firebase-functions 3.16.0 → 3.18.0

package/lib/bin/firebase-functions.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/lib/bin/firebase-functions.js

@@ -0,0 +1,48 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const express = require("express");
+const loader_1 = require("../runtime/loader");
+function printUsageAndExit() {
+    console.error(`
+Usage: firebase-functions [functionsDir]
+
+Arguments:
+  - functionsDir: Directory containing source code for Firebase Functions.
+`);
+    process.exit(1);
+}
+let functionsDir = '.';
+const args = process.argv.slice(2);
+if (args.length > 1) {
+    if (args[0] === '-h' || args[0] === '--help') {
+        printUsageAndExit();
+    }
+    functionsDir = args[0];
+}
+let server;
+const app = express();
+async function handleQuitquitquit(req, res) {
+    res.send('ok');
+    server.close(() => console.log('shutdown requested via /__/quitquitquit'));
+}
+app.get('/__/quitquitquit', handleQuitquitquit);
+app.post('/__/quitquitquit', handleQuitquitquit);
+app.get('/__/stack.yaml', async (req, res) => {
+    try {
+        const stack = await (0, loader_1.loadStack)(functionsDir);
+        res.setHeader('content-type', 'text/yaml');
+        res.send(JSON.stringify(stack));
+    }
+    catch (e) {
+        res
+            .status(400)
+            .send(`Failed to generate manifest from function source: ${e}`);
+    }
+});
+let port = 8080;
+if (process.env.STACK_CONTROL_API_PORT) {
+    port = Number.parseInt(process.env.STACK_CONTROL_API_PORT);
+}
+console.log('Serving at port', port);
+server = app.listen(port);

package/lib/cloud-functions.d.ts

@@ -2,6 +2,7 @@ import { Request, Response } from 'express';
 import { DeploymentOptions, FailurePolicy, Schedule } from './function-configuration';
 export { Request, Response };
 import { Duration } from './common/encoding';
+import { ManifestEndpoint, ManifestRequiredAPI } from './runtime/manifest';
 /**
  * @hidden
  *
@@ -198,8 +199,17 @@ export interface TriggerAnnotated {
         vpcConnectorEgressSettings?: string;
         serviceAccountEmail?: string;
         ingressSettings?: string;
+        secrets?: string[];
     };
 }
+/**
+ * @hidden
+ * EndpointAnnotated is used to generate the manifest that conforms to the container contract.
+ */
+export interface EndpointAnnotated {
+    __endpoint: ManifestEndpoint;
+    __requiredAPIs?: ManifestRequiredAPI[];
+}
 /**
  * A Runnable has a `run` method which directly invokes the user-defined
  * function - useful for unit testing.
@@ -216,7 +226,7 @@ export interface Runnable<T> {
  * [`Response`](https://expressjs.com/en/api.html#res) objects as its only
  * arguments.
  */
-export declare type HttpsFunction = TriggerAnnotated & ((req: Request, resp: Response) => void | Promise<void>);
+export declare type HttpsFunction = TriggerAnnotated & EndpointAnnotated & ((req: Request, resp: Response) => void | Promise<void>);
 /**
  * The Cloud Function type for all non-HTTPS triggers. This should be exported
  * from your JavaScript file to define a Cloud Function.
@@ -224,7 +234,7 @@ export declare type HttpsFunction = TriggerAnnotated & ((req: Request, resp: Res
  * This type is a special JavaScript function which takes a templated
  * `Event` object as its only argument.
  */
-export declare type CloudFunction<T> = Runnable<T> & TriggerAnnotated & ((input: any, context?: any) => PromiseLike<any> | any);
+export declare type CloudFunction<T> = Runnable<T> & TriggerAnnotated & EndpointAnnotated & ((input: any, context?: any) => PromiseLike<any> | any);
 /** @hidden */
 export interface MakeCloudFunctionArgs<EventData> {
     after?: (raw: Event) => void;
@@ -233,13 +243,9 @@ export interface MakeCloudFunctionArgs<EventData> {
     dataConstructor?: (raw: Event) => EventData;
     eventType: string;
     handler?: (data: EventData, context: EventContext) => PromiseLike<any> | any;
-    labels?: {
-        [key: string]: any;
-    };
+    labels?: Record<string, string>;
     legacyEventType?: string;
-    options?: {
-        [key: string]: any;
-    };
+    options?: DeploymentOptions;
     provider: string;
     service: string;
     triggerResource: () => string;
@@ -248,3 +254,4 @@ export interface MakeCloudFunctionArgs<EventData> {
 export declare function makeCloudFunction<EventData>({ after, before, contextOnlyHandler, dataConstructor, eventType, handler, labels, legacyEventType, options, provider, service, triggerResource, }: MakeCloudFunctionArgs<EventData>): CloudFunction<EventData>;
 /** @hidden */
 export declare function optionsToTrigger(options: DeploymentOptions): any;
+export declare function optionsToEndpoint(options: DeploymentOptions): ManifestEndpoint;

