firebase-functions 3.15.7 → 3.16.0

package/lib/common/debug.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/common/debug.js

@@ -0,0 +1,54 @@
+"use strict";
+// The MIT License (MIT)
+//
+// Copyright (c) 2021 Firebase
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isDebugFeatureEnabled = exports.debugFeatureValue = void 0;
+// Do NOT turn on a debug feature in production.
+const debugMode = process.env.FIREBASE_DEBUG_MODE === 'true';
+function loadDebugFeatures() {
+    if (!debugMode) {
+        return {};
+    }
+    try {
+        const obj = JSON.parse(process.env.FIREBASE_DEBUG_FEATURES);
+        if (typeof obj !== 'object') {
+            return {};
+        }
+        return obj;
+    }
+    catch (e) {
+        return {};
+    }
+}
+/* @internal */
+function debugFeatureValue(feat) {
+    if (!debugMode) {
+        return;
+    }
+    return loadDebugFeatures()[feat];
+}
+exports.debugFeatureValue = debugFeatureValue;
+/* @internal */
+function isDebugFeatureEnabled(feat) {
+    return debugMode && !!debugFeatureValue(feat);
+}
+exports.isDebugFeatureEnabled = isDebugFeatureEnabled;

package/lib/common/providers/https.d.ts

@@ -6,53 +6,54 @@ import * as firebase from 'firebase-admin';
 export interface Request extends express.Request {
     rawBody: Buffer;
 }
+interface DecodedAppCheckToken {
+    /**
+     * The issuer identifier for the issuer of the response.
+     *
+     * This value is a URL with the format
+     * `https://firebaseappcheck.googleapis.com/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
+     * same project number specified in the [`aud`](#aud) property.
+     */
+    iss: string;
+    /**
+     * The Firebase App ID corresponding to the app the token belonged to.
+     *
+     * As a convenience, this value is copied over to the [`app_id`](#app_id) property.
+     */
+    sub: string;
+    /**
+     * The audience for which this token is intended.
+     *
+     * This value is a JSON array of two strings, the first is the project number of your
+     * Firebase project, and the second is the project ID of the same project.
+     */
+    aud: string[];
+    /**
+     * The App Check token's expiration time, in seconds since the Unix epoch. That is, the
+     * time at which this App Check token expires and should no longer be considered valid.
+     */
+    exp: number;
+    /**
+     * The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
+     * time at which this App Check token was issued and should start to be considered
+     * valid.;
+     */
+    iat: number;
+    /**
+     * The App ID corresponding to the App the App Check token belonged to.
+     *
+     * This value is not actually one of the JWT token claims. It is added as a
+     * convenience, and is set as the value of the [`sub`](#sub) property.
+     */
+    app_id: string;
+    [key: string]: any;
+}
 /**
  * The interface for AppCheck tokens verified in Callable functions
  */
 export interface AppCheckData {
     appId: string;
-    token: {
-        /**
-         * The issuer identifier for the issuer of the response.
-         *
-         * This value is a URL with the format
-         * `https://firebaseappcheck.googleapis.com/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
-         * same project number specified in the [`aud`](#aud) property.
-         */
-        iss: string;
-        /**
-         * The Firebase App ID corresponding to the app the token belonged to.
-         *
-         * As a convenience, this value is copied over to the [`app_id`](#app_id) property.
-         */
-        sub: string;
-        /**
-         * The audience for which this token is intended.
-         *
-         * This value is a JSON array of two strings, the first is the project number of your
-         * Firebase project, and the second is the project ID of the same project.
-         */
-        aud: string[];
-        /**
-         * The App Check token's expiration time, in seconds since the Unix epoch. That is, the
-         * time at which this App Check token expires and should no longer be considered valid.
-         */
-        exp: number;
-        /**
-         * The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
-         * time at which this App Check token was issued and should start to be considered
-         * valid.
-         */
-        iat: number;
-        /**
-         * The App ID corresponding to the App the App Check token belonged to.
-         *
-         * This value is not actually one of the JWT token claims. It is added as a
-         * convenience, and is set as the value of the [`sub`](#sub) property.
-         */
-        app_id: string;
-        [key: string]: any;
-    };
+    token: DecodedAppCheckToken;
 }
 /**
  * The interface for Auth tokens verified in Callable functions
@@ -197,6 +198,11 @@ export declare function encode(data: any): any;
 export declare function decode(data: any): any;
 declare type v1Handler = (data: any, context: CallableContext) => any | Promise<any>;
 declare type v2Handler<Req, Res> = (request: CallableRequest<Req>) => Res;
+/** @hidden **/
+export interface CallableOptions {
+    cors: cors.CorsOptions;
+    allowInvalidAppCheckToken?: boolean;
+}
 /** @hidden */
-export declare function onCallHandler<Req = any, Res = any>(options: cors.CorsOptions, handler: v1Handler | v2Handler<Req, Res>): (req: Request, res: express.Response) => Promise<void>;
+export declare function onCallHandler<Req = any, Res = any>(options: CallableOptions, handler: v1Handler | v2Handler<Req, Res>): (req: Request, res: express.Response) => Promise<void>;
 export {};

