firebase-functions 3.20.0 → 3.21.1

package/lib/apps.js

@@ -103,7 +103,7 @@ exports.apps = apps;
             this._emulatedAdminApp = app;
         }
         get firebaseArgs() {
-            return _.assign({}, config_1.firebaseConfig(), {
+            return _.assign({}, (0, config_1.firebaseConfig)(), {
                 credential: firebase.credential.applicationDefault(),
             });
         }

package/lib/bin/firebase-functions.js

@@ -1,5 +1,26 @@
 #!/usr/bin/env node
 "use strict";
+// The MIT License (MIT)
+//
+// Copyright (c) 2022 Firebase
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
 const express = require("express");
 const loader_1 = require("../runtime/loader");
@@ -31,7 +52,7 @@ app.post('/__/quitquitquit', handleQuitquitquit);
 if (process.env.FUNCTIONS_CONTROL_API === 'true') {
     app.get('/__/functions.yaml', async (req, res) => {
         try {
-            const stack = await loader_1.loadStack(functionsDir);
+            const stack = await (0, loader_1.loadStack)(functionsDir);
             res.setHeader('content-type', 'text/yaml');
             res.send(JSON.stringify(stack));
         }

package/lib/cloud-functions.d.ts

@@ -173,42 +173,35 @@ export interface Resource {
     };
 }
 /**
- * @hidden
- * TriggerAnnotated is used internally by the firebase CLI to understand what
+ * TriggerAnnotion is used internally by the firebase CLI to understand what
  * type of Cloud Function to deploy.
  */
-export interface TriggerAnnotated {
-    __trigger: {
-        availableMemoryMb?: number;
-        eventTrigger?: {
-            eventType: string;
-            resource: string;
-            service: string;
-        };
-        failurePolicy?: FailurePolicy;
-        httpsTrigger?: {
-            invoker?: string[];
-        };
-        labels?: {
-            [key: string]: string;
-        };
-        regions?: string[];
-        schedule?: Schedule;
-        timeout?: Duration;
-        vpcConnector?: string;
-        vpcConnectorEgressSettings?: string;
-        serviceAccountEmail?: string;
-        ingressSettings?: string;
-        secrets?: string[];
+interface TriggerAnnotation {
+    availableMemoryMb?: number;
+    blockingTrigger?: {
+        eventType: string;
+        options?: Record<string, unknown>;
     };
-}
-/**
- * @hidden
- * EndpointAnnotated is used to generate the manifest that conforms to the container contract.
- */
-export interface EndpointAnnotated {
-    __endpoint: ManifestEndpoint;
-    __requiredAPIs?: ManifestRequiredAPI[];
+    eventTrigger?: {
+        eventType: string;
+        resource: string;
+        service: string;
+    };
+    failurePolicy?: FailurePolicy;
+    httpsTrigger?: {
+        invoker?: string[];
+    };
+    labels?: {
+        [key: string]: string;
+    };
+    regions?: string[];
+    schedule?: Schedule;
+    timeout?: Duration;
+    vpcConnector?: string;
+    vpcConnectorEgressSettings?: string;
+    serviceAccountEmail?: string;
+    ingressSettings?: string;
+    secrets?: string[];
 }
 /**
  * A Runnable has a `run` method which directly invokes the user-defined
@@ -226,7 +219,27 @@ export interface Runnable<T> {
  * [`Response`](https://expressjs.com/en/api.html#res) objects as its only
  * arguments.
  */
-export declare type HttpsFunction = TriggerAnnotated & EndpointAnnotated & ((req: Request, resp: Response) => void | Promise<void>);
+export interface HttpsFunction {
+    (req: Request, resp: Response): void | Promise<void>;
+    /** @alpha */
+    __trigger: TriggerAnnotation;
+    /** @alpha */
+    __endpoint: ManifestEndpoint;
+    /** @alpha */
+    __requiredAPIs?: ManifestRequiredAPI[];
+}
+/**
+ * The Cloud Function type for Blocking triggers.
+ */
+export interface BlockingFunction {
+    (req: Request, resp: Response): void | Promise<void>;
+    /** @alpha */
+    __trigger: TriggerAnnotation;
+    /** @alpha */
+    __endpoint: ManifestEndpoint;
+    /** @alpha */
+    __requiredAPIs?: ManifestRequiredAPI[];
+}
 /**
  * The Cloud Function type for all non-HTTPS triggers. This should be exported
  * from your JavaScript file to define a Cloud Function.
@@ -234,7 +247,15 @@ export declare type HttpsFunction = TriggerAnnotated & EndpointAnnotated & ((req
  * This type is a special JavaScript function which takes a templated
  * `Event` object as its only argument.
  */
-export declare type CloudFunction<T> = Runnable<T> & TriggerAnnotated & EndpointAnnotated & ((input: any, context?: any) => PromiseLike<any> | any);
+export interface CloudFunction<T> extends Runnable<T> {
+    (input: any, context?: any): PromiseLike<any> | any;
+    /** @alpha */
+    __trigger: TriggerAnnotation;
+    /** @alpha */
+    __endpoint: ManifestEndpoint;
+    /** @alpha */
+    __requiredAPIs?: ManifestRequiredAPI[];
+}
 /** @hidden */
 export interface MakeCloudFunctionArgs<EventData> {
     after?: (raw: Event) => void;