package/lib/cloud-functions.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.optionsToTrigger = exports.makeCloudFunction = exports.Change = void 0;
+exports.optionsToEndpoint = exports.optionsToTrigger = exports.makeCloudFunction = exports.Change = void 0;
 const _ = require("lodash");
 const function_configuration_1 = require("./function-configuration");
 const logger_1 = require("./logger");
@@ -165,6 +165,42 @@ function makeCloudFunction({ after = () => { }, before = () => { }, contextOnlyH
             return trigger;
         },
     });
+    Object.defineProperty(cloudFunction, '__endpoint', {
+        get: () => {
+            if (triggerResource() == null) {
+                return undefined;
+            }
+            const endpoint = {
+                platform: 'gcfv1',
+                ...optionsToEndpoint(options),
+            };
+            if (options.schedule) {
+                endpoint.scheduleTrigger = options.schedule;
+            }
+            else {
+                endpoint.eventTrigger = {
+                    eventType: legacyEventType || provider + '.' + eventType,
+                    eventFilters: {
+                        resource: triggerResource(),
+                    },
+                    retry: !!options.failurePolicy,
+                };
+            }
+            // Note: We intentionally don't make use of labels args here.
+            // labels is used to pass SDK-defined labels to the trigger, which isn't
+            // something we will do in the container contract world.
+            endpoint.labels = { ...endpoint.labels };
+            return endpoint;
+        },
+    });
+    if (options.schedule) {
+        cloudFunction.__requiredAPIs = [
+            {
+                api: 'cloudscheduler.googleapis.com',
+                reason: 'Needed for scheduled functions.',
+            },
+        ];
+    }
     cloudFunction.run = handler || contextOnlyHandler;
     return cloudFunction;
 }
@@ -216,7 +252,7 @@ function _detectAuthType(event) {
 /** @hidden */
 function optionsToTrigger(options) {
     const trigger = {};
-    (0, encoding_1.copyIfPresent)(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels');
+    (0, encoding_1.copyIfPresent)(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels', 'secrets');
     (0, encoding_1.convertIfPresent)(trigger, options, 'failurePolicy', 'failurePolicy', (policy) => {
         if (policy === false) {
             return undefined;
@@ -245,3 +281,28 @@ function optionsToTrigger(options) {
     return trigger;
 }
 exports.optionsToTrigger = optionsToTrigger;
+function optionsToEndpoint(options) {
+    const endpoint = {};
+    (0, encoding_1.copyIfPresent)(endpoint, options, 'minInstances', 'maxInstances', 'ingressSettings', 'labels', 'timeoutSeconds');
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'region', 'regions');
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'serviceAccountEmail', 'serviceAccount', (sa) => sa);
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'secretEnvironmentVariables', 'secrets', (secrets) => secrets.map((secret) => ({ secret, key: secret })));
+    if (options === null || options === void 0 ? void 0 : options.vpcConnector) {
+        endpoint.vpc = { connector: options.vpcConnector };
+        (0, encoding_1.convertIfPresent)(endpoint.vpc, options, 'egressSettings', 'vpcConnectorEgressSettings');
+    }
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'availableMemoryMb', 'memory', (mem) => {
+        const memoryLookup = {
+            '128MB': 128,
+            '256MB': 256,
+            '512MB': 512,
+            '1GB': 1024,
+            '2GB': 2048,
+            '4GB': 4096,
+            '8GB': 8192,
+        };
+        return memoryLookup[mem];
+    });
+    return endpoint;
+}
+exports.optionsToEndpoint = optionsToEndpoint;

