UNPKG

firebase-admin/lib/security-rules/security-rules-api-client-internal.js

Version:

9.88 kBJavaScriptView Raw

1/*! firebase-admin v10.0.0 */
2"use strict";
3/*!
* Copyright 2019 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*   http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
18Object.defineProperty(exports, "__esModule", { value: true });
19exports.SecurityRulesApiClient = void 0;
20var api_request_1 = require("../utils/api-request");
21var error_1 = require("../utils/error");
22var security_rules_internal_1 = require("./security-rules-internal");
23var utils = require("../utils/index");
24var validator = require("../utils/validator");
25var RULES_V1_API = 'https://firebaserules.googleapis.com/v1';
26var FIREBASE_VERSION_HEADER = {
  'X-Firebase-Client': "fire-admin-node/" + utils.getSdkVersion(),
28};
29/**
* Class that facilitates sending requests to the Firebase security rules backend API.
*
* @private
*/
34var SecurityRulesApiClient = /** @class */ (function () {
  function SecurityRulesApiClient(app) {
      this.app = app;
      if (!validator.isNonNullObject(app) || !('options' in app)) {
          throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'First argument passed to admin.securityRules() must be a valid Firebase app '
              + 'instance.');
      }
      this.httpClient = new api_request_1.AuthorizedHttpClient(app);
  }
  SecurityRulesApiClient.prototype.getRuleset = function (name) {
      var _this = this;
      return Promise.resolve()
          .then(function () {
          return _this.getRulesetName(name);
      })
          .then(function (rulesetName) {
          return _this.getResource(rulesetName);
      });
  };
  SecurityRulesApiClient.prototype.createRuleset = function (ruleset) {
      var _this = this;
      if (!validator.isNonNullObject(ruleset) ||
          !validator.isNonNullObject(ruleset.source) ||
          !validator.isNonEmptyArray(ruleset.source.files)) {
          var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Invalid rules content.');
          return Promise.reject(err);
      }
      for (var _i = 0, _a = ruleset.source.files; _i < _a.length; _i++) {
          var rf = _a[_i];
          if (!validator.isNonNullObject(rf) ||
              !validator.isNonEmptyString(rf.name) ||
              !validator.isNonEmptyString(rf.content)) {
              var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', "Invalid rules file argument: " + JSON.stringify(rf));
              return Promise.reject(err);
          }
      }
      return this.getUrl()
          .then(function (url) {
          var request = {
              method: 'POST',
              url: url + "/rulesets",
              data: ruleset,
          };
          return _this.sendRequest(request);
      });
  };
  SecurityRulesApiClient.prototype.deleteRuleset = function (name) {
      var _this = this;
      return this.getUrl()
          .then(function (url) {
          var rulesetName = _this.getRulesetName(name);
          var request = {
              method: 'DELETE',
              url: url + "/" + rulesetName,
          };
          return _this.sendRequest(request);
      });
  };
  SecurityRulesApiClient.prototype.listRulesets = function (pageSize, pageToken) {
      var _this = this;
      if (pageSize === void 0) { pageSize = 100; }
      if (!validator.isNumber(pageSize)) {
          var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Invalid page size.');
          return Promise.reject(err);
      }
      if (pageSize < 1 || pageSize > 100) {
          var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Page size must be between 1 and 100.');
          return Promise.reject(err);
      }
      if (typeof pageToken !== 'undefined' && !validator.isNonEmptyString(pageToken)) {
          var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Next page token must be a non-empty string.');
          return Promise.reject(err);
      }
      var data = {
          pageSize: pageSize,
          pageToken: pageToken,
      };
      if (!pageToken) {
          delete data.pageToken;
      }
      return this.getUrl()
          .then(function (url) {
          var request = {
              method: 'GET',
              url: url + "/rulesets",
              data: data,
          };
          return _this.sendRequest(request);
      });
  };
  SecurityRulesApiClient.prototype.getRelease = function (name) {
      return this.getResource("releases/" + name);
  };
  SecurityRulesApiClient.prototype.updateRelease = function (name, rulesetName) {
      var _this = this;
      return this.getUrl()
          .then(function (url) {
          return _this.getReleaseDescription(name, rulesetName)
              .then(function (release) {
              var request = {
                  method: 'PATCH',
                  url: url + "/releases/" + name,
                  data: { release: release },
              };
              return _this.sendRequest(request);
          });
      });
  };
  SecurityRulesApiClient.prototype.getUrl = function () {
      return this.getProjectIdPrefix()
          .then(function (projectIdPrefix) {
          return RULES_V1_API + "/" + projectIdPrefix;
      });
  };
  SecurityRulesApiClient.prototype.getProjectIdPrefix = function () {
      var _this = this;
      if (this.projectIdPrefix) {
          return Promise.resolve(this.projectIdPrefix);
      }
      return utils.findProjectId(this.app)
          .then(function (projectId) {
          if (!validator.isNonEmptyString(projectId)) {
              throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Failed to determine project ID. Initialize the SDK with service account credentials, or '
                  + 'set project ID as an app option. Alternatively, set the GOOGLE_CLOUD_PROJECT '
                  + 'environment variable.');
          }
          _this.projectIdPrefix = "projects/" + projectId;
          return _this.projectIdPrefix;
      });
  };
  /**
   * Gets the specified resource from the rules API. Resource names must be the short names without project
   * ID prefix (e.g. `rulesets/ruleset-name`).