package/lib/cloud-functions.js

@@ -135,7 +135,7 @@ function makeCloudFunction({ after = () => { }, before = () => { }, contextOnlyH
             promise = handler(dataOrChange, context);
         }
         if (typeof promise === 'undefined') {
-            logger_1.warn('Function returned undefined, expected Promise or value');
+            (0, logger_1.warn)('Function returned undefined, expected Promise or value');
         }
         return Promise.resolve(promise)
             .then((result) => {
@@ -252,8 +252,8 @@ function _detectAuthType(event) {
 /** @hidden */
 function optionsToTrigger(options) {
     const trigger = {};
-    encoding_1.copyIfPresent(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels', 'secrets');
-    encoding_1.convertIfPresent(trigger, options, 'failurePolicy', 'failurePolicy', (policy) => {
+    (0, encoding_1.copyIfPresent)(trigger, options, 'regions', 'schedule', 'minInstances', 'maxInstances', 'ingressSettings', 'vpcConnectorEgressSettings', 'vpcConnector', 'labels', 'secrets');
+    (0, encoding_1.convertIfPresent)(trigger, options, 'failurePolicy', 'failurePolicy', (policy) => {
         if (policy === false) {
             return undefined;
         }
@@ -264,8 +264,8 @@ function optionsToTrigger(options) {
             return policy;
         }
     });
-    encoding_1.convertIfPresent(trigger, options, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
-    encoding_1.convertIfPresent(trigger, options, 'availableMemoryMb', 'memory', (mem) => {
+    (0, encoding_1.convertIfPresent)(trigger, options, 'timeout', 'timeoutSeconds', encoding_1.durationFromSeconds);
+    (0, encoding_1.convertIfPresent)(trigger, options, 'availableMemoryMb', 'memory', (mem) => {
         const memoryLookup = {
             '128MB': 128,
             '256MB': 256,
@@ -277,21 +277,21 @@ function optionsToTrigger(options) {
         };
         return memoryLookup[mem];
     });
-    encoding_1.convertIfPresent(trigger, options, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
+    (0, encoding_1.convertIfPresent)(trigger, options, 'serviceAccountEmail', 'serviceAccount', encoding_1.serviceAccountFromShorthand);
     return trigger;
 }
 exports.optionsToTrigger = optionsToTrigger;
 function optionsToEndpoint(options) {
     const endpoint = {};
-    encoding_1.copyIfPresent(endpoint, options, 'minInstances', 'maxInstances', 'ingressSettings', 'labels', 'timeoutSeconds');
-    encoding_1.convertIfPresent(endpoint, options, 'region', 'regions');
-    encoding_1.convertIfPresent(endpoint, options, 'serviceAccountEmail', 'serviceAccount', (sa) => sa);
-    encoding_1.convertIfPresent(endpoint, options, 'secretEnvironmentVariables', 'secrets', (secrets) => secrets.map((secret) => ({ secret, key: secret })));
+    (0, encoding_1.copyIfPresent)(endpoint, options, 'minInstances', 'maxInstances', 'ingressSettings', 'labels', 'timeoutSeconds');
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'region', 'regions');
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'serviceAccountEmail', 'serviceAccount', (sa) => sa);
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'secretEnvironmentVariables', 'secrets', (secrets) => secrets.map((secret) => ({ key: secret })));
     if (options === null || options === void 0 ? void 0 : options.vpcConnector) {
         endpoint.vpc = { connector: options.vpcConnector };
-        encoding_1.convertIfPresent(endpoint.vpc, options, 'egressSettings', 'vpcConnectorEgressSettings');
+        (0, encoding_1.convertIfPresent)(endpoint.vpc, options, 'egressSettings', 'vpcConnectorEgressSettings');
     }
-    encoding_1.convertIfPresent(endpoint, options, 'availableMemoryMb', 'memory', (mem) => {
+    (0, encoding_1.convertIfPresent)(endpoint, options, 'availableMemoryMb', 'memory', (mem) => {
         const memoryLookup = {
             '128MB': 128,
             '256MB': 256,

