firebase-functions 3.24.0 → 4.0.0-rc.0

package/lib/common/providers/identity.js

@@ -22,32 +22,33 @@
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.wrapHandler = exports.getUpdateMask = exports.validateAuthResponse = exports.parseAuthEventContext = exports.parseAuthUserRecord = exports.parseMultiFactor = exports.parseDate = exports.parseProviderData = exports.parseMetadata = exports.isValidRequest = exports.userRecordConstructor = exports.UserRecordMetadata = exports.HttpsError = void 0;
-const __1 = require("../..");
-const apps_1 = require("../../apps");
+const auth = require("firebase-admin/auth");
+const logger = require("../../logger");
+const app_1 = require("../app");
 const debug_1 = require("../debug");
 const https_1 = require("./https");
 Object.defineProperty(exports, "HttpsError", { enumerable: true, get: function () { return https_1.HttpsError; } });
 const DISALLOWED_CUSTOM_CLAIMS = [
-    'acr',
-    'amr',
-    'at_hash',
-    'aud',
-    'auth_time',
-    'azp',
-    'cnf',
-    'c_hash',
-    'exp',
-    'iat',
-    'iss',
-    'jti',
-    'nbf',
-    'nonce',
-    'firebase',
+    "acr",
+    "amr",
+    "at_hash",
+    "aud",
+    "auth_time",
+    "azp",
+    "cnf",
+    "c_hash",
+    "exp",
+    "iat",
+    "iss",
+    "jti",
+    "nbf",
+    "nonce",
+    "firebase",
 ];
 const CLAIMS_MAX_PAYLOAD_SIZE = 1000;
 const EVENT_MAPPING = {
-    beforeCreate: 'providers/cloud.auth/eventTypes/user.beforeCreate',
-    beforeSignIn: 'providers/cloud.auth/eventTypes/user.beforeSignIn',
+    beforeCreate: "providers/cloud.auth/eventTypes/user.beforeCreate",
+    beforeSignIn: "providers/cloud.auth/eventTypes/user.beforeSignIn",
 };
 /**
  * Helper class to create the user metadata in a UserRecord object
@@ -126,17 +127,17 @@ exports.userRecordConstructor = userRecordConstructor;
  */
 function isValidRequest(req) {
     var _a, _b;
-    if (req.method !== 'POST') {
-        __1.logger.warn(`Request has invalid method "${req.method}".`);
+    if (req.method !== "POST") {
+        logger.warn(`Request has invalid method "${req.method}".`);
         return false;
     }
-    const contentType = (req.header('Content-Type') || '').toLowerCase();
-    if (!contentType.includes('application/json')) {
-        __1.logger.warn('Request has invalid header Content-Type.');
+    const contentType = (req.header("Content-Type") || "").toLowerCase();
+    if (!contentType.includes("application/json")) {
+        logger.warn("Request has invalid header Content-Type.");
         return false;
     }
     if (!((_b = (_a = req.body) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.jwt)) {
-        __1.logger.warn('Request has an invalid body.');
+        logger.warn("Request has an invalid body.");
         return false;
     }
     return true;
@@ -205,7 +206,9 @@ function parseDate(tokensValidAfterTime) {
             return date.toUTCString();
         }
     }
-    catch (_a) { }
+    catch {
+        // ignore error
+    }
     return null;
 }
 exports.parseDate = parseDate;
@@ -220,16 +223,14 @@ function parseMultiFactor(multiFactor) {
     const parsedEnrolledFactors = [];
     for (const factor of multiFactor.enrolled_factors || []) {
         if (!factor.uid) {
-            throw new https_1.HttpsError('internal', 'INTERNAL ASSERT FAILED: Invalid multi-factor info response');
+            throw new https_1.HttpsError("internal", "INTERNAL ASSERT FAILED: Invalid multi-factor info response");
         }
         const enrollmentTime = factor.enrollment_time
             ? new Date(factor.enrollment_time).toUTCString()
             : null;
         parsedEnrolledFactors.push({
             uid: factor.uid,
-            factorId: factor.phone_number
-                ? factor.factor_id || 'phone'
-                : factor.factor_id,
