firebase-functions 6.1.1 → 6.2.0

package/lib/common/providers/https.d.ts

@@ -84,14 +84,32 @@ export interface CallableRequest<T = any> {
      * The raw request handled by the callable.
      */
     rawRequest: Request;
+    /**
+     * Whether this is a streaming request.
+     * Code can be optimized by not trying to generate a stream of chunks to
+     * call response.sendChunk on if request.acceptsStreaming is false.
+     * It is always safe, however, to call response.sendChunk as this will
+     * noop if acceptsStreaming is false.
+     */
+    acceptsStreaming: boolean;
 }
 /**
- * CallableProxyResponse exposes subset of express.Response object
- * to allow writing partial, streaming responses back to the client.
+ * CallableProxyResponse allows streaming response chunks and listening to signals
+ * triggered in events such as a disconnect.
  */
-export interface CallableProxyResponse {
-    write: express.Response["write"];
-    acceptsStreaming: boolean;
+export interface CallableResponse<T = unknown> {
+    /**
+     * Writes a chunk of the response body to the client. This method can be called
+     * multiple times to stream data progressively.
+     * Returns a promise of whether the data was written. This can be false, for example,
+     * if the request was not a streaming request. Rejects if there is a network error.
+     */
+    sendChunk: (chunk: T) => Promise<boolean>;
+    /**
+     * An AbortSignal that is triggered when the client disconnects or the
+     * request is terminated prematurely.
+     */
+    signal: AbortSignal;
 }
 /**
  * The set of Firebase Functions status codes. The codes are the same at the

