UNPKG

7.48 kBTypeScriptView Raw
1/// <reference types="node" />
2import * as express from "express";
3import { DecodedAppCheckToken } from "firebase-admin/app-check";
4import { DecodedIdToken } from "firebase-admin/auth";
5import { TaskContext } from "./tasks";
6/** An express request with the wire format representation of the request body. */
7export interface Request extends express.Request {
8 /** The wire format representation of the request body. */
9 rawBody: Buffer;
10}
11/**
12 * The interface for AppCheck tokens verified in Callable functions
13 */
14export interface AppCheckData {
15 /**
16 * The app ID of a Firebase App attested by the App Check token.
17 */
18 appId: string;
19 /**
20 * Decoded App Check token.
21 */
22 token: DecodedAppCheckToken;
23 /**
24 * Indicates if the token has been consumed.
25 *
26 * @remarks
27 * `false` value indicates that this is the first time the App Check service has seen this token and marked the
28 * token as consumed for future use of the token.
29 *
30 * `true` value indicates the token has previously been marked as consumed by the App Check service. In this case,
31 * consider taking extra precautions, such as rejecting the request or requiring additional security checks.
32 */
33 alreadyConsumed?: boolean;
34}
35/**
36 * The interface for Auth tokens verified in Callable functions
37 */
38export interface AuthData {
39 uid: string;
40 token: DecodedIdToken;
41}
42/**
43 * The interface for metadata for the API as passed to the handler.
44 */
45export interface CallableContext {
46 /**
47 * The result of decoding and verifying a Firebase AppCheck token.
48 */
49 app?: AppCheckData;
50 /**
51 * The result of decoding and verifying a Firebase Auth ID token.
52 */
53 auth?: AuthData;
54 /**
55 * An unverified token for a Firebase Instance ID.
56 */
57 instanceIdToken?: string;
58 /**
59 * The raw request handled by the callable.
60 */
61 rawRequest: Request;
62}
63/**
64 * The request used to call a callable function.
65 */
66export interface CallableRequest<T = any> {
67 /**
68 * The parameters used by a client when calling this function.
69 */
70 data: T;
71 /**
72 * The result of decoding and verifying a Firebase AppCheck token.
73 */
74 app?: AppCheckData;
75 /**
76 * The result of decoding and verifying a Firebase Auth ID token.
77 */
78 auth?: AuthData;
79 /**
80 * An unverified token for a Firebase Instance ID.
81 */
82 instanceIdToken?: string;
83 /**
84 * The raw request handled by the callable.
85 */
86 rawRequest: Request;
87}
88/**
89 * The set of Firebase Functions status codes. The codes are the same at the
90 * ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md | gRPC}.
91 *
92 * @remarks
93 * Possible values:
94 *
95 * - `cancelled`: The operation was cancelled (typically by the caller).
96 *
97 * - `unknown`: Unknown error or an error from a different error domain.
98 *
99 * - `invalid-argument`: Client specified an invalid argument. Note that this
100 * differs from `failed-precondition`. `invalid-argument` indicates
101 * arguments that are problematic regardless of the state of the system
102 * (e.g. an invalid field name).
103 *
104 * - `deadline-exceeded`: Deadline expired before operation could complete.
105 * For operations that change the state of the system, this error may be
106 * returned even if the operation has completed successfully. For example,
107 * a successful response from a server could have been delayed long enough
108 * for the deadline to expire.
109 *
110 * - `not-found`: Some requested document was not found.
111 *
112 * - `already-exists`: Some document that we attempted to create already
113 * exists.
114 *
115 * - `permission-denied`: The caller does not have permission to execute the
116 * specified operation.
117 *
118 * - `resource-exhausted`: Some resource has been exhausted, perhaps a
119 * per-user quota, or perhaps the entire file system is out of space.
120 *
121 * - `failed-precondition`: Operation was rejected because the system is not
122 * in a state required for the operation's execution.
123 *
124 * - `aborted`: The operation was aborted, typically due to a concurrency
125 * issue like transaction aborts, etc.
126 *
127 * - `out-of-range`: Operation was attempted past the valid range.
128 *
129 * - `unimplemented`: Operation is not implemented or not supported/enabled.
130 *
131 * - `internal`: Internal errors. Means some invariants expected by
132 * underlying system has been broken. If you see one of these errors,
133 * something is very broken.
134 *
135 * - `unavailable`: The service is currently unavailable. This is most likely
136 * a transient condition and may be corrected by retrying with a backoff.
137 *
138 * - `data-loss`: Unrecoverable data loss or corruption.
139 *
140 * - `unauthenticated`: The request does not have valid authentication
141 * credentials for the operation.
142 */
143export type FunctionsErrorCode = "ok" | "cancelled" | "unknown" | "invalid-argument" | "deadline-exceeded" | "not-found" | "already-exists" | "permission-denied" | "resource-exhausted" | "failed-precondition" | "aborted" | "out-of-range" | "unimplemented" | "internal" | "unavailable" | "data-loss" | "unauthenticated";
144/** @hidden */
145export type CanonicalErrorCodeName = "OK" | "CANCELLED" | "UNKNOWN" | "INVALID_ARGUMENT" | "DEADLINE_EXCEEDED" | "NOT_FOUND" | "ALREADY_EXISTS" | "PERMISSION_DENIED" | "UNAUTHENTICATED" | "RESOURCE_EXHAUSTED" | "FAILED_PRECONDITION" | "ABORTED" | "OUT_OF_RANGE" | "UNIMPLEMENTED" | "INTERNAL" | "UNAVAILABLE" | "DATA_LOSS";
146/** @hidden */
147interface HttpErrorCode {
148 canonicalName: CanonicalErrorCodeName;
149 status: number;
150}
151/** @hidden */
152interface HttpErrorWireFormat {
153 details?: unknown;
154 message: string;
155 status: CanonicalErrorCodeName;
156}
157/**
158 * An explicit error that can be thrown from a handler to send an error to the
159 * client that called the function.
160 */
161export declare class HttpsError extends Error {
162 /**
163 * A standard error code that will be returned to the client. This also
164 * determines the HTTP status code of the response, as defined in code.proto.
165 */
166 readonly code: FunctionsErrorCode;
167 /**
168 * Extra data to be converted to JSON and included in the error response.
169 */
170 readonly details: unknown;
171 /**
172 * A wire format representation of a provided error code.
173 *
174 * @hidden
175 */
176 readonly httpErrorCode: HttpErrorCode;
177 constructor(code: FunctionsErrorCode, message: string, details?: unknown);
178 /**
179 * Returns a JSON-serializable representation of this object.
180 */
181 toJSON(): HttpErrorWireFormat;
182}
183/** @hidden */
184interface HttpRequest extends Request {
185 body: {
186 data: any;
187 };
188}
189/** @hidden */
190export declare function isValidRequest(req: Request): req is HttpRequest;
191/**
192 * Encodes arbitrary data in our special format for JSON.
193 * This is exposed only for testing.
194 */
195/** @hidden */
196export declare function encode(data: any): any;
197/**
198 * Decodes our special format for JSON into native types.
199 * This is exposed only for testing.
200 */
201/** @hidden */
202export declare function decode(data: any): any;
203/**
204 * Be careful when changing token status values.
205 *
206 * Users are encouraged to setup log-based metric based on these values, and
207 * changing their values may cause their metrics to break.
208 *
209 */
210/** @hidden */
211type TokenStatus = "MISSING" | "VALID" | "INVALID";
212/** @interanl */
213export declare function checkAuthToken(req: Request, ctx: CallableContext | TaskContext): Promise<TokenStatus>;
214export {};