firebase-functions 3.18.1 → 3.20.1

package/lib/apps.js

@@ -103,7 +103,7 @@ exports.apps = apps;
             this._emulatedAdminApp = app;
         }
         get firebaseArgs() {
-            return _.assign({}, (0, config_1.firebaseConfig)(), {
+            return _.assign({}, config_1.firebaseConfig(), {
                 credential: firebase.credential.applicationDefault(),
             });
         }

package/lib/bin/firebase-functions.js

@@ -31,7 +31,7 @@ app.post('/__/quitquitquit', handleQuitquitquit);
 if (process.env.FUNCTIONS_CONTROL_API === 'true') {
     app.get('/__/functions.yaml', async (req, res) => {
         try {
-            const stack = await (0, loader_1.loadStack)(functionsDir);
+            const stack = await loader_1.loadStack(functionsDir);
             res.setHeader('content-type', 'text/yaml');
             res.send(JSON.stringify(stack));
         }

package/lib/cloud-functions.js

@@ -135,7 +135,7 @@ function makeCloudFunction({ after = () => { }, before = () => { }, contextOnlyH
             promise = handler(dataOrChange, context);
         }
         if (typeof promise === 'undefined') {
-            (0, logger_1.warn)('Function returned undefined, expected Promise or value');
+            logger_1.warn('Function returned undefined, expected Promise or value');
         }
         return Promise.resolve(promise)
             .then((result) => {
@@ -252,8 +252,8 @@ function _detectAuthType(event) {
 /** @hidden */
 function optionsToTrigger(options) {
     const trigger = {};
-    (0, encoding_1.copyIfPresent)(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels', 'secrets');
-    (0, encoding_1.convertIfPresent)(trigger, options, 'failurePolicy', 'failurePolicy', (policy) => {
+    encoding_1.copyIfPresent(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels', 'secrets');
+    encoding_1.convertIfPresent(trigger, options, 'failurePolicy', 'failurePolicy', (policy) => {
         if (policy === false) {
             return undefined;
         }
@@ -264,8 +264,8 @@ function optionsToTrigger(options) {
             return policy;
         }
     });
-    (0, encoding_1.convertIfPresent)(trigger, options, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
-    (0, encoding_1.convertIfPresent)(trigger, options, 'availableMemoryMb', 'memory', (mem) => {
+    encoding_1.convertIfPresent(trigger, options, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
+    encoding_1.convertIfPresent(trigger, options, 'availableMemoryMb', 'memory', (mem) => {
         const memoryLookup = {
             '128MB': 128,
             '256MB': 256,
@@ -277,21 +277,21 @@ function optionsToTrigger(options) {
         };
         return memoryLookup[mem];
     });
-    (0, encoding_1.convertIfPresent)(trigger, options, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
+    encoding_1.convertIfPresent(trigger, options, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
     return trigger;
 }
 exports.optionsToTrigger = optionsToTrigger;
 function optionsToEndpoint(options) {
     const endpoint = {};
-    (0, encoding_1.copyIfPresent)(endpoint, options, 'minInstances', 'maxInstances', 'ingressSettings', 'labels', 'timeoutSeconds');
-    (0, encoding_1.convertIfPresent)(endpoint, options, 'region', 'regions');
-    (0, encoding_1.convertIfPresent)(endpoint, options, 'serviceAccountEmail', 'serviceAccount', (sa) => sa);
-    (0, encoding_1.convertIfPresent)(endpoint, options, 'secretEnvironmentVariables', 'secrets', (secrets) => secrets.map((secret) => ({ secret, key: secret })));
+    encoding_1.copyIfPresent(endpoint, options, 'minInstances', 'maxInstances', 'ingressSettings', 'labels', 'timeoutSeconds');
+    encoding_1.convertIfPresent(endpoint, options, 'region', 'regions');
+    encoding_1.convertIfPresent(endpoint, options, 'serviceAccountEmail', 'serviceAccount', (sa) => sa);
+    encoding_1.convertIfPresent(endpoint, options, 'secretEnvironmentVariables', 'secrets', (secrets) => secrets.map((secret) => ({ secret, key: secret })));
     if (options === null || options === void 0 ? void 0 : options.vpcConnector) {
         endpoint.vpc = { connector: options.vpcConnector };
-        (0, encoding_1.convertIfPresent)(endpoint.vpc, options, 'egressSettings', 'vpcConnectorEgressSettings');
+        encoding_1.convertIfPresent(endpoint.vpc, options, 'egressSettings', 'vpcConnectorEgressSettings');
     }
-    (0, encoding_1.convertIfPresent)(endpoint, options, 'availableMemoryMb', 'memory', (mem) => {
+    encoding_1.convertIfPresent(endpoint, options, 'availableMemoryMb', 'memory', (mem) => {
         const memoryLookup = {
             '128MB': 128,
             '256MB': 256,