package/lib/common/providers/https.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onCallHandler = exports.checkAuthToken = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.unsafeDecodeToken = exports.decode = exports.encode = exports.isValidRequest = exports.HttpsError = exports.ORIGINAL_AUTH_HEADER = exports.CALLABLE_AUTH_HEADER = void 0;
+exports.onCallHandler = exports.checkAuthToken = exports.unsafeDecodeAppCheckToken = exports.unsafeDecodeIdToken = exports.unsafeDecodeToken = exports.decode = exports.encode = exports.isValidRequest = exports.HttpsError = exports.DEFAULT_HEARTBEAT_SECONDS = exports.ORIGINAL_AUTH_HEADER = exports.CALLABLE_AUTH_HEADER = void 0;
 const cors = require("cors");
 const logger = require("../../logger");
 // TODO(inlined): Decide whether we want to un-version apps or whether we want a
@@ -35,6 +35,8 @@ const JWT_REGEX = /^[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?\.([a-zA-Z0-9\-_=]+)?$/;
 exports.CALLABLE_AUTH_HEADER = "x-callable-context-auth";
 /** @internal */
 exports.ORIGINAL_AUTH_HEADER = "x-original-auth";
+/** @internal */
+exports.DEFAULT_HEARTBEAT_SECONDS = 30;
 /**
  * Standard error codes and HTTP statuses for different ways a request can fail,
  * as defined by:
@@ -281,13 +283,9 @@ async function checkTokens(req, ctx, options) {
         app: "INVALID",
         auth: "INVALID",
     };
-    await Promise.all([
-        Promise.resolve().then(async () => {
-            verifications.auth = await checkAuthToken(req, ctx);
-        }),
-        Promise.resolve().then(async () => {
-            verifications.app = await checkAppCheckToken(req, ctx, options);
-        }),
+    [verifications.auth, verifications.app] = await Promise.all([
+        checkAuthToken(req, ctx),
+        checkAppCheckToken(req, ctx, options),
     ]);
     const logPayload = {
         verifications,
@@ -403,6 +401,31 @@ function encodeSSE(data) {
 /** @internal */
 function wrapOnCallHandler(options, handler, version) {
     return async (req, res) => {
+        var _a;
+        const abortController = new AbortController();
+        let heartbeatInterval = null;
+        const heartbeatSeconds = options.heartbeatSeconds === undefined ? exports.DEFAULT_HEARTBEAT_SECONDS : options.heartbeatSeconds;
+        const clearScheduledHeartbeat = () => {
+            if (heartbeatInterval) {
+                clearTimeout(heartbeatInterval);
+                heartbeatInterval = null;
+            }
+        };
+        const scheduleHeartbeat = () => {
+            clearScheduledHeartbeat();
+            if (!abortController.signal.aborted) {
+                heartbeatInterval = setTimeout(() => {
+                    if (!abortController.signal.aborted) {
+                        res.write(": ping\n");
+                        scheduleHeartbeat();
+                    }
+                }, heartbeatSeconds * 1000);
+            }
+        };
+        res.on("close", () => {
+            clearScheduledHeartbeat();
+            abortController.abort();
+        });
         try {
             if (!isValidRequest(req)) {
                 logger.error("Invalid request, unable to process.");
@@ -461,6 +484,12 @@ function wrapOnCallHandler(options, handler, version) {
                 throw new HttpsError("invalid-argument", "Unsupported Accept header 'text/event-stream'");
             }
             const data = decode(req.body.data);
+            if (options.authPolicy) {
+                const authorized = await options.authPolicy((_a = context.auth) !== null && _a !== void 0 ? _a : null, data);
+                if (!authorized) {
+                    throw new HttpsError("permission-denied", "Permission Denied");
+                }
+            }
             let result;
             if (version === "gcfv1") {
                 result = await handler(data, context);
@@ -469,53 +498,92 @@ function wrapOnCallHandler(options, handler, version) {
                 const arg = {
                     ...context,
                     data,
+                    acceptsStreaming,
                 };
-                // TODO: set up optional heartbeat
                 const responseProxy = {
-                    write(chunk) {
-                        if (acceptsStreaming) {
-                            const formattedData = encodeSSE({ message: chunk });
-                            return res.write(formattedData);
-                        }
+                    sendChunk(chunk) {
                         // if client doesn't accept sse-protocol, response.write() is no-op.
+                        if (!acceptsStreaming) {
+                            return Promise.resolve(false);
+                        }
+                        // if connection is already closed, response.write() is no-op.
+                        if (abortController.signal.aborted) {
+                            return Promise.resolve(false);
+                        }
+                        const formattedData = encodeSSE({ message: chunk });
+                        let resolve;
+                        let reject;
+                        const p = new Promise((res, rej) => {
+                            resolve = res;
+                            reject = rej;
+                        });
+                        const wrote = res.write(formattedData, (error) => {
+                            if (error) {
+                                reject(error);
+                                return;
+                            }
+                            resolve(wrote);
+                        });
+                        // Reset heartbeat timer after successful write
+                        if (wrote && heartbeatInterval !== null && heartbeatSeconds > 0) {
+                            scheduleHeartbeat();
+                        }
+                        return p;
                     },
-                    acceptsStreaming,
+                    signal: abortController.signal,
                 };
                 if (acceptsStreaming) {
                     // SSE always responds with 200
                     res.status(200);
+                    if (heartbeatSeconds !== null && heartbeatSeconds > 0) {
+                        scheduleHeartbeat();
+                    }
                 }
                 // For some reason the type system isn't picking up that the handler
                 // is a one argument function.
                 result = await handler(arg, responseProxy);
+                clearScheduledHeartbeat();
             }
-            // Encode the result as JSON to preserve types like Dates.
-            result = encode(result);
-            // If there was some result, encode it in the body.
-            const responseBody = { result };
-            if (acceptsStreaming) {
-                res.write(encodeSSE(responseBody));
-                res.end();
+            if (!abortController.signal.aborted) {
+                // Encode the result as JSON to preserve types like Dates.
+                result = encode(result);
+                // If there was some result, encode it in the body.
+                const responseBody = { result };
+                if (acceptsStreaming) {
+                    res.write(encodeSSE(responseBody));
+                    res.end();
+                }
+                else {
+                    res.status(200).send(responseBody);
+                }
             }
             else {
-                res.status(200).send(responseBody);
+                res.end();
             }
         }
         catch (err) {
-            let httpErr = err;
-            if (!(err instanceof HttpsError)) {
-                // This doesn't count as an 'explicit' error.
-                logger.error("Unhandled error", err);
-                httpErr = new HttpsError("internal", "INTERNAL");
-            }
-            const { status } = httpErr.httpErrorCode;
-            const body = { error: httpErr.toJSON() };
-            if (version === "gcfv2" && req.header("accept") === "text/event-stream") {
-                res.send(encodeSSE(body));
+            if (!abortController.signal.aborted) {
+                let httpErr = err;
+                if (!(err instanceof HttpsError)) {
+                    // This doesn't count as an 'explicit' error.
+                    logger.error("Unhandled error", err);
+                    httpErr = new HttpsError("internal", "INTERNAL");
+                }
+                const { status } = httpErr.httpErrorCode;
+                const body = { error: httpErr.toJSON() };
+                if (version === "gcfv2" && req.header("accept") === "text/event-stream") {
+                    res.send(encodeSSE(body));
+                }
+                else {
+                    res.status(status).send(body);
+                }
             }
             else {
-                res.status(status).send(body);
+                res.end();
             }
         }
+        finally {
+            clearScheduledHeartbeat();
+        }
     };
 }