package/lib/common/providers/https.js

@@ -21,12 +21,14 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onCallHandler = exports.decode = exports.encode = exports.HttpsError = void 0;
+exports.onCallHandler = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.decode = exports.encode = exports.HttpsError = void 0;
 const cors = require("cors");
 const logger = require("../../logger");
 // TODO(inlined): Decide whether we want to un-version apps or whether we want a
 // different strategy
 const apps_1 = require("../../apps");
+const debug_1 = require("../../common/debug");
+const JWT_REGEX = /^[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?\.([a-zA-Z0-9\-_=]+)?$/;
 /**
  * Standard error codes and HTTP statuses for different ways a request can fail,
  * as defined by:
@@ -148,7 +150,7 @@ function encode(data) {
     if (Array.isArray(data)) {
         return data.map(encode);
     }
-    if (typeof data === 'object') {
+    if (typeof data === 'object' || typeof data === 'function') {
         // Sadly we don't have Object.fromEntries in Node 10, so we can't use a single
         // list comprehension
         const obj = {};
@@ -206,6 +208,53 @@ function decode(data) {
     return data;
 }
 exports.decode = decode;
+function unsafeDecodeToken(token) {
+    if (!JWT_REGEX.test(token)) {
+        return {};
+    }
+    const components = token
+        .split('.')
+        .map((s) => Buffer.from(s, 'base64').toString());
+    let payload = components[1];
+    if (typeof payload === 'string') {
+        try {
+            const obj = JSON.parse(payload);
+            if (typeof obj === 'object') {
+                payload = obj;
+            }
+        }
+        catch (e) { }
+    }
+    return payload;
+}
+/**
+ * Decode, but not verify, a Auth ID token.
+ *
+ * Do not use in production. Token should always be verified using the Admin SDK.
+ *
+ * This is exposed only for testing.
+ */
+/** @internal */
+function unsafeDecodeIdToken(token) {
+    const decoded = unsafeDecodeToken(token);
+    decoded.uid = decoded.sub;
+    return decoded;
+}
+exports.unsafeDecodeIdToken = unsafeDecodeIdToken;
+/**
+ * Decode, but not verify, an App Check token.
+ *
+ * Do not use in production. Token should always be verified using the Admin SDK.
+ *
+ * This is exposed only for testing.
+ */
+/** @internal */
+function unsafeDecodeAppCheckToken(token) {
+    const decoded = unsafeDecodeToken(token);
+    decoded.app_id = decoded.sub;
+    return decoded;
+}
+exports.unsafeDecodeAppCheckToken = unsafeDecodeAppCheckToken;
 /**
  * Check and verify tokens included in the requests. Once verified, tokens
  * are injected into the callable context.
@@ -220,6 +269,7 @@ async function checkTokens(req, ctx) {
         app: 'MISSING',
         auth: 'MISSING',
     };
+    const skipTokenVerify = (0, debug_1.isDebugFeatureEnabled)('skipTokenVerification');
     const appCheck = req.header('X-Firebase-AppCheck');
     if (appCheck) {
         verifications.app = 'INVALID';
@@ -227,13 +277,17 @@ async function checkTokens(req, ctx) {
             if (!(0, apps_1.apps)().admin.appCheck) {
                 throw new Error('Cannot validate AppCheck token. Please update Firebase Admin SDK to >= v9.8.0');
             }
-            const appCheckToken = await (0, apps_1.apps)()
-                .admin.appCheck()
-                .verifyToken(appCheck);
-            ctx.app = {
-                appId: appCheckToken.appId,
-                token: appCheckToken.token,
-            };
+            let appCheckData;
+            if (skipTokenVerify) {
+                const decodedToken = unsafeDecodeAppCheckToken(appCheck);
+                appCheckData = { appId: decodedToken.app_id, token: decodedToken };
+            }
+            else {
+                appCheckData = await (0, apps_1.apps)()
+                    .admin.appCheck()
+                    .verifyToken(appCheck);
+            }
+            ctx.app = appCheckData;
             verifications.app = 'VALID';
         }
         catch (err) {
@@ -247,9 +301,15 @@ async function checkTokens(req, ctx) {
         if (match) {
             const idToken = match[1];
             try {
-                const authToken = await (0, apps_1.apps)()
-                    .admin.auth()
-                    .verifyIdToken(idToken);
+                let authToken;
+                if (skipTokenVerify) {
+                    authToken = unsafeDecodeIdToken(idToken);
+                }
+                else {
+                    authToken = await (0, apps_1.apps)()
+                        .admin.auth()
+                        .verifyIdToken(idToken);
+                }
                 verifications.auth = 'VALID';
                 ctx.auth = {
                     uid: authToken.uid,
@@ -284,11 +344,11 @@ async function checkTokens(req, ctx) {
 }
 /** @hidden */
 function onCallHandler(options, handler) {
-    const wrapped = wrapOnCallHandler(handler);
+    const wrapped = wrapOnCallHandler(options, handler);
     return (req, res) => {
         return new Promise((resolve) => {
             res.on('finish', resolve);
-            cors(options)(req, res, () => {
+            cors(options.cors)(req, res, () => {
                 resolve(wrapped(req, res));
             });
         });
@@ -296,7 +356,7 @@ function onCallHandler(options, handler) {
 }
 exports.onCallHandler = onCallHandler;
 /** @internal */
-function wrapOnCallHandler(handler) {
+function wrapOnCallHandler(options, handler) {
     return async (req, res) => {
         try {
             if (!isValidRequest(req)) {
@@ -305,7 +365,10 @@ function wrapOnCallHandler(handler) {
             }
             const context = { rawRequest: req };
             const tokenStatus = await checkTokens(req, context);
-            if (tokenStatus.app === 'INVALID' || tokenStatus.auth === 'INVALID') {
+            if (tokenStatus.auth === 'INVALID') {
+                throw new HttpsError('unauthenticated', 'Unauthenticated');
+            }
+            if (tokenStatus.app === 'INVALID' && !options.allowInvalidAppCheckToken) {
                 throw new HttpsError('unauthenticated', 'Unauthenticated');
             }
             const instanceId = req.header('Firebase-Instance-ID-Token');