package/lib/common/providers/https.d.ts

@@ -1,6 +1,7 @@
 /// <reference types="node" />
 import * as express from 'express';
 import * as firebase from 'firebase-admin';
+import { TaskContext } from './tasks';
 /** @hidden */
 export interface Request extends express.Request {
     rawBody: Buffer;
@@ -107,55 +108,6 @@ export interface CallableRequest<T = any> {
      */
     rawRequest: Request;
 }
-/** How a task should be retried in the event of a non-2xx return. */
-export interface TaskRetryConfig {
-    /**
-     * Maximum number of times a request should be attempted.
-     * If left unspecified, will default to 3.
-     */
-    maxAttempts?: number;
-    /**
-     * The maximum amount of time to wait between attempts.
-     * If left unspecified will default to 1hr.
-     */
-    maxBackoffSeconds?: number;
-    /**
-     * The maximum number of times to double the backoff between
-     * retries. If left unspecified will default to 16.
-     */
-    maxDoublings?: number;
-    /**
-     * The minimum time to wait between attempts. If left unspecified
-     * will default to 100ms.
-     */
-    minBackoffSeconds?: number;
-}
-/** How congestion control should be applied to the function. */
-export interface TaskRateLimits {
-    maxBurstSize?: number;
-    maxConcurrentDispatches?: number;
-    maxDispatchesPerSecond?: number;
-}
-/** Metadata about a call to a Task Queue function. */
-export interface TaskContext {
-    /**
-     * The result of decoding and verifying an ODIC token.
-     */
-    auth?: AuthData;
-}
-/**
- * The request used to call a Task Queue function.
- */
-export interface TaskRequest<T = any> {
-    /**
-     * The parameters used by a client when calling this function.
-     */
-    data: T;
-    /**
-     * The result of decoding and verifying an ODIC token.
-     */
-    auth?: AuthData;
-}
 /**
  * The set of Firebase Functions status codes. The codes are the same at the
  * ones exposed by gRPC here:
@@ -232,6 +184,14 @@ export declare class HttpsError extends Error {
     constructor(code: FunctionsErrorCode, message: string, details?: unknown);
     toJSON(): HttpErrorWireFormat;
 }
+/** @hidden */
+interface HttpRequest extends Request {
+    body: {
+        data: any;
+    };
+}
+/** @hidden */
+export declare function isValidRequest(req: Request): req is HttpRequest;
 /**
  * Encodes arbitrary data in our special format for JSON.
  * This is exposed only for testing.
@@ -244,4 +204,15 @@ export declare function encode(data: any): any;
  */
 /** @hidden */
 export declare function decode(data: any): any;
+/**
+ * Be careful when changing token status values.
+ *
+ * Users are encouraged to setup log-based metric based on these values, and
+ * changing their values may cause their metrics to break.
+ *
+ */
+/** @hidden */
+declare type TokenStatus = 'MISSING' | 'VALID' | 'INVALID';
+/** @interanl */
+export declare function checkAuthToken(req: Request, ctx: CallableContext | TaskContext): Promise<TokenStatus>;
 export {};

