1 |
|
2 | "use strict";
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
|
16 |
|
17 |
|
18 |
|
19 | var __extends = (this && this.__extends) || (function () {
|
20 | var extendStatics = function (d, b) {
|
21 | extendStatics = Object.setPrototypeOf ||
|
22 | ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
|
23 | function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
|
24 | return extendStatics(d, b);
|
25 | };
|
26 | return function (d, b) {
|
27 | extendStatics(d, b);
|
28 | function __() { this.constructor = d; }
|
29 | d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
|
30 | };
|
31 | })();
|
32 | Object.defineProperty(exports, "__esModule", { value: true });
|
33 | exports.FirebaseAppCheckError = exports.APP_CHECK_ERROR_CODE_MAPPING = exports.AppCheckApiClient = void 0;
|
34 | var api_request_1 = require("../utils/api-request");
|
35 | var error_1 = require("../utils/error");
|
36 | var utils = require("../utils/index");
|
37 | var validator = require("../utils/validator");
|
38 |
|
39 | var FIREBASE_APP_CHECK_V1_API_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1beta/projects/{projectId}/apps/{appId}:exchangeCustomToken';
|
40 | var FIREBASE_APP_CHECK_CONFIG_HEADERS = {
|
41 | 'X-Firebase-Client': "fire-admin-node/" + utils.getSdkVersion()
|
42 | };
|
43 |
|
44 |
|
45 |
|
46 |
|
47 |
|
48 | var AppCheckApiClient = (function () {
|
49 | function AppCheckApiClient(app) {
|
50 | this.app = app;
|
51 | if (!validator.isNonNullObject(app) || !('options' in app)) {
|
52 | throw new FirebaseAppCheckError('invalid-argument', 'First argument passed to admin.appCheck() must be a valid Firebase app instance.');
|
53 | }
|
54 | this.httpClient = new api_request_1.AuthorizedHttpClient(app);
|
55 | }
|
56 | |
57 |
|
58 |
|
59 |
|
60 |
|
61 |
|
62 |
|
63 | AppCheckApiClient.prototype.exchangeToken = function (customToken, appId) {
|
64 | var _this = this;
|
65 | if (!validator.isNonEmptyString(appId)) {
|
66 | throw new FirebaseAppCheckError('invalid-argument', '`appId` must be a non-empty string.');
|
67 | }
|
68 | if (!validator.isNonEmptyString(customToken)) {
|
69 | throw new FirebaseAppCheckError('invalid-argument', '`customToken` must be a non-empty string.');
|
70 | }
|
71 | return this.getUrl(appId)
|
72 | .then(function (url) {
|
73 | var request = {
|
74 | method: 'POST',
|
75 | url: url,
|
76 | headers: FIREBASE_APP_CHECK_CONFIG_HEADERS,
|
77 | data: { customToken: customToken }
|
78 | };
|
79 | return _this.httpClient.send(request);
|
80 | })
|
81 | .then(function (resp) {
|
82 | return _this.toAppCheckToken(resp);
|
83 | })
|
84 | .catch(function (err) {
|
85 | throw _this.toFirebaseError(err);
|
86 | });
|
87 | };
|
88 | AppCheckApiClient.prototype.getUrl = function (appId) {
|
89 | return this.getProjectId()
|
90 | .then(function (projectId) {
|
91 | var urlParams = {
|
92 | projectId: projectId,
|
93 | appId: appId,
|
94 | };
|
95 | var baseUrl = utils.formatString(FIREBASE_APP_CHECK_V1_API_URL_FORMAT, urlParams);
|
96 | return utils.formatString(baseUrl);
|
97 | });
|
98 | };
|
99 | AppCheckApiClient.prototype.getProjectId = function () {
|
100 | var _this = this;
|
101 | if (this.projectId) {
|