+            factorId: factor.phone_number ? factor.factor_id || "phone" : factor.factor_id,
             displayName: factor.display_name,
             enrollmentTime,
             phoneNumber: factor.phone_number,
@@ -249,7 +250,7 @@ exports.parseMultiFactor = parseMultiFactor;
  */
 function parseAuthUserRecord(decodedJWTUserRecord) {
     if (!decodedJWTUserRecord.uid) {
-        throw new https_1.HttpsError('internal', 'INTERNAL ASSERT FAILED: Invalid user response');
+        throw new https_1.HttpsError("internal", "INTERNAL ASSERT FAILED: Invalid user response");
     }
     const disabled = decodedJWTUserRecord.disabled || false;
     const metadata = parseMetadata(decodedJWTUserRecord.metadata);
@@ -277,30 +278,29 @@ function parseAuthUserRecord(decodedJWTUserRecord) {
 exports.parseAuthUserRecord = parseAuthUserRecord;
 /** Helper to get the AdditionalUserInfo from the decoded jwt */
 function parseAdditionalUserInfo(decodedJWT) {
-    let profile, username;
+    let profile;
+    let username;
     if (decodedJWT.raw_user_info) {
         try {
             profile = JSON.parse(decodedJWT.raw_user_info);
         }
         catch (err) {
-            __1.logger.debug(`Parse Error: ${err.message}`);
+            logger.debug(`Parse Error: ${err.message}`);
         }
     }
     if (profile) {
-        if (decodedJWT.sign_in_method === 'github.com') {
+        if (decodedJWT.sign_in_method === "github.com") {
             username = profile.login;
         }
-        if (decodedJWT.sign_in_method === 'twitter.com') {
+        if (decodedJWT.sign_in_method === "twitter.com") {
             username = profile.screen_name;
         }
     }
     return {
-        providerId: decodedJWT.sign_in_method === 'emailLink'
-            ? 'password'
-            : decodedJWT.sign_in_method,
+        providerId: decodedJWT.sign_in_method === "emailLink" ? "password" : decodedJWT.sign_in_method,
         profile,
         username,
-        isNewUser: decodedJWT.event_type === 'beforeCreate' ? true : false,
+        isNewUser: decodedJWT.event_type === "beforeCreate" ? true : false,
     };
 }
 /** Helper to get the Credential from the decoded jwt */
@@ -320,9 +320,7 @@ function parseAuthCredential(decodedJWT, time) {
             ? new Date(time + decodedJWT.oauth_expires_in * 1000).toUTCString()
             : undefined,
         secret: decodedJWT.oauth_token_secret,
-        providerId: decodedJWT.sign_in_method === 'emailLink'
-            ? 'password'
-            : decodedJWT.sign_in_method,
+        providerId: decodedJWT.sign_in_method === "emailLink" ? "password" : decodedJWT.sign_in_method,
         signInMethod: decodedJWT.sign_in_method,
     };
 }
@@ -332,18 +330,18 @@ function parseAuthCredential(decodedJWT, time) {
  */
 function parseAuthEventContext(decodedJWT, projectId, time = new Date().getTime()) {
     const eventType = (EVENT_MAPPING[decodedJWT.event_type] || decodedJWT.event_type) +
-        (decodedJWT.sign_in_method ? `:${decodedJWT.sign_in_method}` : '');
+        (decodedJWT.sign_in_method ? `:${decodedJWT.sign_in_method}` : "");
     return {
         locale: decodedJWT.locale,
         ipAddress: decodedJWT.ip_address,
         userAgent: decodedJWT.user_agent,
         eventId: decodedJWT.event_id,
         eventType,
-        authType: !!decodedJWT.user_record ? 'USER' : 'UNAUTHENTICATED',
+        authType: decodedJWT.user_record ? "USER" : "UNAUTHENTICATED",
         resource: {
             // TODO(colerogers): figure out the correct service
-            service: 'identitytoolkit.googleapis.com',
-            name: !!decodedJWT.tenant_id
+            service: "identitytoolkit.googleapis.com",
+            name: decodedJWT.tenant_id
                 ? `projects/${projectId}/tenants/${decodedJWT.tenant_id}`
                 : `projects/${projectId}`,
