UNPKG

firebase-admin/lib/app-check/app-check.js

Version:

3.88 kBJavaScriptView Raw

1/*! firebase-admin v12.0.0 */
2"use strict";
3/*!
* @license
* Copyright 2021 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*   http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
19Object.defineProperty(exports, "__esModule", { value: true });
20exports.AppCheck = void 0;
21const validator = require("../utils/validator");
22const app_check_api_client_internal_1 = require("./app-check-api-client-internal");
23const token_generator_1 = require("./token-generator");
24const token_verifier_1 = require("./token-verifier");
25const crypto_signer_1 = require("../utils/crypto-signer");
26/**
* The Firebase `AppCheck` service interface.
*/
29class AppCheck {
  /**
   * @param app - The app for this AppCheck service.
   * @constructor
   * @internal
   */
  constructor(app) {
      this.app = app;
      this.client = new app_check_api_client_internal_1.AppCheckApiClient(app);
      try {
          this.tokenGenerator = new token_generator_1.AppCheckTokenGenerator((0, crypto_signer_1.cryptoSignerFromApp)(app));
      }
      catch (err) {
          throw (0, token_generator_1.appCheckErrorFromCryptoSignerError)(err);
      }
      this.appCheckTokenVerifier = new token_verifier_1.AppCheckTokenVerifier(app);
  }
  /**
   * Creates a new {@link AppCheckToken} that can be sent
   * back to a client.
   *
   * @param appId - The app ID to use as the JWT app_id.
   * @param options - Optional options object when creating a new App Check Token.
   *
   * @returns A promise that fulfills with a `AppCheckToken`.
   */
  createToken(appId, options) {
      return this.tokenGenerator.createCustomToken(appId, options)
          .then((customToken) => {
          return this.client.exchangeToken(customToken, appId);
      });
  }
  /**
   * Verifies a Firebase App Check token (JWT). If the token is valid, the promise is
   * fulfilled with the token's decoded claims; otherwise, the promise is
   * rejected.
   *
   * @param appCheckToken - The App Check token to verify.
   * @param options - Optional {@link VerifyAppCheckTokenOptions} object when verifying an App Check Token.
   *
   * @returns A promise fulfilled with the token's decoded claims
   *   if the App Check token is valid; otherwise, a rejected promise.
   */
  verifyToken(appCheckToken, options) {
      this.validateVerifyAppCheckTokenOptions(options);
      return this.appCheckTokenVerifier.verifyToken(appCheckToken)
          .then((decodedToken) => {
          if (options?.consume) {
              return this.client.verifyReplayProtection(appCheckToken)
                  .then((alreadyConsumed) => {
                  return {
                      alreadyConsumed,
                      appId: decodedToken.app_id,
                      token: decodedToken,
                  };
              });
          }
          return {
              appId: decodedToken.app_id,
              token: decodedToken,
          };
      });
  }
  validateVerifyAppCheckTokenOptions(options) {
      if (typeof options === 'undefined') {
          return;
      }
      if (!validator.isNonNullObject(options)) {
          throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'VerifyAppCheckTokenOptions must be a non-null object.');
      }
  }
100}
101exports.AppCheck = AppCheck;

1	`/! firebase-admin v12.0.0 /`
2	`"use strict";`
3	`/*!`
4	`* @license`
5	`* Copyright 2021 Google Inc.`
6	`*`
7	`* Licensed under the Apache License, Version 2.0 (the "License");`
8	`* you may not use this file except in compliance with the License.`
9	`* You may obtain a copy of the License at`
10	`*`
11	`* http://www.apache.org/licenses/LICENSE-2.0`
12	`*`
13	`* Unless required by applicable law or agreed to in writing, software`
14	`* distributed under the License is distributed on an "AS IS" BASIS,`
15	`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
16	`* See the License for the specific language governing permissions and`
17	`* limitations under the License.`
18	`*/`
19	`Object.defineProperty(exports, "__esModule", { value: true });`
20	`exports.AppCheck = void 0;`
21	`const validator = require("../utils/validator");`
22	`const app_check_api_client_internal_1 = require("./app-check-api-client-internal");`
23	`const token_generator_1 = require("./token-generator");`
24	`const token_verifier_1 = require("./token-verifier");`
25	`const crypto_signer_1 = require("../utils/crypto-signer");`
26	`/**`
27	* The Firebase `AppCheck` service interface.
28	`*/`
29	`class AppCheck {`
30	`/**`
31	`* @param app - The app for this AppCheck service.`
32	`* @constructor`
33	`* @internal`
34	`*/`
35	`constructor(app) {`
36	`this.app = app;`
37	`this.client = new app_check_api_client_internal_1.AppCheckApiClient(app);`
38	`try {`
39	`this.tokenGenerator = new token_generator_1.AppCheckTokenGenerator((0, crypto_signer_1.cryptoSignerFromApp)(app));`
40	`}`
41	`catch (err) {`
42	`throw (0, token_generator_1.appCheckErrorFromCryptoSignerError)(err);`
43	`}`
44	`this.appCheckTokenVerifier = new token_verifier_1.AppCheckTokenVerifier(app);`
45	`}`
46	`/**`
47	`* Creates a new {@link AppCheckToken} that can be sent`
48	`* back to a client.`
49	`*`
50	`* @param appId - The app ID to use as the JWT app_id.`
51	`* @param options - Optional options object when creating a new App Check Token.`
52	`*`
53	* @returns A promise that fulfills with a `AppCheckToken`.
54	`*/`
55	`createToken(appId, options) {`
56	`return this.tokenGenerator.createCustomToken(appId, options)`
57	`.then((customToken) => {`
58	`return this.client.exchangeToken(customToken, appId);`
59	`});`
60	`}`
61	`/**`
62	`* Verifies a Firebase App Check token (JWT). If the token is valid, the promise is`
63	`* fulfilled with the token's decoded claims; otherwise, the promise is`
64	`* rejected.`
65	`*`
66	`* @param appCheckToken - The App Check token to verify.`
67	`* @param options - Optional {@link VerifyAppCheckTokenOptions} object when verifying an App Check Token.`
68	`*`
69	`* @returns A promise fulfilled with the token's decoded claims`
70	`* if the App Check token is valid; otherwise, a rejected promise.`
71	`*/`
72	`verifyToken(appCheckToken, options) {`
73	`this.validateVerifyAppCheckTokenOptions(options);`
74	`return this.appCheckTokenVerifier.verifyToken(appCheckToken)`
75	`.then((decodedToken) => {`
76	`if (options?.consume) {`
77	`return this.client.verifyReplayProtection(appCheckToken)`
78	`.then((alreadyConsumed) => {`
79	`return {`
80	`alreadyConsumed,`
81	`appId: decodedToken.app_id,`
82	`token: decodedToken,`
83	`};`
84	`});`
85	`}`
86	`return {`
87	`appId: decodedToken.app_id,`
88	`token: decodedToken,`
89	`};`
90	`});`
91	`}`
92	`validateVerifyAppCheckTokenOptions(options) {`
93	`if (typeof options === 'undefined') {`
94	`return;`
95	`}`
96	`if (!validator.isNonNullObject(options)) {`
97	`throw new app_check_api_client_internal_1.FirebaseAppCheckError('invalid-argument', 'VerifyAppCheckTokenOptions must be a non-null object.');`
98	`}`
99	`}`
100	`}`
101	`exports.AppCheck = AppCheck;`