package/lib/function-configuration.d.ts

@@ -98,6 +98,7 @@ export interface RuntimeOptions {
      * Invoker to set access control on https functions.
      */
     invoker?: 'public' | 'private' | string | string[];
+    allowInvalidAppCheckToken?: boolean;
 }
 export interface DeploymentOptions extends RuntimeOptions {
     regions?: Array<typeof SUPPORTED_REGIONS[number] | string>;

package/lib/providers/https.js

@@ -64,7 +64,10 @@ function _onCallWithOptions(handler, options) {
     // and the user could have only tried to listen to data. Wrap their handler
     // in another handler to avoid accidentally triggering the v2 API
     const fixedLen = (data, context) => handler(data, context);
-    const func = (0, https_1.onCallHandler)({ origin: true, methods: 'POST' }, fixedLen);
+    const func = (0, https_1.onCallHandler)({
+        allowInvalidAppCheckToken: options.allowInvalidAppCheckToken,
+        cors: { origin: true, methods: 'POST' },
+    }, fixedLen);
     func.__trigger = {
         labels: {},
         ...(0, cloud_functions_1.optionsToTrigger)(options),

package/lib/v2/index.d.ts

@@ -2,6 +2,7 @@ import * as logger from '../logger';
 import * as params from './params';
 import * as https from './providers/https';
 import * as pubsub from './providers/pubsub';
-export { https, pubsub, logger, params };
+import * as storage from './providers/storage';
+export { https, pubsub, storage, logger, params };
 export { setGlobalOptions, GlobalOptions } from './options';
 export { CloudFunction, CloudEvent } from './core';