         },
@@ -365,28 +363,27 @@ function validateAuthResponse(eventType, authRequest) {
     if (authRequest.customClaims) {
         const invalidClaims = DISALLOWED_CUSTOM_CLAIMS.filter((claim) => authRequest.customClaims.hasOwnProperty(claim));
         if (invalidClaims.length > 0) {
-            throw new https_1.HttpsError('invalid-argument', `The customClaims claims "${invalidClaims.join(',')}" are reserved and cannot be specified.`);
+            throw new https_1.HttpsError("invalid-argument", `The customClaims claims "${invalidClaims.join(",")}" are reserved and cannot be specified.`);
         }
         if (JSON.stringify(authRequest.customClaims).length > CLAIMS_MAX_PAYLOAD_SIZE) {
-            throw new https_1.HttpsError('invalid-argument', `The customClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
+            throw new https_1.HttpsError("invalid-argument", `The customClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
         }
     }
-    if (eventType === 'beforeSignIn' &&
-        authRequest.sessionClaims) {
+    if (eventType === "beforeSignIn" && authRequest.sessionClaims) {
         const invalidClaims = DISALLOWED_CUSTOM_CLAIMS.filter((claim) => authRequest.sessionClaims.hasOwnProperty(claim));
         if (invalidClaims.length > 0) {
-            throw new https_1.HttpsError('invalid-argument', `The sessionClaims claims "${invalidClaims.join(',')}" are reserved and cannot be specified.`);
+            throw new https_1.HttpsError("invalid-argument", `The sessionClaims claims "${invalidClaims.join(",")}" are reserved and cannot be specified.`);
         }
-        if (JSON.stringify(authRequest.sessionClaims)
-            .length > CLAIMS_MAX_PAYLOAD_SIZE) {
-            throw new https_1.HttpsError('invalid-argument', `The sessionClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
+        if (JSON.stringify(authRequest.sessionClaims).length >
+            CLAIMS_MAX_PAYLOAD_SIZE) {
+            throw new https_1.HttpsError("invalid-argument", `The sessionClaims payload should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters.`);
         }
         const combinedClaims = {
             ...authRequest.customClaims,
             ...authRequest.sessionClaims,
         };
         if (JSON.stringify(combinedClaims).length > CLAIMS_MAX_PAYLOAD_SIZE) {
-            throw new https_1.HttpsError('invalid-argument', `The customClaims and sessionClaims payloads should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters combined.`);
+            throw new https_1.HttpsError("invalid-argument", `The customClaims and sessionClaims payloads should not exceed ${CLAIMS_MAX_PAYLOAD_SIZE} characters combined.`);
         }
     }
 }
@@ -397,16 +394,15 @@ exports.validateAuthResponse = validateAuthResponse;
  */
 function getUpdateMask(authResponse) {
     if (!authResponse) {
-        return '';
+        return "";
     }
     const updateMask = [];
     for (const key in authResponse) {
-        if (authResponse.hasOwnProperty(key) &&
-            typeof authResponse[key] !== 'undefined') {
+        if (authResponse.hasOwnProperty(key) && typeof authResponse[key] !== "undefined") {
             updateMask.push(key);
         }
     }
-    return updateMask.join(',');
+    return updateMask.join(",");
 }
 exports.getUpdateMask = getUpdateMask;
 /** @internal */
@@ -415,28 +411,23 @@ function wrapHandler(eventType, handler) {
         try {
             const projectId = process.env.GCLOUD_PROJECT;
             if (!isValidRequest(req)) {
-                __1.logger.error('Invalid request, unable to process');
-                throw new https_1.HttpsError('invalid-argument', 'Bad Request');
+                logger.error("Invalid request, unable to process");
+                throw new https_1.HttpsError("invalid-argument", "Bad Request");
