts = options.optionsToTriggerAnnotations(options.getGlobalOptions());
+            const specificOpts = options.optionsToTriggerAnnotations(opts);
+            return {
+                platform: 'gcfv2',
+                ...baseOpts,
+                ...specificOpts,
+                labels: {
+                    ...baseOpts === null || baseOpts === void 0 ? void 0 : baseOpts.labels,
+                    ...specificOpts === null || specificOpts === void 0 ? void 0 : specificOpts.labels,
+                },
+                eventTrigger: {
+                    eventType,
+                    resource: bucket, // TODO(colerogers): replace with 'bucket,' eventually
+                },
+            };
+        },
+    });
+    return func;
+}
+exports.onOperation = onOperation;
+/** @internal */
+function getOptsAndBucket(bucketOrOpts) {
+    let bucket;
+    let opts;
+    if (typeof bucketOrOpts === 'string') {
+        bucket = bucketOrOpts;
+        opts = {};
+    }
+    else {
+        bucket = bucketOrOpts.bucket || (0, config_1.firebaseConfig)().storageBucket;
+        opts = { ...bucketOrOpts };
+        delete opts.bucket;
+    }
+    if (!bucket) {
+        throw new Error('Missing bucket name. If you are unit testing, please provide a bucket name' +
+            ' by providing bucket name directly in the event handler or by setting process.env.FIREBASE_CONFIG.');
+    }
+    if (!/^[a-z\d][a-z\d\\._-]{1,230}[a-z\d]$/.test(bucket)) {
+        throw new Error(`Invalid bucket name ${bucket}`);
+    }
+    return [opts, bucket];
+}
+exports.getOptsAndBucket = getOptsAndBucket;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-functions",
-  "version": "3.15.4",
+  "version": "3.16.0",
   "description": "Firebase SDK for Cloud Functions",
   "keywords": [
     "firebase",
@@ -53,7 +53,8 @@
     "./v2/options": "./lib/v2/options.js",
     "./v2/https": "./lib/v2/providers/https.js",
     "./v2/params": "./lib/v2/params/index.js",
-    "./v2/pubsub": "./lib/v2/providers/pubsub.js"
+    "./v2/pubsub": "./lib/v2/providers/pubsub.js",
+    "./v2/storage": "./lib/v2/providers/storage.js"
   },
   "typesVersions": {
     "*": {
@@ -110,6 +111,9 @@
       ],
       "v2/pubsub": [
         "lib/v2/providers/pubsub"
+      ],
+      "v2/storage": [
+        "lib/v2/providers/storage"
       ]
     }
   },
@@ -148,7 +152,7 @@
     "chai": "^4.2.0",
     "chai-as-promised": "^7.1.1",
     "child-process-promise": "^2.2.1",
-    "firebase-admin": "^9.8.0",
+    "firebase-admin": "10.0.0",
     "js-yaml": "^3.13.1",
     "jsdom": "^16.2.1",
     "jsonwebtoken": "^8.5.1",
@@ -164,12 +168,12 @@
     "tslint-config-prettier": "^1.18.0",
     "tslint-no-unused-expression-chai": "^0.1.4",
     "tslint-plugin-prettier": "^2.0.1",
-    "typedoc": "^0.21.5",
+    "typedoc": "0.21.2",
     "typescript": "^4.3.5",
     "yargs": "^15.3.1"
   },
   "peerDependencies": {
-    "firebase-admin": "^8.0.0 || ^9.0.0"
+    "firebase-admin": "^8.0.0 || ^9.0.0 || ^10.0.0"
   },
   "engines": {
     "node": "^8.13.0 || >=10.10.0"