package/lib/v2/index.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.setGlobalOptions = exports.params = exports.logger = exports.pubsub = exports.https = void 0;
+exports.setGlobalOptions = exports.params = exports.logger = exports.storage = exports.pubsub = exports.https = void 0;
 const logger = require("../logger");
 exports.logger = logger;
 const params = require("./params");
@@ -30,5 +30,7 @@ const https = require("./providers/https");
 exports.https = https;
 const pubsub = require("./providers/pubsub");
 exports.pubsub = pubsub;
+const storage = require("./providers/storage");
+exports.storage = storage;
 var options_1 = require("./options");
 Object.defineProperty(exports, "setGlobalOptions", { enumerable: true, get: function () { return options_1.setGlobalOptions; } });

package/lib/v2/providers/https.js

@@ -88,7 +88,7 @@ function onCall(optsOrHandler, handler) {
     // onCallHandler sniffs the function length to determine which API to present.
     // fix the length to prevent api versions from being mismatched.
     const fixedLen = (req) => handler(req);
-    const func = (0, https_1.onCallHandler)({ origin, methods: 'POST' }, fixedLen);
+    const func = (0, https_1.onCallHandler)({ cors: { origin, methods: 'POST' } }, fixedLen);
     Object.defineProperty(func, '__trigger', {
         get: () => {
             const baseOpts = options.optionsToTriggerAnnotations(options.getGlobalOptions());

package/lib/v2/providers/storage.d.ts

@@ -0,0 +1,170 @@
+import { CloudEvent, CloudFunction } from '../core';
+import * as options from '../options';
+/**
+ * An object within Google Cloud Storage.
+ * Ref: https://github.com/googleapis/google-cloudevents-nodejs/blob/main/cloud/storage/v1/StorageObjectData.ts
+ */
+export interface StorageObjectData {
+    /**
+     * The name of the bucket containing this object.
+     */
+    bucket?: string;
+    /**
+     * Cache-Control directive for the object data, matching
+     * [https://tools.ietf.org/html/rfc7234#section-5.2"][RFC 7234 §5.2].
+     */
+    cacheControl?: string;
+    /**
+     * Number of underlying components that make up this object. Components are
+     * accumulated by compose operations.
+     * Attempting to set this field will result in an error.
+     */
+    componentCount?: number;
+    /**
+     * Content-Disposition of the object data, matching
+     * [https://tools.ietf.org/html/rfc6266][RFC 6266].
+     */
+    contentDisposition?: string;
+    /**
+     * Content-Encoding of the object data, matching
+     * [https://tools.ietf.org/html/rfc7231#section-3.1.2.2][RFC 7231 §3.1.2.2]
+     */
+    contentEncoding?: string;
+    /**
+     * Content-Language of the object data, matching
+     * [https://tools.ietf.org/html/rfc7231#section-3.1.3.2][RFC 7231 §3.1.3.2].
+     */
+    contentLanguage?: string;
+    /**
+     * Content-Type of the object data, matching
+     * [https://tools.ietf.org/html/rfc7231#section-3.1.1.5][RFC 7231 §3.1.1.5].
+     * If an object is stored without a Content-Type, it is served as
+     * `application/octet-stream`.
+     */
+    contentType?: string;
+    /**
+     * CRC32c checksum. For more information about using the CRC32c
+     * checksum, see
+     * [https://cloud.google.com/storage/docs/hashes-etags#_JSONAPI][Hashes and
+     * ETags: Best Practices].
+     */
+    crc32c?: string;
+    /**
+     * Metadata of customer-supplied encryption key, if the object is encrypted by
+     * such a key.
+     */
+    customerEncryption?: CustomerEncryption;
+    /**
+     * HTTP 1.1 Entity tag for the object. See
+     * [https://tools.ietf.org/html/rfc7232#section-2.3][RFC 7232 §2.3].
+     */
+    etag?: string;
+    /**
+     * The content generation of this object. Used for object versioning.
+     * Attempting to set this field will result in an error.