package/lib/common/encoding.js

@@ -13,6 +13,9 @@ exports.durationFromSeconds = durationFromSeconds;
  * in A and B, but cannot verify that both Src and Dest have the same type for the same field.
  */
 function copyIfPresent(dest, src, ...fields) {
+    if (!src) {
+        return;
+    }
     for (const field of fields) {
         if (!Object.prototype.hasOwnProperty.call(src, field)) {
             continue;
@@ -24,6 +27,9 @@ exports.copyIfPresent = copyIfPresent;
 function convertIfPresent(dest, src, destField, srcField, converter = (from) => {
     return from;
 }) {
+    if (!src) {
+        return;
+    }
     if (!Object.prototype.hasOwnProperty.call(src, srcField)) {
         return;
     }

package/lib/common/providers/https.d.ts

@@ -1,5 +1,4 @@
 /// <reference types="node" />
-import * as cors from 'cors';
 import * as express from 'express';
 import * as firebase from 'firebase-admin';
 /** @hidden */
@@ -108,6 +107,55 @@ export interface CallableRequest<T = any> {
      */
     rawRequest: Request;
 }
+/** How a task should be retried in the event of a non-2xx return. */
+export interface TaskRetryConfig {
+    /**
+     * Maximum number of times a request should be attempted.
+     * If left unspecified, will default to 3.
+     */
+    maxAttempts?: number;
+    /**
+     * The maximum amount of time to wait between attempts.
+     * If left unspecified will default to 1hr.
+     */
+    maxBackoffSeconds?: number;
+    /**
+     * The maximum number of times to double the backoff between
+     * retries. If left unspecified will default to 16.
+     */
+    maxDoublings?: number;
+    /**
+     * The minimum time to wait between attempts. If left unspecified
+     * will default to 100ms.
+     */
+    minBackoffSeconds?: number;
+}
+/** How congestion control should be applied to the function. */
+export interface TaskRateLimits {
+    maxBurstSize?: number;
+    maxConcurrentDispatches?: number;
+    maxDispatchesPerSecond?: number;
+}
+/** Metadata about a call to a Task Queue function. */
+export interface TaskContext {
+    /**
+     * The result of decoding and verifying an ODIC token.
+     */
+    auth?: AuthData;
+}
+/**
+ * The request used to call a Task Queue function.
+ */
+export interface TaskRequest<T = any> {
+    /**
+     * The parameters used by a client when calling this function.
+     */
+    data: T;
+    /**
+     * The result of decoding and verifying an ODIC token.
+     */
+    auth?: AuthData;
+}
 /**
  * The set of Firebase Functions status codes. The codes are the same at the
  * ones exposed by gRPC here:
@@ -196,13 +244,4 @@ export declare function encode(data: any): any;
  */
 /** @hidden */
 export declare function decode(data: any): any;
-declare type v1Handler = (data: any, context: CallableContext) => any | Promise<any>;
-declare type v2Handler<Req, Res> = (request: CallableRequest<Req>) => Res;
-/** @hidden **/
-export interface CallableOptions {
-    cors: cors.CorsOptions;
-    allowInvalidAppCheckToken?: boolean;
-}
-/** @hidden */
-export declare function onCallHandler<Req = any, Res = any>(options: CallableOptions, handler: v1Handler | v2Handler<Req, Res>): (req: Request, res: express.Response) => Promise<void>;
 export {};