package/lib/common/encoding.js

@@ -1,5 +1,25 @@
 "use strict";
-// Copied from firebase-tools/src/gcp/proto
+// The MIT License (MIT)
+//
+// Copyright (c) 2021 Firebase
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.convertInvoker = exports.serviceAccountFromShorthand = exports.convertIfPresent = exports.copyIfPresent = exports.durationFromSeconds = void 0;
 /** Get a google.protobuf.Duration for a number of seconds. */

package/lib/common/providers/https.d.ts

@@ -4,6 +4,7 @@ import * as firebase from 'firebase-admin';
 import { TaskContext } from './tasks';
 /** @hidden */
 export interface Request extends express.Request {
+    /** The wire format representation of the request body. */
     rawBody: Buffer;
 }
 interface DecodedAppCheckToken {
@@ -114,37 +115,53 @@ export interface CallableRequest<T = any> {
  * https://github.com/grpc/grpc/blob/master/doc/statuscodes.md
  *
  * Possible values:
- * - 'cancelled': The operation was cancelled (typically by the caller).
- * - 'unknown': Unknown error or an error from a different error domain.
- * - 'invalid-argument': Client specified an invalid argument. Note that this
- *   differs from 'failed-precondition'. 'invalid-argument' indicates
+ *
+ * - `cancelled`: The operation was cancelled (typically by the caller).
+ *
+ * - `unknown`: Unknown error or an error from a different error domain.
+ *
+ * - `invalid-argument`: Client specified an invalid argument. Note that this
+ *   differs from `failed-precondition`. `invalid-argument` indicates
  *   arguments that are problematic regardless of the state of the system
  *   (e.g. an invalid field name).
- * - 'deadline-exceeded': Deadline expired before operation could complete.
+ *
+ * - `deadline-exceeded`: Deadline expired before operation could complete.
  *   For operations that change the state of the system, this error may be
  *   returned even if the operation has completed successfully. For example,
  *   a successful response from a server could have been delayed long enough
  *   for the deadline to expire.
- * - 'not-found': Some requested document was not found.
- * - 'already-exists': Some document that we attempted to create already
+ *
+ * - `not-found`: Some requested document was not found.
+ *
+ * - `already-exists`: Some document that we attempted to create already
  *   exists.
- * - 'permission-denied': The caller does not have permission to execute the
+ *
+ * - `permission-denied`: The caller does not have permission to execute the
  *   specified operation.
- * - 'resource-exhausted': Some resource has been exhausted, perhaps a
+ *
+ * - `resource-exhausted`: Some resource has been exhausted, perhaps a
  *   per-user quota, or perhaps the entire file system is out of space.
- * - 'failed-precondition': Operation was rejected because the system is not
+ *
+ * - `failed-precondition`: Operation was rejected because the system is not
  *   in a state required for the operation's execution.
- * - 'aborted': The operation was aborted, typically due to a concurrency
+ *
+ * - `aborted`: The operation was aborted, typically due to a concurrency
  *   issue like transaction aborts, etc.
- * - 'out-of-range': Operation was attempted past the valid range.
- * - 'unimplemented': Operation is not implemented or not supported/enabled.
- * - 'internal': Internal errors. Means some invariants expected by
+ *
+ * - `out-of-range`: Operation was attempted past the valid range.
+ *
+ * - `unimplemented`: Operation is not implemented or not supported/enabled.
+ *
+ * - `internal`: Internal errors. Means some invariants expected by
  *   underlying system has been broken. If you see one of these errors,
  *   something is very broken.
- * - 'unavailable': The service is currently unavailable. This is most likely
+ *
+ * - `unavailable`: The service is currently unavailable. This is most likely
  *   a transient condition and may be corrected by retrying with a backoff.
- * - 'data-loss': Unrecoverable data loss or corruption.
- * - 'unauthenticated': The request does not have valid authentication
+ *
+ * - `data-loss`: Unrecoverable data loss or corruption.
+ *
+ * - `unauthenticated`: The request does not have valid authentication
  *   credentials for the operation.
  */
 export declare type FunctionsErrorCode = 'ok' | 'cancelled' | 'unknown' | 'invalid-argument' | 'deadline-exceeded' | 'not-found' | 'already-exists' | 'permission-denied' | 'resource-exhausted' | 'failed-precondition' | 'aborted' | 'out-of-range' | 'unimplemented' | 'internal' | 'unavailable' | 'data-loss' | 'unauthenticated';
@@ -182,6 +199,9 @@ export declare class HttpsError extends Error {
      */
     readonly httpErrorCode: HttpErrorCode;
     constructor(code: FunctionsErrorCode, message: string, details?: unknown);
+    /**
+     * Returns a JSON-serializable representation of this object.
+     */
     toJSON(): HttpErrorWireFormat;
 }
 /** @hidden */

