| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214 |
- /*! firebase-admin v12.1.1 */
- "use strict";
- /*!
- * @license
- * Copyright 2021 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- Object.defineProperty(exports, "__esModule", { value: true });
- exports.FirebaseAppCheckError = exports.APP_CHECK_ERROR_CODE_MAPPING = exports.AppCheckApiClient = void 0;
- const api_request_1 = require("../utils/api-request");
- const error_1 = require("../utils/error");
- const utils = require("../utils/index");
- const validator = require("../utils/validator");
- // App Check backend constants
- const FIREBASE_APP_CHECK_V1_API_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1/projects/{projectId}/apps/{appId}:exchangeCustomToken';
- const ONE_TIME_USE_TOKEN_VERIFICATION_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1beta/projects/{projectId}:verifyAppCheckToken';
- const FIREBASE_APP_CHECK_CONFIG_HEADERS = {
- 'X-Firebase-Client': `fire-admin-node/${utils.getSdkVersion()}`
- };
- /**
- * Class that facilitates sending requests to the Firebase App Check backend API.
- *
- * @internal
- */
- class AppCheckApiClient {
- constructor(app) {
- this.app = app;
- if (!validator.isNonNullObject(app) || !('options' in app)) {
- throw new FirebaseAppCheckError('invalid-argument', 'First argument passed to admin.appCheck() must be a valid Firebase app instance.');
- }
- this.httpClient = new api_request_1.AuthorizedHttpClient(app);
- }
- /**
- * Exchange a signed custom token to App Check token
- *
- * @param customToken - The custom token to be exchanged.
- * @param appId - The mobile App ID.
- * @returns A promise that fulfills with a `AppCheckToken`.
- */
- exchangeToken(customToken, appId) {
- if (!validator.isNonEmptyString(appId)) {
- throw new FirebaseAppCheckError('invalid-argument', '`appId` must be a non-empty string.');
- }
- if (!validator.isNonEmptyString(customToken)) {
- throw new FirebaseAppCheckError('invalid-argument', '`customToken` must be a non-empty string.');
- }
- return this.getUrl(appId)
- .then((url) => {
- const request = {
- method: 'POST',
- url,
- headers: FIREBASE_APP_CHECK_CONFIG_HEADERS,
- data: { customToken }
- };
- return this.httpClient.send(request);
- })
- .then((resp) => {
- return this.toAppCheckToken(resp);
- })
- .catch((err) => {
- throw this.toFirebaseError(err);
- });
- }
- verifyReplayProtection(token) {
- if (!validator.isNonEmptyString(token)) {
- throw new FirebaseAppCheckError('invalid-argument', '`token` must be a non-empty string.');
- }
- return this.getVerifyTokenUrl()
- .then((url) => {
- const request = {
- method: 'POST',
- url,
- headers: FIREBASE_APP_CHECK_CONFIG_HEADERS,
- data: { app_check_token: token }
- };
- return this.httpClient.send(request);
- })
- .then((resp) => {
- if (typeof resp.data.alreadyConsumed !== 'undefined'
- && !validator.isBoolean(resp.data?.alreadyConsumed)) {
- throw new FirebaseAppCheckError('invalid-argument', '`alreadyConsumed` must be a boolean value.');
- }
- return resp.data.alreadyConsumed || false;
- })
- .catch((err) => {
- throw this.toFirebaseError(err);
- });
- }
- getUrl(appId) {
- return this.getProjectId()
- .then((projectId) => {
- const urlParams = {
- projectId,
- appId,
- };
- const baseUrl = utils.formatString(FIREBASE_APP_CHECK_V1_API_URL_FORMAT, urlParams);
- return utils.formatString(baseUrl);
- });
- }
- getVerifyTokenUrl() {
- return this.getProjectId()
- .then((projectId) => {
- const urlParams = {
- projectId
- };