   *
   * @param {string} name Full qualified name of the resource to get.
   * @returns {Promise<T>} A promise that fulfills with the resource.
   */
  SecurityRulesApiClient.prototype.getResource = function (name) {
      var _this = this;
      return this.getUrl()
          .then(function (url) {
          var request = {
              method: 'GET',
              url: url + "/" + name,
          };
          return _this.sendRequest(request);
      });
  };
  SecurityRulesApiClient.prototype.getReleaseDescription = function (name, rulesetName) {
      var _this = this;
      return this.getProjectIdPrefix()
          .then(function (projectIdPrefix) {
          return {
              name: projectIdPrefix + "/releases/" + name,
              rulesetName: projectIdPrefix + "/" + _this.getRulesetName(rulesetName),
          };
      });
  };
  SecurityRulesApiClient.prototype.getRulesetName = function (name) {
      if (!validator.isNonEmptyString(name)) {
          throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Ruleset name must be a non-empty string.');
      }
      if (name.indexOf('/') !== -1) {
          throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Ruleset name must not contain any "/" characters.');
      }
      return "rulesets/" + name;
  };
  SecurityRulesApiClient.prototype.sendRequest = function (request) {
      var _this = this;
      request.headers = FIREBASE_VERSION_HEADER;
      return this.httpClient.send(request)
          .then(function (resp) {
          return resp.data;
      })
          .catch(function (err) {
          throw _this.toFirebaseError(err);
      });
  };
  SecurityRulesApiClient.prototype.toFirebaseError = function (err) {
      if (err instanceof error_1.PrefixedFirebaseError) {
          return err;
      }
      var response = err.response;
      if (!response.isJson()) {
          return new security_rules_internal_1.FirebaseSecurityRulesError('unknown-error', "Unexpected response with status: " + response.status + " and body: " + response.text);
      }
      var error = response.data.error || {};
      var code = 'unknown-error';
      if (error.status && error.status in ERROR_CODE_MAPPING) {
          code = ERROR_CODE_MAPPING[error.status];
      }
      var message = error.message || "Unknown server error: " + response.text;
      return new security_rules_internal_1.FirebaseSecurityRulesError(code, message);
  };
  return SecurityRulesApiClient;
229}());
230exports.SecurityRulesApiClient = SecurityRulesApiClient;
231var ERROR_CODE_MAPPING = {
  INVALID_ARGUMENT: 'invalid-argument',
  NOT_FOUND: 'not-found',
  RESOURCE_EXHAUSTED: 'resource-exhausted',
  UNAUTHENTICATED: 'authentication-error',
  UNKNOWN: 'unknown-error',
237};

1	`/! firebase-admin v10.0.0 /`
2	`"use strict";`
3	`/*!`
4	`* Copyright 2019 Google Inc.`
5	`*`
6	`* Licensed under the Apache License, Version 2.0 (the "License");`
7	`* you may not use this file except in compliance with the License.`
8	`* You may obtain a copy of the License at`
9	`*`
10	`* http://www.apache.org/licenses/LICENSE-2.0`
11	`*`
12	`* Unless required by applicable law or agreed to in writing, software`
13	`* distributed under the License is distributed on an "AS IS" BASIS,`
14	`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
15	`* See the License for the specific language governing permissions and`
16	`* limitations under the License.`
17	`*/`
18	`Object.defineProperty(exports, "__esModule", { value: true });`
19	`exports.SecurityRulesApiClient = void 0;`
20	`var api_request_1 = require("../utils/api-request");`
21	`var error_1 = require("../utils/error");`
22	`var security_rules_internal_1 = require("./security-rules-internal");`
23	`var utils = require("../utils/index");`
24	`var validator = require("../utils/validator");`
25	`var RULES_V1_API = 'https://firebaserules.googleapis.com/v1';`
26	`var FIREBASE_VERSION_HEADER = {`