package/lib/common/providers/https.js

@@ -21,13 +21,13 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onDispatchHandler = exports.onCallHandler = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.decode = exports.encode = exports.HttpsError = void 0;
+exports.onCallHandler = exports.checkAuthToken = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.decode = exports.encode = exports.isValidRequest = exports.HttpsError = void 0;
 const cors = require("cors");
 const logger = require("../../logger");
 // TODO(inlined): Decide whether we want to un-version apps or whether we want a
 // different strategy
 const apps_1 = require("../../apps");
-const debug_1 = require("../../common/debug");
+const debug_1 = require("../debug");
 const JWT_REGEX = /^[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?\.([a-zA-Z0-9\-_=]+)?$/;
 /**
  * Standard error codes and HTTP statuses for different ways a request can fail,
@@ -100,7 +100,7 @@ function isValidRequest(req) {
     // If it has a charset, just ignore it for now.
     const semiColon = contentType.indexOf(';');
     if (semiColon >= 0) {
-        contentType = contentType.substr(0, semiColon).trim();
+        contentType = contentType.slice(0, semiColon).trim();
     }
     if (contentType !== 'application/json') {
         logger.warn('Request has incorrect Content-Type.', contentType);
@@ -120,6 +120,7 @@ function isValidRequest(req) {
     }
     return true;
 }
+exports.isValidRequest = isValidRequest;
 /** @hidden */
 const LONG_TYPE = 'type.googleapis.com/google.protobuf.Int64Value';
 /** @hidden */
@@ -309,11 +310,11 @@ async function checkAuthToken(req, ctx) {
         const idToken = match[1];
         try {
             let authToken;
-            if ((0, debug_1.isDebugFeatureEnabled)('skipTokenVerification')) {
+            if (debug_1.isDebugFeatureEnabled('skipTokenVerification')) {
                 authToken = unsafeDecodeIdToken(idToken);
             }
             else {
-                authToken = await (0, apps_1.apps)()
+                authToken = await apps_1.apps()
                     .admin.auth()
                     .verifyIdToken(idToken);
             }
@@ -329,6 +330,7 @@ async function checkAuthToken(req, ctx) {
         }
     }
 }
+exports.checkAuthToken = checkAuthToken;
 /** @internal */
 async function checkAppCheckToken(req, ctx) {
     const appCheck = req.header('X-Firebase-AppCheck');
@@ -336,16 +338,16 @@ async function checkAppCheckToken(req, ctx) {
         return 'MISSING';
     }
     try {
-        if (!(0, apps_1.apps)().admin.appCheck) {
+        if (!apps_1.apps().admin.appCheck) {
             throw new Error('Cannot validate AppCheck token. Please update Firebase Admin SDK to >= v9.8.0');
         }
         let appCheckData;
-        if ((0, debug_1.isDebugFeatureEnabled)('skipTokenVerification')) {
+        if (debug_1.isDebugFeatureEnabled('skipTokenVerification')) {
             const decodedToken = unsafeDecodeAppCheckToken(appCheck);
             appCheckData = { appId: decodedToken.app_id, token: decodedToken };
         }
         else {
-            appCheckData = await (0, apps_1.apps)()
+            appCheckData = await apps_1.apps()
                 .admin.appCheck()
                 .verifyToken(appCheck);
         }
@@ -426,45 +428,3 @@ function wrapOnCallHandler(options, handler) {
         }
     };
 }
-/** @internal */
-function onDispatchHandler(handler) {
-    return async (req, res) => {
-        try {
-            if (!isValidRequest(req)) {
-                logger.error('Invalid request, unable to process.');
-                throw new HttpsError('invalid-argument', 'Bad Request');
-            }
-            const context = {};
-            const status = await checkAuthToken(req, context);
-            // Note: this should never happen since task queue functions are guarded by IAM.
-            if (status === 'INVALID') {
-                throw new HttpsError('unauthenticated', 'Unauthenticated');
-            }
-            const data = decode(req.body.data);
-            if (handler.length === 2) {
-                await handler(data, context);
-            }
-            else {
-                const arg = {
-                    ...context,
-                    data,
-                };
-                // For some reason the type system isn't picking up that the handler
-                // is a one argument function.
-                await handler(arg);
-            }
-            res.status(204).end();
-        }
-        catch (err) {
-            if (!(err instanceof HttpsError)) {
-                // This doesn't count as an 'explicit' error.
-                logger.error('Unhandled error', err);
-                err = new HttpsError('internal', 'INTERNAL');
-            }
-            const { status } = err.httpErrorCode;
-            const body = { error: err.toJSON() };
-            res.status(status).send(body);
-        }
-    };
-}
-exports.onDispatchHandler = onDispatchHandler;