+     */
+    generation?: number;
+    /**
+     * The ID of the object, including the bucket name, object name, and
+     * generation number.
+     */
+    id?: string;
+    /**
+     * The kind of item this is. For objects, this is always "storage#object".
+     */
+    kind?: string;
+    /**
+     * MD5 hash of the data; encoded using base64 as per
+     * [https://tools.ietf.org/html/rfc4648#section-4][RFC 4648 §4]. For more
+     * information about using the MD5 hash, see
+     * [https://cloud.google.com/storage/docs/hashes-etags#_JSONAPI][Hashes and
+     * ETags: Best Practices].
+     */
+    md5Hash?: string;
+    /**
+     * Media download link.
+     */
+    mediaLink?: string;
+    /**
+     * User-provided metadata, in key/value pairs.
+     */
+    metadata?: {
+        [key: string]: string;
+    };
+    /**
+     * The version of the metadata for this object at this generation. Used for
+     * preconditions and for detecting changes in metadata. A metageneration
+     * number is only meaningful in the context of a particular generation of a
+     * particular object.
+     */
+    metageneration?: number;
+    /**
+     * The name of the object.
+     */
+    name?: string;
+    /**
+     * The link to this object.
+     */
+    selfLink?: string;
+    /**
+     * Content-Length of the object data in bytes, matching
+     * [https://tools.ietf.org/html/rfc7230#section-3.3.2][RFC 7230 §3.3.2].
+     */
+    size?: number;
+    /**
+     * Storage class of the object.
+     */
+    storageClass?: string;
+    /**
+     * The creation time of the object.
+     * Attempting to set this field will result in an error.
+     */
+    timeCreated?: Date | string;
+    /**
+     * The deletion time of the object. Will be returned if and only if this
+     * version of the object has been deleted.
+     */
+    timeDeleted?: Date | string;
+    /**
+     * The time at which the object's storage class was last changed.
+     */
+    timeStorageClassUpdated?: Date | string;
+    /**
+     * The modification time of the object metadata.
+     */
+    updated?: Date | string;
+}
+/**
+ * Metadata of customer-supplied encryption key, if the object is encrypted by
+ * such a key.
+ */
+export interface CustomerEncryption {
+    /**
+     * The encryption algorithm.
+     */
+    encryptionAlgorithm?: string;
+    /**
+     * SHA256 hash value of the encryption key.
+     */
+    keySha256?: string;
+}
+/** StorageOptions extend EventHandlerOptions with a bucket name  */
+export interface StorageOptions extends options.EventHandlerOptions {
+    bucket?: string;
+}
+/** Handle a storage object archived */
+export declare function onObjectArchived(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectArchived(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectArchived(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+/** Handle a storage object finalized */
+export declare function onObjectFinalized(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectFinalized(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectFinalized(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+/** Handle a storage object deleted */
+export declare function onObjectDeleted(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectDeleted(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectDeleted(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+/** Handle a storage object metadata updated */
+export declare function onObjectMetadataUpdated(handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectMetadataUpdated(bucket: string, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;
+export declare function onObjectMetadataUpdated(opts: StorageOptions, handler: (event: CloudEvent<StorageObjectData>) => any | Promise<any>): CloudFunction<StorageObjectData>;