27	`'X-Firebase-Client': "fire-admin-node/" + utils.getSdkVersion(),`
28	`};`
29	`/**`
30	`* Class that facilitates sending requests to the Firebase security rules backend API.`
31	`*`
32	`* @private`
33	`*/`
34	`var SecurityRulesApiClient = /** @class */ (function () {`
35	`function SecurityRulesApiClient(app) {`
36	`this.app = app;`
37	`if (!validator.isNonNullObject(app) \|\| !('options' in app)) {`
38	`throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'First argument passed to admin.securityRules() must be a valid Firebase app '`
39	`+ 'instance.');`
40	`}`
41	`this.httpClient = new api_request_1.AuthorizedHttpClient(app);`
42	`}`
43	`SecurityRulesApiClient.prototype.getRuleset = function (name) {`
44	`var _this = this;`
45	`return Promise.resolve()`
46	`.then(function () {`
47	`return _this.getRulesetName(name);`
48	`})`
49	`.then(function (rulesetName) {`
50	`return _this.getResource(rulesetName);`
51	`});`
52	`};`
53	`SecurityRulesApiClient.prototype.createRuleset = function (ruleset) {`
54	`var _this = this;`
55	`if (!validator.isNonNullObject(ruleset) \|\|`
56	`!validator.isNonNullObject(ruleset.source) \|\|`
57	`!validator.isNonEmptyArray(ruleset.source.files)) {`
58	`var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Invalid rules content.');`
59	`return Promise.reject(err);`
60	`}`
61	`for (var _i = 0, _a = ruleset.source.files; _i < _a.length; _i++) {`
62	`var rf = _a[_i];`
63	`if (!validator.isNonNullObject(rf) \|\|`
64	`!validator.isNonEmptyString(rf.name) \|\|`
65	`!validator.isNonEmptyString(rf.content)) {`
66	`var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', "Invalid rules file argument: " + JSON.stringify(rf));`
67	`return Promise.reject(err);`
68	`}`
69	`}`
70	`return this.getUrl()`
71	`.then(function (url) {`
72	`var request = {`
73	`method: 'POST',`
74	`url: url + "/rulesets",`
75	`data: ruleset,`
76	`};`
77	`return _this.sendRequest(request);`
78	`});`
79	`};`
80	`SecurityRulesApiClient.prototype.deleteRuleset = function (name) {`
81	`var _this = this;`
82	`return this.getUrl()`
83	`.then(function (url) {`
84	`var rulesetName = _this.getRulesetName(name);`
85	`var request = {`
86	`method: 'DELETE',`
87	`url: url + "/" + rulesetName,`
88	`};`
89	`return _this.sendRequest(request);`
90	`});`
91	`};`
92	`SecurityRulesApiClient.prototype.listRulesets = function (pageSize, pageToken) {`
93	`var _this = this;`
94	`if (pageSize === void 0) { pageSize = 100; }`
95	`if (!validator.isNumber(pageSize)) {`
96	`var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Invalid page size.');`
97	`return Promise.reject(err);`
98	`}`
99	`if (pageSize < 1 \|\| pageSize > 100) {`
100	`var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Page size must be between 1 and 100.');`
101	`return Promise.reject(err);`
102	`}`
103	`if (typeof pageToken !== 'undefined' && !validator.isNonEmptyString(pageToken)) {`
104	`var err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Next page token must be a non-empty string.');`
105	`return Promise.reject(err);`
106	`}`
107	`var data = {`
108	`pageSize: pageSize,`
109	`pageToken: pageToken,`
110	`};`
111	`if (!pageToken) {`
112	`delete data.pageToken;`
113	`}`
114	`return this.getUrl()`
115	`.then(function (url) {`
116	`var request = {`
117	`method: 'GET',`
118	`url: url + "/rulesets",`
119	`data: data,`
120	`};`
121	`return _this.sendRequest(request);`
122	`});`
123	`};`
124	`SecurityRulesApiClient.prototype.getRelease = function (name) {`
125	`return this.getResource("releases/" + name);`
126	`};`
127	`SecurityRulesApiClient.prototype.updateRelease = function (name, rulesetName) {`
128	`var _this = this;`
129	`return this.getUrl()`
130	`.then(function (url) {`
131	`return _this.getReleaseDescription(name, rulesetName)`
132	`.then(function (release) {`
133	`var request = {`
134	`method: 'PATCH',`
135	`url: url + "/releases/" + name,`
136	`data: { release: release },`
137	`};`