package/lib/common/providers/https.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onCallHandler = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.decode = exports.encode = exports.HttpsError = void 0;
+exports.onDispatchHandler = exports.onCallHandler = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.decode = exports.encode = exports.HttpsError = void 0;
 const cors = require("cors");
 const logger = require("../../logger");
 // TODO(inlined): Decide whether we want to un-version apps or whether we want a
@@ -263,64 +263,20 @@ exports.unsafeDecodeAppCheckToken = unsafeDecodeAppCheckToken;
  * @param {CallableContext} ctx - Context to be sent to callable function handler.
  * @return {CallableTokenStatus} Status of the token verifications.
  */
-/** @hidden */
+/** @internal */
 async function checkTokens(req, ctx) {
     const verifications = {
-        app: 'MISSING',
-        auth: 'MISSING',
+        app: 'INVALID',
+        auth: 'INVALID',
     };
-    const skipTokenVerify = (0, debug_1.isDebugFeatureEnabled)('skipTokenVerification');
-    const appCheck = req.header('X-Firebase-AppCheck');
-    if (appCheck) {
-        verifications.app = 'INVALID';
-        try {
-            if (!(0, apps_1.apps)().admin.appCheck) {
-                throw new Error('Cannot validate AppCheck token. Please update Firebase Admin SDK to >= v9.8.0');
-            }
-            let appCheckData;
-            if (skipTokenVerify) {
-                const decodedToken = unsafeDecodeAppCheckToken(appCheck);
-                appCheckData = { appId: decodedToken.app_id, token: decodedToken };
-            }
-            else {
-                appCheckData = await (0, apps_1.apps)()
-                    .admin.appCheck()
-                    .verifyToken(appCheck);
-            }
-            ctx.app = appCheckData;
-            verifications.app = 'VALID';
-        }
-        catch (err) {
-            logger.warn('Failed to validate AppCheck token.', err);
-        }
-    }
-    const authorization = req.header('Authorization');
-    if (authorization) {
-        verifications.auth = 'INVALID';
-        const match = authorization.match(/^Bearer (.*)$/);
-        if (match) {
-            const idToken = match[1];
-            try {
-                let authToken;
-                if (skipTokenVerify) {
-                    authToken = unsafeDecodeIdToken(idToken);
-                }
-                else {
-                    authToken = await (0, apps_1.apps)()
-                        .admin.auth()
-                        .verifyIdToken(idToken);
-                }
-                verifications.auth = 'VALID';
-                ctx.auth = {
-                    uid: authToken.uid,
-                    token: authToken,
-                };
-            }
-            catch (err) {
-                logger.warn('Failed to validate auth token.', err);
-            }
-        }
-    }
+    await Promise.all([
+        Promise.resolve().then(async () => {
+            verifications.auth = await checkAuthToken(req, ctx);
+        }),
+        Promise.resolve().then(async () => {
+            verifications.app = await checkAppCheckToken(req, ctx);
+        }),
+    ]);
     const logPayload = {
         verifications,
         'logging.googleapis.com/labels': {
@@ -342,7 +298,66 @@ async function checkTokens(req, ctx) {
     }
     return verifications;
 }
-/** @hidden */
+/** @interanl */
+async function checkAuthToken(req, ctx) {
+    const authorization = req.header('Authorization');
+    if (!authorization) {
+        return 'MISSING';
+    }