package/lib/runtime/loader.js

@@ -40,8 +40,8 @@ async function loadModule(functionsDir) {
         return require(path.resolve(absolutePath));
     }
     catch (e) {
-        if (e.code === "ERR_REQUIRE_ESM") {
-            // This is an ESM package!
+        if (e.code === "ERR_REQUIRE_ESM" || e.code === "ERR_REQUIRE_ASYNC_MODULE") {
+            // This is an ESM package, or one containing top-level awaits!
             const modulePath = require.resolve(absolutePath);
             // Resolve module path to file:// URL. Required for windows support.
             const moduleURL = url.pathToFileURL(modulePath).href;

package/lib/v2/providers/https.d.ts

@@ -1,6 +1,6 @@
 import * as express from "express";
 import { ResetValue } from "../../common/options";
-import { CallableRequest, CallableProxyResponse, FunctionsErrorCode, HttpsError, Request } from "../../common/providers/https";
+import { CallableRequest, CallableResponse, FunctionsErrorCode, HttpsError, Request, AuthData } from "../../common/providers/https";
 import { ManifestEndpoint } from "../../runtime/manifest";
 import { GlobalOptions, SupportedRegion } from "../options";
 import { Expression } from "../../params";
@@ -101,7 +101,7 @@ export interface HttpsOptions extends Omit<GlobalOptions, "region" | "enforceApp
 /**
  * Options that can be set on a callable HTTPS function.
  */
-export interface CallableOptions extends HttpsOptions {
+export interface CallableOptions<T = any> extends HttpsOptions {
     /**
      * Determines whether Firebase AppCheck is enforced.
      * When true, requests with invalid tokens autorespond with a 401
@@ -132,7 +132,29 @@ export interface CallableOptions extends HttpsOptions {
      * further decisions, such as requiring additional security checks or rejecting the request.
      */
     consumeAppCheckToken?: boolean;
+    /**
+     * Time in seconds between sending heartbeat messages to keep the connection
+     * alive. Set to `null` to disable heartbeats.
+     *
+     * Defaults to 30 seconds.
+     */
+    heartbeatSeconds?: number | null;
+    /**
+     * Callback for whether a request is authorized.
+     *
+     * Designed to allow reusable auth policies to be passed as an options object. Two built-in reusable policies exist:
+     * isSignedIn and hasClaim.
+     */
+    authPolicy?: (auth: AuthData | null, data: T) => boolean | Promise<boolean>;
 }
+/**
+ * An auth policy that requires a user to be signed in.
+ */
+export declare const isSignedIn: () => (auth: AuthData | null) => boolean;
+/**
+ * An auth policy that requires a user to be both signed in and have a specific claim (optionally with a specific value)
+ */
+export declare const hasClaim: (claim: string, value?: string) => (auth: AuthData | null) => boolean;
 /**
  * Handles HTTPS requests.
  */
@@ -149,12 +171,16 @@ res: express.Response) => void | Promise<void>) & {
 /**
  * Creates a callable method for clients to call using a Firebase SDK.
  */
-export interface CallableFunction<T, Return> extends HttpsFunction {
+export interface CallableFunction<T, Return, Stream = unknown> extends HttpsFunction {
     /** Executes the handler function with the provided data as input. Used for unit testing.
      * @param data - An input for the handler function.
      * @returns The output of the handler function.
      */
-    run(data: CallableRequest<T>): Return;
+    run(request: CallableRequest<T>): Return;
+    stream(request: CallableRequest<T>, response: CallableResponse<Stream>): {
+        stream: AsyncIterator<Stream>;
+        output: Return;
+    };
 }
 /**
  * Handles HTTPS requests.
@@ -175,10 +201,10 @@ export declare function onRequest(handler: (request: Request, response: express.
  * @param handler - A function that takes a {@link https.CallableRequest}.
  * @returns A function that you can export and deploy.
  */
-export declare function onCall<T = any, Return = any | Promise<any>>(opts: CallableOptions, handler: (request: CallableRequest<T>, response?: CallableProxyResponse) => Return): CallableFunction<T, Return extends Promise<unknown> ? Return : Promise<Return>>;
+export declare function onCall<T = any, Return = any | Promise<any>, Stream = unknown>(opts: CallableOptions<T>, handler: (request: CallableRequest<T>, response?: CallableResponse<Stream>) => Return): CallableFunction<T, Return extends Promise<unknown> ? Return : Promise<Return>, Stream>;
 /**
  * Declares a callable method for clients to call using a Firebase SDK.
  * @param handler - A function that takes a {@link https.CallableRequest}.
  * @returns A function that you can export and deploy.
  */
-export declare function onCall<T = any, Return = any | Promise<any>>(handler: (request: CallableRequest<T>, response?: CallableProxyResponse) => Return): CallableFunction<T, Return extends Promise<unknown> ? Return : Promise<Return>>;
+export declare function onCall<T = any, Return = any | Promise<any>, Stream = unknown>(handler: (request: CallableRequest<T>, response?: CallableResponse<Stream>) => Return): CallableFunction<T, Return extends Promise<unknown> ? Return : Promise<Return>>;