             }
-            if (!(0, apps_1.apps)().admin.auth()._verifyAuthBlockingToken) {
-                throw new Error('Cannot validate Auth Blocking token. Please update Firebase Admin SDK to >= v10.1.0');
+            if (!auth.getAuth((0, app_1.getApp)())._verifyAuthBlockingToken) {
+                throw new Error("Cannot validate Auth Blocking token. Please update Firebase Admin SDK to >= v10.1.0");
             }
-            const decodedPayload = (0, debug_1.isDebugFeatureEnabled)('skipTokenVerification')
+            const decodedPayload = (0, debug_1.isDebugFeatureEnabled)("skipTokenVerification")
                 ? unsafeDecodeAuthBlockingToken(req.body.data.jwt)
                 : handler.length === 2
-                    ? await (0, apps_1.apps)()
-                        .admin.auth()
-                        ._verifyAuthBlockingToken(req.body.data.jwt)
-                    : await (0, apps_1.apps)()
-                        .admin.auth()
-                        ._verifyAuthBlockingToken(req.body.data.jwt, 'run.app');
+                    ? await auth.getAuth((0, app_1.getApp)())._verifyAuthBlockingToken(req.body.data.jwt)
+                    : await auth.getAuth((0, app_1.getApp)())._verifyAuthBlockingToken(req.body.data.jwt, "run.app");
             const authUserRecord = parseAuthUserRecord(decodedPayload.user_record);
             const authEventContext = parseAuthEventContext(decodedPayload, projectId);
             let authResponse;
             if (handler.length === 2) {
                 authResponse =
-                    (await handler(authUserRecord, authEventContext)) ||
-                        undefined;
+                    (await handler(authUserRecord, authEventContext)) || undefined;
             }
             else {
                 authResponse =
@@ -456,18 +447,19 @@ function wrapHandler(eventType, handler) {
                     },
                 };
             res.status(200);
-            res.setHeader('Content-Type', 'application/json');
+            res.setHeader("Content-Type", "application/json");
             res.send(JSON.stringify(result));
         }
         catch (err) {
-            if (!(err instanceof https_1.HttpsError)) {
+            let httpErr = err;
+            if (!(httpErr instanceof https_1.HttpsError)) {
                 // This doesn't count as an 'explicit' error.
-                __1.logger.error('Unhandled error', err);
-                err = new https_1.HttpsError('internal', 'An unexpected error occurred.');
+                logger.error("Unhandled error", err);
+                httpErr = new https_1.HttpsError("internal", "An unexpected error occurred.");
             }
-            const { status } = err.httpErrorCode;
-            const body = { error: err.toJSON() };
-            res.setHeader('Content-Type', 'application/json');
+            const { status } = httpErr.httpErrorCode;
+            const body = { error: httpErr.toJSON() };
+            res.setHeader("Content-Type", "application/json");
             res.status(status).send(body);
         }
     };

package/lib/common/providers/tasks.d.ts

@@ -1,32 +1,33 @@
-import * as firebase from 'firebase-admin';
-import { Expression } from '../../v2/params';
+import { DecodedIdToken } from "firebase-admin/auth";
+import { Expression } from "../../params";
+import { ResetValue } from "../options";
 /** How a task should be retried in the event of a non-2xx return. */
 export interface RetryConfig {
     /**
      * Maximum number of times a request should be attempted.
      * If left unspecified, will default to 3.
      */
-    maxAttempts?: number | Expression<number> | null;
+    maxAttempts?: number | Expression<number> | ResetValue;
     /**
      * Maximum amount of time for retrying failed task.
