1 | /*! firebase-admin v12.0.0 */
|
2 | ;
|
3 | /*!
|
4 | * @license
|
5 | * Copyright 2021 Google Inc.
|
6 | *
|
7 | * Licensed under the Apache License, Version 2.0 (the "License");
|
8 | * you may not use this file except in compliance with the License.
|
9 | * You may obtain a copy of the License at
|
10 | *
|
11 | * http://www.apache.org/licenses/LICENSE-2.0
|
12 | *
|
13 | * Unless required by applicable law or agreed to in writing, software
|
14 | * distributed under the License is distributed on an "AS IS" BASIS,
|
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16 | * See the License for the specific language governing permissions and
|
17 | * limitations under the License.
|
18 | */
|
19 | Object.defineProperty(exports, "__esModule", { value: true });
|
20 | exports.AppCheck = void 0;
|
21 | const validator = require("../utils/validator");
|
22 | const app_check_api_client_internal_1 = require("./app-check-api-client-internal");
|
23 | const token_generator_1 = require("./token-generator");
|
24 | const token_verifier_1 = require("./token-verifier");
|
25 | const crypto_signer_1 = require("../utils/crypto-signer");
|
26 | /**
|
27 | * The Firebase `AppCheck` service interface.
|
28 | */
|
29 | class AppCheck {
|
30 | /**
|
31 | * @param app - The app for this AppCheck service.
|
32 | * @constructor
|
33 | * @internal
|
34 | */
|
35 | constructor(app) {
|
36 | this.app = app;
|
37 | this.client = new app_check_api_client_internal_1.AppCheckApiClient(app);
|
38 | try {
|
39 | this.tokenGenerator = new token_generator_1.AppCheckTokenGenerator((0, crypto_signer_1.cryptoSignerFromApp)(app));
|
40 | }
|
41 | catch (err) {
|
42 | throw (0, token_generator_1.appCheckErrorFromCryptoSignerError)(err);
|
43 | }
|
44 | this.appCheckTokenVerifier = new token_verifier_1.AppCheckTokenVerifier(app);
|
45 | }
|
46 | /**
|
47 | * Creates a new {@link AppCheckToken} that can be sent
|
48 | * back to a client.
|
49 | *
|
50 | * @param appId - The app ID to use as the JWT app_id.
|
51 | * @param options - Optional options object when creating a new App Check Token.
|
52 | *
|
53 | * @returns A promise that fulfills with a `AppCheckToken`.
|
54 | */
|
55 | createToken(appId, options) {
|
56 | return this.tokenGenerator.createCustomToken(appId, options)
|
57 | .then((customToken) => {
|
58 | return this.client.exchangeToken(customToken, appId);
|
59 | });
|
60 | }
|
61 | /**
|
62 | * Verifies a Firebase App Check token (JWT). If the token is valid, the promise is
|
63 | * fulfilled with the token's decoded claims; otherwise, the promise is
|
64 | * rejected.
|
65 | *
|
66 | * @param appCheckToken - The App Check token to verify.
|
67 | * @param options - Optional {@link VerifyAppCheckTokenOptions} object when verifying an App Check Token.
|
68 | *
|
69 | * @returns A promise fulfilled with the token's decoded claims
|
70 | * if the App Check token is valid; otherwise, a rejected promise.
|
71 | */
|
72 | verifyToken(appCheckToken, options) {
|
73 | this.validateVerifyAppCheckTokenOptions(options);
|
74 | return this.appCheckTokenVerifier.verifyToken(appCheckToken)
|
75 | .then((decodedToken) => {
|
76 | if (options?.consume) {
|
77 | return this.client.verifyReplayProtection(appCheckToken)
|
78 | .then((alreadyConsumed) => {
|
79 | return {
|
80 | alreadyConsumed,
|
81 | appId: decodedToken.app_id,
|
82 | token: decodedToken,
|
83 | };
|
84 | });
|
85 | }
|
86 | return {
|
87 | appId: decodedToken.app_id,
|
88 | token: decodedToken,
|
89 | };
|
90 | });
|
91 | }
|
92 | validateVerifyAppCheckTokenOptions(options) {
|
93 | if (typeof options === 'undefined') {
|
94 | return;
|
95 | }
|
96 | if (!validator.isNonNullObject(options)) {
|
97 | throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'VerifyAppCheckTokenOptions must be a non-null object.');
|
98 | }
|
99 | }
|
100 | }
|
101 | exports.AppCheck = AppCheck;
|