package/lib/v2/providers/https.js

@@ -21,7 +21,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onCall = exports.onRequest = exports.HttpsError = void 0;
+exports.onCall = exports.onRequest = exports.hasClaim = exports.isSignedIn = exports.HttpsError = void 0;
 /**
  * Cloud functions to handle HTTPS request or callable RPCs.
  * @packageDocumentation
@@ -35,6 +35,24 @@ Object.defineProperty(exports, "HttpsError", { enumerable: true, get: function (
 const manifest_1 = require("../../runtime/manifest");
 const options = require("../options");
 const onInit_1 = require("../../common/onInit");
+/**
+ * An auth policy that requires a user to be signed in.
+ */
+const isSignedIn = () => (auth) => !!auth;
+exports.isSignedIn = isSignedIn;
+/**
+ * An auth policy that requires a user to be both signed in and have a specific claim (optionally with a specific value)
+ */
+const hasClaim = (claim, value) => (auth) => {
+    if (!auth) {
+        return false;
+    }
+    if (!(claim in auth.token)) {
+        return false;
+    }
+    return !value || auth.token[claim] === value;
+};
+exports.hasClaim = hasClaim;
 function onRequest(optsOrHandler, handler) {
     let opts;
     if (arguments.length === 1) {
@@ -131,11 +149,13 @@ function onCall(optsOrHandler, handler) {
         origin = origin[0];
     }
     // fix the length of handler to make the call to handler consistent
-    const fixedLen = (req, resp) => (0, onInit_1.withInit)(handler)(req, resp);
+    const fixedLen = (req, resp) => handler(req, resp);
     let func = (0, https_1.onCallHandler)({
         cors: { origin, methods: "POST" },
         enforceAppCheck: (_a = opts.enforceAppCheck) !== null && _a !== void 0 ? _a : options.getGlobalOptions().enforceAppCheck,
         consumeAppCheckToken: opts.consumeAppCheckToken,
+        heartbeatSeconds: opts.heartbeatSeconds,
+        authPolicy: opts.authPolicy,
     }, fixedLen, "gcfv2");
     func = (0, trace_1.wrapTraceContext)((0, onInit_1.withInit)(func));
     Object.defineProperty(func, "__trigger", {
@@ -174,7 +194,18 @@ function onCall(optsOrHandler, handler) {
         },
         callableTrigger: {},
     };
+    // TODO: in the next major version, do auth/appcheck in these helper methods too.
     func.run = (0, onInit_1.withInit)(handler);
+    func.stream = () => {
+        return {
+            stream: {
+                next() {
+                    return Promise.reject("Coming soon");
+                },
+            },
+            output: Promise.reject("Coming soon"),
+        };
+    };
     return func;
 }
 exports.onCall = onCall;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-functions",
-  "version": "6.1.1",
+  "version": "6.2.0",
   "description": "Firebase SDK for Cloud Functions",
   "keywords": [
     "firebase",
@@ -287,7 +287,7 @@
     "@types/nock": "^10.0.3",
     "@types/node": "^14.18.24",
     "@types/node-fetch": "^3.0.3",
-    "@types/sinon": "^7.0.13",
+    "@types/sinon": "^9.0.11",
     "@typescript-eslint/eslint-plugin": "^5.33.1",
     "@typescript-eslint/parser": "^5.33.1",
     "api-extractor-model-me": "^0.1.1",
@@ -313,7 +313,7 @@
     "prettier": "^2.7.1",
     "protobufjs-cli": "^1.1.1",
     "semver": "^7.3.5",
-    "sinon": "^7.3.2",
+    "sinon": "^9.2.4",
     "ts-node": "^10.4.0",
     "typescript": "^4.3.5",
     "yargs": "^15.3.1"