package/lib/common/providers/identity.d.ts

@@ -1,4 +1,7 @@
 import * as firebase from 'firebase-admin';
+import { HttpsError } from './https';
+import { EventContext } from '../../cloud-functions';
+export { HttpsError };
 /**
  * The UserRecord passed to Cloud Functions is the same UserRecord that is returned by the Firebase Admin
  * SDK.
@@ -16,10 +19,7 @@ export declare class UserRecordMetadata implements firebase.auth.UserMetadata {
     lastSignInTime: string;
     constructor(creationTime: string, lastSignInTime: string);
     /** Returns a plain JavaScript object with the properties of UserRecordMetadata. */
-    toJSON(): {
-        creationTime: string;
-        lastSignInTime: string;
-    };
+    toJSON(): AuthUserMetadata;
 }
 /**
  * Helper function that creates a UserRecord Class from data sent over the wire.
@@ -27,3 +27,186 @@ export declare class UserRecordMetadata implements firebase.auth.UserMetadata {
  * @returns an instance of UserRecord with correct toJSON functions
  */
 export declare function userRecordConstructor(wireData: Object): UserRecord;
+/**
+ * User info that is part of the AuthUserRecord
+ */
+export interface AuthUserInfo {
+    /**
+     * The user identifier for the linked provider.
+     */
+    uid: string;
+    /**
+     * The display name for the linked provider.
+     */
+    displayName: string;
+    /**
+     * The email for the linked provider.
+     */
+    email: string;
+    /**
+     * The photo URL for the linked provider.
+     */
+    photoURL: string;
+    /**
+     * The linked provider ID (for example, "google.com" for the Google provider).
+     */
+    providerId: string;
+    /**
+     * The phone number for the linked provider.
+     */
+    phoneNumber: string;
+}
+/**
+ * Additional metadata about the user.
+ */
+export interface AuthUserMetadata {
+    /**
+     * The date the user was created, formatted as a UTC string.
+     */
+    creationTime: string;
+    /**
+     * The date the user last signed in, formatted as a UTC string.
+     */
+    lastSignInTime: string;
+}
+/**
+ * Interface representing the common properties of a user-enrolled second factor.
+ */
+export interface AuthMultiFactorInfo {
+    /**
+     * The ID of the enrolled second factor. This ID is unique to the user.
+     */
+    uid: string;
+    /**
+     * The optional display name of the enrolled second factor.
+     */
+    displayName?: string;
+    /**
+     * The type identifier of the second factor. For SMS second factors, this is `phone`.
+     */
+    factorId: string;
+    /**
+     * The optional date the second factor was enrolled, formatted as a UTC string.
+     */
+    enrollmentTime?: string;
+    /**
+     * The phone number associated with a phone second factor.
+     */
+    phoneNumber?: string;
+}
+/**
+ * The multi-factor related properties for the current user, if available.
+ */
+export interface AuthMultiFactorSettings {
+    /**
+     * List of second factors enrolled with the current user.
+     */
+    enrolledFactors: AuthMultiFactorInfo[];
+}
+/**
+ * The UserRecord passed to auth blocking Cloud Functions from the identity platform.
+ */
+export interface AuthUserRecord {
+    /**
+     * The user's `uid`.
+     */
+    uid: string;
+    /**
+     * The user's primary email, if set.
+     */
+    email?: string;
+    /**
+     * Whether or not the user's primary email is verified.
+     */
+    emailVerified: boolean;
+    /**
+     * The user's display name.
+     */
+    displayName?: string;
+    /**
+     * The user's photo URL.
+     */
+    photoURL?: string;
+    /**
+     * The user's primary phone number, if set.
+     */
+    phoneNumber?: string;
+    /**
+     * Whether or not the user is disabled: `true` for disabled; `false` for
+     * enabled.
+     */
+    disabled: boolean;
+    /**
+     * Additional metadata about the user.
+     */
+    metadata: AuthUserMetadata;
+    /**
+     * An array of providers (for example, Google, Facebook) linked to the user.
+     */
+    providerData: AuthUserInfo[];
+    /**
+     * The user's hashed password (base64-encoded).
+     */
+    passwordHash?: string;
+    /**
+     * The user's password salt (base64-encoded).
+     */
+    passwordSalt?: string;
+    /**
+     * The user's custom claims object if available, typically used to define
+     * user roles and propagated to an authenticated user's ID token.
+     */
+    customClaims?: Record<string, any>;
+    /**
+     * The ID of the tenant the user belongs to, if available.
+     */
+    tenantId?: string | null;
+    /**
+     * The date the user's tokens are valid after, formatted as a UTC string.
+     */
+    tokensValidAfterTime?: string;
+    /**
+     * The multi-factor related properties for the current user, if available.
+     */
+    multiFactor?: AuthMultiFactorSettings;
+}
+/** The additional user info component of the auth event context */
+export interface AdditionalUserInfo {
+    providerId: string;
+    profile?: any;
+    username?: string;
+    isNewUser: boolean;
+}
+/** The credential component of the auth event context */
+export interface Credential {
+    claims?: {
+        [key: string]: any;
+    };
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    expirationTime?: string;
+    secret?: string;
+    providerId: string;
+    signInMethod: string;
+}
+/** Defines the auth event context for blocking events */
+export interface AuthEventContext extends EventContext {
+    locale?: string;
+    ipAddress: string;
+    userAgent: string;
+    additionalUserInfo?: AdditionalUserInfo;
+    credential?: Credential;
+}
+/** The handler response type for beforeCreate blocking events */
+export interface BeforeCreateResponse {
+    displayName?: string;
+    disabled?: boolean;
+    emailVerified?: boolean;
+    photoURL?: string;
+    customClaims?: object;
+}
+/** The handler response type for beforeSignIn blocking events */
+export interface BeforeSignInResponse extends BeforeCreateResponse {
+    sessionClaims?: object;
+}