      * If left unspecified will retry indefinitely.
      */
-    maxRetrySeconds?: number | Expression<number> | null;
+    maxRetrySeconds?: number | Expression<number> | ResetValue;
     /**
      * The maximum amount of time to wait between attempts.
      * If left unspecified will default to 1hr.
      */
-    maxBackoffSeconds?: number | Expression<number> | null;
+    maxBackoffSeconds?: number | Expression<number> | ResetValue;
     /**
      * The maximum number of times to double the backoff between
      * retries. If left unspecified will default to 16.
      */
-    maxDoublings?: number | Expression<number> | null;
+    maxDoublings?: number | Expression<number> | ResetValue;
     /**
      * The minimum time to wait between attempts. If left unspecified
      * will default to 100ms.
      */
-    minBackoffSeconds?: number | Expression<number> | null;
+    minBackoffSeconds?: number | Expression<number> | ResetValue;
 }
 /** How congestion control should be applied to the function. */
 export interface RateLimits {
@@ -34,17 +35,17 @@ export interface RateLimits {
      * The maximum number of requests that can be outstanding at a time.
      * If left unspecified, will default to 1000.
      */
-    maxConcurrentDispatches?: number | Expression<number> | null;
+    maxConcurrentDispatches?: number | Expression<number> | ResetValue;
     /**
      * The maximum number of requests that can be invoked per second.
      * If left unspecified, will default to 500.
      */
-    maxDispatchesPerSecond?: number | Expression<number> | null;
+    maxDispatchesPerSecond?: number | Expression<number> | ResetValue;
 }
 /** Metadata about the authorization used to invoke a function. */
 export interface AuthData {
     uid: string;
-    token: firebase.auth.DecodedIdToken;
+    token: DecodedIdToken;
 }
 /** Metadata about a call to a Task Queue function. */
 export interface TaskContext {

package/lib/common/providers/tasks.js

@@ -30,19 +30,19 @@ function onDispatchHandler(handler) {
         var _a;
         try {
             if (!https.isValidRequest(req)) {
-                logger.error('Invalid request, unable to process.');
-                throw new https.HttpsError('invalid-argument', 'Bad Request');
+                logger.error("Invalid request, unable to process.");
+                throw new https.HttpsError("invalid-argument", "Bad Request");
             }
             const context = {};
             if (!process.env.FUNCTIONS_EMULATOR) {
-                const authHeader = req.header('Authorization') || '';
+                const authHeader = req.header("Authorization") || "";
                 const token = (_a = authHeader.match(/^Bearer (.*)$/)) === null || _a === void 0 ? void 0 : _a[1];
                 // Note: this should never happen since task queue functions are guarded by IAM.
                 if (!token) {
-                    throw new https.HttpsError('unauthenticated', 'Unauthenticated');
+                    throw new https.HttpsError("unauthenticated", "Unauthenticated");
                 }
                 // We skip authenticating the token since tq functions are guarded by IAM.
-                const authToken = await https.unsafeDecodeIdToken(token);
+                const authToken = https.unsafeDecodeIdToken(token);
                 context.auth = {
                     uid: authToken.uid,
                     token: authToken,
@@ -64,13 +64,14 @@ function onDispatchHandler(handler) {
             res.status(204).end();
         }
         catch (err) {
+            let httpErr = err;
             if (!(err instanceof https.HttpsError)) {
                 // This doesn't count as an 'explicit' error.
-                logger.error('Unhandled error', err);
-                err = new https.HttpsError('internal', 'INTERNAL');
+                logger.error("Unhandled error", err);
+                httpErr = new https.HttpsError("internal", "INTERNAL");
             }
-            const { status } = err.httpErrorCode;
-            const body = { error: err.toJSON() };
+            const { status } = httpErr.httpErrorCode;
+            const body = { error: httpErr.toJSON() };
             res.status(status).send(body);
         }
     };