102 | return Promise.resolve(this.projectId);
|
103 | }
|
104 | return utils.findProjectId(this.app)
|
105 | .then(function (projectId) {
|
106 | if (!validator.isNonEmptyString(projectId)) {
|
107 | throw new FirebaseAppCheckError('unknown-error', 'Failed to determine project ID. Initialize the '
|
108 | + 'SDK with service account credentials or set project ID as an app option. '
|
109 | + 'Alternatively, set the GOOGLE_CLOUD_PROJECT environment variable.');
|
110 | }
|
111 | _this.projectId = projectId;
|
112 | return projectId;
|
113 | });
|
114 | };
|
115 | AppCheckApiClient.prototype.toFirebaseError = function (err) {
|
116 | if (err instanceof error_1.PrefixedFirebaseError) {
|
117 | return err;
|
118 | }
|
119 | var response = err.response;
|
120 | if (!response.isJson()) {
|
121 | return new FirebaseAppCheckError('unknown-error', "Unexpected response with status: " + response.status + " and body: " + response.text);
|
122 | }
|
123 | var error = response.data.error || {};
|
124 | var code = 'unknown-error';
|
125 | if (error.status && error.status in exports.APP_CHECK_ERROR_CODE_MAPPING) {
|
126 | code = exports.APP_CHECK_ERROR_CODE_MAPPING[error.status];
|
127 | }
|
128 | var message = error.message || "Unknown server error: " + response.text;
|
129 | return new FirebaseAppCheckError(code, message);
|
130 | };
|
131 | |
132 |
|
133 |
|
134 |
|
135 |
|
136 |
|
137 | AppCheckApiClient.prototype.toAppCheckToken = function (resp) {
|
138 | var token = resp.data.attestationToken;
|
139 |
|
140 |
|
141 | var ttlMillis = this.stringToMilliseconds(resp.data.ttl);
|
142 | return {
|
143 | token: token,
|
144 | ttlMillis: ttlMillis
|
145 | };
|
146 | };
|
147 | |
148 |
|
149 |
|
150 |
|
151 |
|
152 |
|
153 |
|
154 |
|
155 |
|
156 |
|
157 | AppCheckApiClient.prototype.stringToMilliseconds = function (duration) {
|
158 | if (!validator.isNonEmptyString(duration) || !duration.endsWith('s')) {
|
159 | throw new FirebaseAppCheckError('invalid-argument', '`ttl` must be a valid duration string with the suffix `s`.');
|
160 | }
|
161 | var seconds = duration.slice(0, -1);
|
162 | return Math.floor(Number(seconds) * 1000);
|
163 | };
|
164 | return AppCheckApiClient;
|
165 | }());
|
166 | exports.AppCheckApiClient = AppCheckApiClient;
|
167 | exports.APP_CHECK_ERROR_CODE_MAPPING = {
|
168 | ABORTED: 'aborted',
|
169 | INVALID_ARGUMENT: 'invalid-argument',
|
170 | INVALID_CREDENTIAL: 'invalid-credential',
|
171 | INTERNAL: 'internal-error',
|
172 | PERMISSION_DENIED: 'permission-denied',
|
173 | UNAUTHENTICATED: 'unauthenticated',
|
174 | NOT_FOUND: 'not-found',
|
175 | UNKNOWN: 'unknown-error',
|
176 | };
|
177 |
|
178 |
|
179 |
|
180 |
|
181 |
|
182 |
|
183 |
|
184 | var FirebaseAppCheckError = (function (_super) {
|
185 | __extends(FirebaseAppCheckError, _super);
|
186 | function FirebaseAppCheckError(code, message) {
|
187 | var _this = _super.call(this, 'app-check', code, message) || this;
|
188 |
|
189 |
|
190 |
|
191 |
|
192 | _this.__proto__ = FirebaseAppCheckError.prototype;
|
193 | return _this;
|
194 | }
|
195 | return FirebaseAppCheckError;
|
196 | }(error_1.PrefixedFirebaseError));
|
197 | exports.FirebaseAppCheckError = FirebaseAppCheckError;
|