package/lib/v2/providers/storage.js

@@ -0,0 +1,110 @@
+"use strict";
+// The MIT License (MIT)
+//
+// Copyright (c) 2017 Firebase
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOptsAndBucket = exports.onOperation = exports.onObjectMetadataUpdated = exports.onObjectDeleted = exports.onObjectFinalized = exports.onObjectArchived = exports.metadataUpdatedEvent = exports.deletedEvent = exports.finalizedEvent = exports.archivedEvent = void 0;
+const config_1 = require("../../config");
+const options = require("../options");
+/** @internal */
+exports.archivedEvent = 'google.cloud.storage.object.v1.archived';
+/** @internal */
+exports.finalizedEvent = 'google.cloud.storage.object.v1.finalized';
+/** @internal */
+exports.deletedEvent = 'google.cloud.storage.object.v1.deleted';
+/** @internal */
+exports.metadataUpdatedEvent = 'google.cloud.storage.object.v1.metadataUpdated';
+function onObjectArchived(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.archivedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectArchived = onObjectArchived;
+function onObjectFinalized(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.finalizedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectFinalized = onObjectFinalized;
+function onObjectDeleted(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.deletedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectDeleted = onObjectDeleted;
+function onObjectMetadataUpdated(buketOrOptsOrHandler, handler) {
+    return onOperation(exports.metadataUpdatedEvent, buketOrOptsOrHandler, handler);
+}
+exports.onObjectMetadataUpdated = onObjectMetadataUpdated;
+/** @internal */
+function onOperation(eventType, bucketOrOptsOrHandler, handler) {
+    if (typeof bucketOrOptsOrHandler === 'function') {
+        handler = bucketOrOptsOrHandler;
+        bucketOrOptsOrHandler = {};
+    }
+    const [opts, bucket] = getOptsAndBucket(bucketOrOptsOrHandler);
+    const func = (raw) => {
+        return handler(raw);
+    };
+    func.run = handler;
+    // TypeScript doesn't recongize defineProperty as adding a property and complains
+    // that __trigger doesn't exist. We can either cast to any and lose all type safety
+    // or we can just assign a meaningless value before calling defineProperty.
+    func.__trigger = 'silence the transpiler';
+    Object.defineProperty(func, '__trigger', {
+        get: () => {
+            const baseOpts = options.optionsToTriggerAnnotations(options.getGlobalOptions());
+            const specificOpts = options.optionsToTriggerAnnotations(opts);
+            return {
+                platform: 'gcfv2',
+                ...baseOpts,
+                ...specificOpts,
+                labels: {
+                    ...baseOpts === null || baseOpts === void 0 ? void 0 : baseOpts.labels,
+                    ...specificOpts === null || specificOpts === void 0 ? void 0 : specificOpts.labels,
+                },
+                eventTrigger: {
+                    eventType,
+                    resource: bucket, // TODO(colerogers): replace with 'bucket,' eventually
+                },
+            };
+        },
+    });
+    return func;
+}
+exports.onOperation = onOperation;
+/** @internal */
+function getOptsAndBucket(bucketOrOpts) {
+    let bucket;
+    let opts;
+    if (typeof bucketOrOpts === 'string') {
+        bucket = bucketOrOpts;
+        opts = {};
+    }
+    else {
+        bucket = bucketOrOpts.bucket || (0, config_1.firebaseConfig)().storageBucket;
+        opts = { ...bucketOrOpts };
+        delete opts.bucket;
+    }
+    if (!bucket) {
+        throw new Error('Missing bucket name. If you are unit testing, please provide a bucket name' +
+            ' by providing bucket name directly in the event handler or by setting process.env.FIREBASE_CONFIG.');
+    }
+    if (!/^[a-z\d][a-z\d\\._-]{1,230}[a-z\d]$/.test(bucket)) {
+        throw new Error(`Invalid bucket name ${bucket}`);
+    }
+    return [opts, bucket];
+}
+exports.getOptsAndBucket = getOptsAndBucket;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-functions",
-  "version": "3.15.7",
+  "version": "3.16.0",
   "description": "Firebase SDK for Cloud Functions",
   "keywords": [
     "firebase",
@@ -53,7 +53,8 @@
     "./v2/options": "./lib/v2/options.js",
     "./v2/https": "./lib/v2/providers/https.js",
     "./v2/params": "./lib/v2/params/index.js",
-    "./v2/pubsub": "./lib/v2/providers/pubsub.js"
+    "./v2/pubsub": "./lib/v2/providers/pubsub.js",
+    "./v2/storage": "./lib/v2/providers/storage.js"
   },
   "typesVersions": {
     "*": {
@@ -110,6 +111,9 @@
       ],
       "v2/pubsub": [
         "lib/v2/providers/pubsub"
+      ],
+      "v2/storage": [
+        "lib/v2/providers/storage"
       ]
     }
   },
@@ -148,7 +152,7 @@
     "chai": "^4.2.0",
     "chai-as-promised": "^7.1.1",
     "child-process-promise": "^2.2.1",
-    "firebase-admin": "^9.8.0",
+    "firebase-admin": "10.0.0",
     "js-yaml": "^3.13.1",
     "jsdom": "^16.2.1",
     "jsonwebtoken": "^8.5.1",
@@ -164,12 +168,12 @@
     "tslint-config-prettier": "^1.18.0",
     "tslint-no-unused-expression-chai": "^0.1.4",
     "tslint-plugin-prettier": "^2.0.1",
-    "typedoc": "^0.21.5",
+    "typedoc": "0.21.2",
     "typescript": "^4.3.5",
     "yargs": "^15.3.1"
   },
   "peerDependencies": {
-    "firebase-admin": "^8.0.0 || ^9.0.0"
+    "firebase-admin": "^8.0.0 || ^9.0.0 || ^10.0.0"
   },
   "engines": {
     "node": "^8.13.0 || >=10.10.0"