- const baseUrl = utils.formatString(ONE_TIME_USE_TOKEN_VERIFICATION_URL_FORMAT, urlParams);
- return utils.formatString(baseUrl);
- });
- }
- getProjectId() {
- if (this.projectId) {
- return Promise.resolve(this.projectId);
- }
- return utils.findProjectId(this.app)
- .then((projectId) => {
- if (!validator.isNonEmptyString(projectId)) {
- throw new FirebaseAppCheckError('unknown-error', 'Failed to determine project ID. Initialize the '
- + 'SDK with service account credentials or set project ID as an app option. '
- + 'Alternatively, set the GOOGLE_CLOUD_PROJECT environment variable.');
- }
- this.projectId = projectId;
- return projectId;
- });
- }
- toFirebaseError(err) {
- if (err instanceof error_1.PrefixedFirebaseError) {
- return err;
- }
- const response = err.response;
- if (!response.isJson()) {
- return new FirebaseAppCheckError('unknown-error', `Unexpected response with status: ${response.status} and body: ${response.text}`);
- }
- const error = response.data.error || {};
- let code = 'unknown-error';
- if (error.status && error.status in exports.APP_CHECK_ERROR_CODE_MAPPING) {
- code = exports.APP_CHECK_ERROR_CODE_MAPPING[error.status];
- }
- const message = error.message || `Unknown server error: ${response.text}`;
- return new FirebaseAppCheckError(code, message);
- }
- /**
- * Creates an AppCheckToken from the API response.
- *
- * @param resp - API response object.
- * @returns An AppCheckToken instance.
- */
- toAppCheckToken(resp) {
- const token = resp.data.token;
- // `ttl` is a string with the suffix "s" preceded by the number of seconds,
- // with nanoseconds expressed as fractional seconds.
- const ttlMillis = this.stringToMilliseconds(resp.data.ttl);
- return {
- token,
- ttlMillis
- };
- }
- /**
- * Converts a duration string with the suffix `s` to milliseconds.
- *
- * @param duration - The duration as a string with the suffix "s" preceded by the
- * number of seconds, with fractional seconds. For example, 3 seconds with 0 nanoseconds
- * is expressed as "3s", while 3 seconds and 1 nanosecond is expressed as "3.000000001s",
- * and 3 seconds and 1 microsecond is expressed as "3.000001s".
- *
- * @returns The duration in milliseconds.
- */
- stringToMilliseconds(duration) {
- if (!validator.isNonEmptyString(duration) || !duration.endsWith('s')) {
- throw new FirebaseAppCheckError('invalid-argument', '`ttl` must be a valid duration string with the suffix `s`.');
- }
- const seconds = duration.slice(0, -1);
- return Math.floor(Number(seconds) * 1000);
- }
- }
- exports.AppCheckApiClient = AppCheckApiClient;
- exports.APP_CHECK_ERROR_CODE_MAPPING = {
- ABORTED: 'aborted',
- INVALID_ARGUMENT: 'invalid-argument',
- INVALID_CREDENTIAL: 'invalid-credential',
- INTERNAL: 'internal-error',
- PERMISSION_DENIED: 'permission-denied',
- UNAUTHENTICATED: 'unauthenticated',
- NOT_FOUND: 'not-found',
- UNKNOWN: 'unknown-error',
- };
- /**
- * Firebase App Check error code structure. This extends PrefixedFirebaseError.
- *
- * @param code - The error code.
- * @param message - The error message.
- * @constructor
- */
- class FirebaseAppCheckError extends error_1.PrefixedFirebaseError {
- constructor(code, message) {
- super('app-check', code, message);
- /* tslint:disable:max-line-length */
- // Set the prototype explicitly. See the following link for more details:
- // https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
- /* tslint:enable:max-line-length */
- this.__proto__ = FirebaseAppCheckError.prototype;
- }
- }
- exports.FirebaseAppCheckError = FirebaseAppCheckError;
|