+    const match = authorization.match(/^Bearer (.*)$/);
+    if (match) {
+        const idToken = match[1];
+        try {
+            let authToken;
+            if ((0, debug_1.isDebugFeatureEnabled)('skipTokenVerification')) {
+                authToken = unsafeDecodeIdToken(idToken);
+            }
+            else {
+                authToken = await (0, apps_1.apps)()
+                    .admin.auth()
+                    .verifyIdToken(idToken);
+            }
+            ctx.auth = {
+                uid: authToken.uid,
+                token: authToken,
+            };
+            return 'VALID';
+        }
+        catch (err) {
+            logger.warn('Failed to validate auth token.', err);
+            return 'INVALID';
+        }
+    }
+}
+/** @internal */
+async function checkAppCheckToken(req, ctx) {
+    const appCheck = req.header('X-Firebase-AppCheck');
+    if (!appCheck) {
+        return 'MISSING';
+    }
+    try {
+        if (!(0, apps_1.apps)().admin.appCheck) {
+            throw new Error('Cannot validate AppCheck token. Please update Firebase Admin SDK to >= v9.8.0');
+        }
+        let appCheckData;
+        if ((0, debug_1.isDebugFeatureEnabled)('skipTokenVerification')) {
+            const decodedToken = unsafeDecodeAppCheckToken(appCheck);
+            appCheckData = { appId: decodedToken.app_id, token: decodedToken };
+        }
+        else {
+            appCheckData = await (0, apps_1.apps)()
+                .admin.appCheck()
+                .verifyToken(appCheck);
+        }
+        ctx.app = appCheckData;
+        return 'VALID';
+    }
+    catch (err) {
+        logger.warn('Failed to validate AppCheck token.', err);
+        return 'INVALID';
+    }
+}
+/** @internal */
 function onCallHandler(options, handler) {
     const wrapped = wrapOnCallHandler(options, handler);
     return (req, res) => {
@@ -411,3 +426,45 @@ function wrapOnCallHandler(options, handler) {
         }
     };
 }
+/** @internal */
+function onDispatchHandler(handler) {
+    return async (req, res) => {
+        try {
+            if (!isValidRequest(req)) {
+                logger.error('Invalid request, unable to process.');
+                throw new HttpsError('invalid-argument', 'Bad Request');
+            }
+            const context = {};
+            const status = await checkAuthToken(req, context);
+            // Note: this should never happen since task queue functions are guarded by IAM.
+            if (status === 'INVALID') {
+                throw new HttpsError('unauthenticated', 'Unauthenticated');
+            }
+            const data = decode(req.body.data);
+            if (handler.length === 2) {
+                await handler(data, context);
+            }
+            else {
+                const arg = {
+                    ...context,
+                    data,
+                };
+                // For some reason the type system isn't picking up that the handler
+                // is a one argument function.
+                await handler(arg);
+            }
+            res.status(204).end();
+        }
+        catch (err) {
+            if (!(err instanceof HttpsError)) {
+                // This doesn't count as an 'explicit' error.
+                logger.error('Unhandled error', err);
+                err = new HttpsError('internal', 'INTERNAL');
+            }
+            const { status } = err.httpErrorCode;
+            const body = { error: err.toJSON() };
+            res.status(status).send(body);
+        }
+    };
+}
+exports.onDispatchHandler = onDispatchHandler;