138	`return _this.sendRequest(request);`
139	`});`
140	`});`
141	`};`
142	`SecurityRulesApiClient.prototype.getUrl = function () {`
143	`return this.getProjectIdPrefix()`
144	`.then(function (projectIdPrefix) {`
145	`return RULES_V1_API + "/" + projectIdPrefix;`
146	`});`
147	`};`
148	`SecurityRulesApiClient.prototype.getProjectIdPrefix = function () {`
149	`var _this = this;`
150	`if (this.projectIdPrefix) {`
151	`return Promise.resolve(this.projectIdPrefix);`
152	`}`
153	`return utils.findProjectId(this.app)`
154	`.then(function (projectId) {`
155	`if (!validator.isNonEmptyString(projectId)) {`
156	`throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Failed to determine project ID. Initialize the SDK with service account credentials, or '`
157	`+ 'set project ID as an app option. Alternatively, set the GOOGLE_CLOUD_PROJECT '`
158	`+ 'environment variable.');`
159	`}`
160	`_this.projectIdPrefix = "projects/" + projectId;`
161	`return _this.projectIdPrefix;`
162	`});`
163	`};`
164	`/**`
165	`* Gets the specified resource from the rules API. Resource names must be the short names without project`
166	* ID prefix (e.g. `rulesets/ruleset-name`).
167	`*`
168	`* @param {string} name Full qualified name of the resource to get.`
169	`* @returns {Promise<T>} A promise that fulfills with the resource.`
170	`*/`
171	`SecurityRulesApiClient.prototype.getResource = function (name) {`
172	`var _this = this;`
173	`return this.getUrl()`
174	`.then(function (url) {`
175	`var request = {`
176	`method: 'GET',`
177	`url: url + "/" + name,`
178	`};`
179	`return _this.sendRequest(request);`
180	`});`
181	`};`
182	`SecurityRulesApiClient.prototype.getReleaseDescription = function (name, rulesetName) {`
183	`var _this = this;`
184	`return this.getProjectIdPrefix()`
185	`.then(function (projectIdPrefix) {`
186	`return {`
187	`name: projectIdPrefix + "/releases/" + name,`
188	`rulesetName: projectIdPrefix + "/" + _this.getRulesetName(rulesetName),`
189	`};`
190	`});`
191	`};`
192	`SecurityRulesApiClient.prototype.getRulesetName = function (name) {`
193	`if (!validator.isNonEmptyString(name)) {`
194	`throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Ruleset name must be a non-empty string.');`
195	`}`
196	`if (name.indexOf('/') !== -1) {`
197	`throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Ruleset name must not contain any "/" characters.');`
198	`}`
199	`return "rulesets/" + name;`
200	`};`
201	`SecurityRulesApiClient.prototype.sendRequest = function (request) {`
202	`var _this = this;`
203	`request.headers = FIREBASE_VERSION_HEADER;`
204	`return this.httpClient.send(request)`
205	`.then(function (resp) {`
206	`return resp.data;`
207	`})`
208	`.catch(function (err) {`
209	`throw _this.toFirebaseError(err);`
210	`});`
211	`};`
212	`SecurityRulesApiClient.prototype.toFirebaseError = function (err) {`
213	`if (err instanceof error_1.PrefixedFirebaseError) {`
214	`return err;`
215	`}`
216	`var response = err.response;`
217	`if (!response.isJson()) {`
218	`return new security_rules_internal_1.FirebaseSecurityRulesError('unknown-error', "Unexpected response with status: " + response.status + " and body: " + response.text);`
219	`}`
220	`var error = response.data.error \|\| {};`
221	`var code = 'unknown-error';`
222	`if (error.status && error.status in ERROR_CODE_MAPPING) {`
223	`code = ERROR_CODE_MAPPING[error.status];`
224	`}`
225	`var message = error.message \|\| "Unknown server error: " + response.text;`
226	`return new security_rules_internal_1.FirebaseSecurityRulesError(code, message);`
227	`};`
228	`return SecurityRulesApiClient;`
229	`}());`
230	`exports.SecurityRulesApiClient = SecurityRulesApiClient;`
231	`var ERROR_CODE_MAPPING = {`
232	`INVALID_ARGUMENT: 'invalid-argument',`
233	`NOT_FOUND: 'not-found',`
234	`RESOURCE_EXHAUSTED: 'resource-exhausted',`
235	`UNAUTHENTICATED: 'authentication-error',`
236	`UNKNOWN: 'unknown-error',`
237	`};`