package/lib/common/providers/https.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onCallHandler = exports.checkAuthToken = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.decode = exports.encode = exports.isValidRequest = exports.HttpsError = void 0;
+exports.onCallHandler = exports.checkAuthToken = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.unsafeDecodeToken = exports.decode = exports.encode = exports.isValidRequest = exports.HttpsError = void 0;
 const cors = require("cors");
 const logger = require("../../logger");
 // TODO(inlined): Decide whether we want to un-version apps or whether we want a
@@ -72,6 +72,9 @@ class HttpsError extends Error {
         this.details = details;
         this.httpErrorCode = errorCodeMap[code];
     }
+    /**
+     * Returns a JSON-serializable representation of this object.
+     */
     toJSON() {
         const { details, httpErrorCode: { canonicalName: status }, message, } = this;
         return {
@@ -209,6 +212,7 @@ function decode(data) {
     return data;
 }
 exports.decode = decode;
+/** @internal */
 function unsafeDecodeToken(token) {
     if (!JWT_REGEX.test(token)) {
         return {};
@@ -228,6 +232,7 @@ function unsafeDecodeToken(token) {
     }
     return payload;
 }
+exports.unsafeDecodeToken = unsafeDecodeToken;
 /**
  * Decode, but not verify, a Auth ID token.
  *
@@ -310,11 +315,11 @@ async function checkAuthToken(req, ctx) {
         const idToken = match[1];
         try {
             let authToken;
-            if (debug_1.isDebugFeatureEnabled('skipTokenVerification')) {
+            if ((0, debug_1.isDebugFeatureEnabled)('skipTokenVerification')) {
                 authToken = unsafeDecodeIdToken(idToken);
             }
             else {
-                authToken = await apps_1.apps()
+                authToken = await (0, apps_1.apps)()
                     .admin.auth()
                     .verifyIdToken(idToken);
             }
@@ -338,16 +343,16 @@ async function checkAppCheckToken(req, ctx) {
         return 'MISSING';
     }
     try {
-        if (!apps_1.apps().admin.appCheck) {
+        if (!(0, apps_1.apps)().admin.appCheck) {
             throw new Error('Cannot validate AppCheck token. Please update Firebase Admin SDK to >= v9.8.0');
         }
         let appCheckData;
-        if (debug_1.isDebugFeatureEnabled('skipTokenVerification')) {
+        if ((0, debug_1.isDebugFeatureEnabled)('skipTokenVerification')) {
             const decodedToken = unsafeDecodeAppCheckToken(appCheck);
             appCheckData = { appId: decodedToken.app_id, token: decodedToken };
         }
         else {
-            appCheckData = await apps_1.apps()
+            appCheckData = await (0, apps_1.apps)()
                 .admin.appCheck()
                 .verifyToken(appCheck);
         }

package/lib/common/providers/identity.d.ts

@@ -1,7 +1,13 @@
 import * as firebase from 'firebase-admin';
-import { HttpsError } from './https';
 import { EventContext } from '../../cloud-functions';
+import { HttpsError } from './https';
 export { HttpsError };
+/**
+ * Shorthand auth blocking events from GCIP.
+ * @hidden
+ * @alpha
+ */
+export declare type AuthBlockingEventType = 'beforeCreate' | 'beforeSignIn';
 /**
  * The UserRecord passed to Cloud Functions is the same UserRecord that is returned by the Firebase Admin
  * SDK.
@@ -198,6 +204,10 @@ export interface AuthEventContext extends EventContext {
     additionalUserInfo?: AdditionalUserInfo;
     credential?: Credential;
 }
+/** Defines the auth event for v2 blocking events */
+export interface AuthBlockingEvent extends AuthEventContext {
+    data: AuthUserRecord;
+}
 /** The handler response type for beforeCreate blocking events */
 export interface BeforeCreateResponse {
     displayName?: string;