package/lib/common/providers/identity.d.ts

@@ -0,0 +1,29 @@
+import * as firebase from 'firebase-admin';
+/**
+ * The UserRecord passed to Cloud Functions is the same UserRecord that is returned by the Firebase Admin
+ * SDK.
+ */
+export declare type UserRecord = firebase.auth.UserRecord;
+/**
+ * UserInfo that is part of the UserRecord
+ */
+export declare type UserInfo = firebase.auth.UserInfo;
+/**
+ * Helper class to create the user metadata in a UserRecord object
+ */
+export declare class UserRecordMetadata implements firebase.auth.UserMetadata {
+    creationTime: string;
+    lastSignInTime: string;
+    constructor(creationTime: string, lastSignInTime: string);
+    /** Returns a plain JavaScript object with the properties of UserRecordMetadata. */
+    toJSON(): {
+        creationTime: string;
+        lastSignInTime: string;
+    };
+}
+/**
+ * Helper function that creates a UserRecord Class from data sent over the wire.
+ * @param wireData data sent over the wire
+ * @returns an instance of UserRecord with correct toJSON functions
+ */
+export declare function userRecordConstructor(wireData: Object): UserRecord;

package/lib/common/providers/identity.js

@@ -0,0 +1,96 @@
+"use strict";
+// The MIT License (MIT)
+//
+// Copyright (c) 2022 Firebase
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.userRecordConstructor = exports.UserRecordMetadata = void 0;
+const _ = require("lodash");
+/**
+ * Helper class to create the user metadata in a UserRecord object
+ */
+class UserRecordMetadata {
+    constructor(creationTime, lastSignInTime) {
+        this.creationTime = creationTime;
+        this.lastSignInTime = lastSignInTime;
+    }
+    /** Returns a plain JavaScript object with the properties of UserRecordMetadata. */
+    toJSON() {
+        return {
+            creationTime: this.creationTime,
+            lastSignInTime: this.lastSignInTime,
+        };
+    }
+}
+exports.UserRecordMetadata = UserRecordMetadata;
+/**
+ * Helper function that creates a UserRecord Class from data sent over the wire.
+ * @param wireData data sent over the wire
+ * @returns an instance of UserRecord with correct toJSON functions
+ */
+function userRecordConstructor(wireData) {
+    // Falsey values from the wire format proto get lost when converted to JSON, this adds them back.
+    const falseyValues = {
+        email: null,
+        emailVerified: false,
+        displayName: null,
+        photoURL: null,
+        phoneNumber: null,
+        disabled: false,
+        providerData: [],
+        customClaims: {},
+        passwordSalt: null,
+        passwordHash: null,
+        tokensValidAfterTime: null,
+    };
+    const record = _.assign({}, falseyValues, wireData);
+    const meta = _.get(record, 'metadata');
+    if (meta) {
+        _.set(record, 'metadata', new UserRecordMetadata(meta.createdAt || meta.creationTime, meta.lastSignedInAt || meta.lastSignInTime));
+    }
+    else {
+        _.set(record, 'metadata', new UserRecordMetadata(null, null));
+    }
+    _.forEach(record.providerData, (entry) => {
+        _.set(entry, 'toJSON', () => {
+            return entry;
+        });
+    });
+    _.set(record, 'toJSON', () => {
+        const json = _.pick(record, [
+            'uid',
+            'email',
+            'emailVerified',
+            'displayName',
+            'photoURL',
+            'phoneNumber',
+            'disabled',
+            'passwordHash',
+            'passwordSalt',
+            'tokensValidAfterTime',
+        ]);
+        json.metadata = _.get(record, 'metadata').toJSON();
+        json.customClaims = _.cloneDeep(record.customClaims);
+        json.providerData = _.map(record.providerData, (entry) => entry.toJSON());
+        return json;
+    });
+    return record;
+}
+exports.userRecordConstructor = userRecordConstructor;

package/lib/function-builder.d.ts

@@ -77,7 +77,13 @@ export declare class FunctionBuilder {
          * Declares a callable method for clients to call using a Firebase SDK.
          * @param handler A method that takes a data and context and returns a value.
          */
-        onCall: (handler: (data: any, context: https.CallableContext) => any | Promise<any>) => import("./cloud-functions").TriggerAnnotated & ((req: express.Request<import("express-serve-static-core").ParamsDictionary>, resp: express.Response<any>) => void | Promise<void>) & import("./cloud-functions").Runnable<any>;
+        onCall: (handler: (data: any, context: https.CallableContext) => any | Promise<any>) => import("./cloud-functions").TriggerAnnotated & import("./cloud-functions").EndpointAnnotated & ((req: express.Request<import("express-serve-static-core").ParamsDictionary>, resp: express.Response<any>) => void | Promise<void>) & import("./cloud-functions").Runnable<any>;
+        /**
+         * Declares a task queue function for clients to call using a Firebase Admin SDK.
+         * @param options Configurations for the task queue function.
+         */
+        /** @hidden */
+        taskQueue: (options?: https.TaskQueueOptions) => https.TaskQueueBuilder;
     };
     get database(): {
         /**

package/lib/function-builder.js

@@ -125,6 +125,13 @@ function assertRuntimeOptionsValid(runtimeOptions) {
             }
         }
     }
+    if (runtimeOptions.secrets !== undefined) {
+        const invalidSecrets = runtimeOptions.secrets.filter((s) => !/^[A-Za-z\d\-_]+$/.test(s));
+        if (invalidSecrets.length > 0) {
+            throw new Error(`Invalid secrets: ${invalidSecrets.join(',')}. ` +
+                'Secret must be configured using the resource id (e.g. API_KEY)');
+        }
+    }
     return true;
 }
 /**
@@ -231,6 +238,14 @@ class FunctionBuilder {
              * @param handler A method that takes a data and context and returns a value.
              */
             onCall: (handler) => https._onCallWithOptions(handler, this.options),
+            /**
+             * Declares a task queue function for clients to call using a Firebase Admin SDK.
+             * @param options Configurations for the task queue function.
+             */
+            /** @hidden */
+            taskQueue: (options) => {
+                return new https.TaskQueueBuilder(options, this.options);
+            },
         };
     }
     get database() {

package/lib/function-configuration.d.ts

@@ -99,6 +99,7 @@ export interface RuntimeOptions {
      */
     invoker?: 'public' | 'private' | string | string[];
     allowInvalidAppCheckToken?: boolean;
+    secrets?: string[];
 }
 export interface DeploymentOptions extends RuntimeOptions {
     regions?: Array<typeof SUPPORTED_REGIONS[number] | string>;