1 | /// <reference types="node" />
|
2 | import * as express from "express";
|
3 | import { DecodedAppCheckToken } from "firebase-admin/app-check";
|
4 | import { DecodedIdToken } from "firebase-admin/auth";
|
5 | import { TaskContext } from "./tasks";
|
6 | /** An express request with the wire format representation of the request body. */
|
7 | export interface Request extends express.Request {
|
8 | /** The wire format representation of the request body. */
|
9 | rawBody: Buffer;
|
10 | }
|
11 | /**
|
12 | * The interface for AppCheck tokens verified in Callable functions
|
13 | */
|
14 | export interface AppCheckData {
|
15 | /**
|
16 | * The app ID of a Firebase App attested by the App Check token.
|
17 | */
|
18 | appId: string;
|
19 | /**
|
20 | * Decoded App Check token.
|
21 | */
|
22 | token: DecodedAppCheckToken;
|
23 | /**
|
24 | * Indicates if the token has been consumed.
|
25 | *
|
26 | * @remarks
|
27 | * `false` value indicates that this is the first time the App Check service has seen this token and marked the
|
28 | * token as consumed for future use of the token.
|
29 | *
|
30 | * `true` value indicates the token has previously been marked as consumed by the App Check service. In this case,
|
31 | * consider taking extra precautions, such as rejecting the request or requiring additional security checks.
|
32 | */
|
33 | alreadyConsumed?: boolean;
|
34 | }
|
35 | /**
|
36 | * The interface for Auth tokens verified in Callable functions
|
37 | */
|
38 | export interface AuthData {
|
39 | uid: string;
|
40 | token: DecodedIdToken;
|
41 | }
|
42 | /**
|
43 | * The interface for metadata for the API as passed to the handler.
|
44 | */
|
45 | export interface CallableContext {
|
46 | /**
|
47 | * The result of decoding and verifying a Firebase AppCheck token.
|
48 | */
|
49 | app?: AppCheckData;
|
50 | /**
|
51 | * The result of decoding and verifying a Firebase Auth ID token.
|
52 | */
|
53 | auth?: AuthData;
|
54 | /**
|
55 | * An unverified token for a Firebase Instance ID.
|
56 | */
|
57 | instanceIdToken?: string;
|
58 | /**
|
59 | * The raw request handled by the callable.
|
60 | */
|
61 | rawRequest: Request;
|
62 | }
|
63 | /**
|
64 | * The request used to call a callable function.
|
65 | */
|
66 | export interface CallableRequest<T = any> {
|
67 | /**
|
68 | * The parameters used by a client when calling this function.
|
69 | */
|
70 | data: T;
|
71 | /**
|
72 | * The result of decoding and verifying a Firebase AppCheck token.
|
73 | */
|
74 | app?: AppCheckData;
|
75 | /**
|
76 | * The result of decoding and verifying a Firebase Auth ID token.
|
77 | */
|
78 | auth?: AuthData;
|
79 | /**
|
80 | * An unverified token for a Firebase Instance ID.
|
81 | */
|
82 | instanceIdToken?: string;
|
83 | /**
|
84 | * The raw request handled by the callable.
|
85 | */
|
86 | rawRequest: Request;
|
87 | }
|
88 | /**
|
89 | * The set of Firebase Functions status codes. The codes are the same at the
|
90 | * ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md | gRPC}.
|
91 | *
|
92 | * @remarks
|
93 | * Possible values:
|
94 | *
|
95 | * - `cancelled`: The operation was cancelled (typically by the caller).
|
96 | *
|
97 | * - `unknown`: Unknown error or an error from a different error domain.
|
98 | *
|
99 | * - `invalid-argument`: Client specified an invalid argument. Note that this
|
100 | * differs from `failed-precondition`. `invalid-argument` indicates
|
101 | * arguments that are problematic regardless of the state of the system
|
102 | * (e.g. an invalid field name).
|
103 | *
|
104 | * - `deadline-exceeded`: Deadline expired before operation could complete.
|
105 | * For operations that change the state of the system, this error may be
|
106 | * returned even if the operation has completed successfully. For example,
|
107 | * a successful response from a server could have been delayed long enough
|
108 | * for the deadline to expire.
|
109 | *
|
110 | * - `not-found`: Some requested document was not found.
|
111 | *
|
112 | * - `already-exists`: Some document that we attempted to create already
|
113 | * exists.
|
114 | *
|
115 | * - `permission-denied`: The caller does not have permission to execute the
|
116 | * specified operation.
|
117 | *
|
118 | * - `resource-exhausted`: Some resource has been exhausted, perhaps a
|
119 | * per-user quota, or perhaps the entire file system is out of space.
|
120 | *
|
121 | * - `failed-precondition`: Operation was rejected because the system is not
|
122 | * in a state required for the operation's execution.
|
123 | *
|
124 | * - `aborted`: The operation was aborted, typically due to a concurrency
|
125 | * issue like transaction aborts, etc.
|
126 | *
|
127 | * - `out-of-range`: Operation was attempted past the valid range.
|
128 | *
|
129 | * - `unimplemented`: Operation is not implemented or not supported/enabled.
|
130 | *
|
131 | * - `internal`: Internal errors. Means some invariants expected by
|
132 | * underlying system has been broken. If you see one of these errors,
|
133 | * something is very broken.
|
134 | *
|
135 | * - `unavailable`: The service is currently unavailable. This is most likely
|
136 | * a transient condition and may be corrected by retrying with a backoff.
|
137 | *
|
138 | * - `data-loss`: Unrecoverable data loss or corruption.
|
139 | *
|
140 | * - `unauthenticated`: The request does not have valid authentication
|
141 | * credentials for the operation.
|
142 | */
|
143 | export type FunctionsErrorCode = "ok" | "cancelled" | "unknown" | "invalid-argument" | "deadline-exceeded" | "not-found" | "already-exists" | "permission-denied" | "resource-exhausted" | "failed-precondition" | "aborted" | "out-of-range" | "unimplemented" | "internal" | "unavailable" | "data-loss" | "unauthenticated";
|
144 | /** @hidden */
|
145 | export type CanonicalErrorCodeName = "OK" | "CANCELLED" | "UNKNOWN" | "INVALID_ARGUMENT" | "DEADLINE_EXCEEDED" | "NOT_FOUND" | "ALREADY_EXISTS" | "PERMISSION_DENIED" | "UNAUTHENTICATED" | "RESOURCE_EXHAUSTED" | "FAILED_PRECONDITION" | "ABORTED" | "OUT_OF_RANGE" | "UNIMPLEMENTED" | "INTERNAL" | "UNAVAILABLE" | "DATA_LOSS";
|
146 | /** @hidden */
|
147 | interface HttpErrorCode {
|
148 | canonicalName: CanonicalErrorCodeName;
|
149 | status: number;
|
150 | }
|
151 | /** @hidden */
|
152 | interface HttpErrorWireFormat {
|
153 | details?: unknown;
|
154 | message: string;
|
155 | status: CanonicalErrorCodeName;
|
156 | }
|
157 | /**
|
158 | * An explicit error that can be thrown from a handler to send an error to the
|
159 | * client that called the function.
|
160 | */
|
161 | export declare class HttpsError extends Error {
|
162 | /**
|
163 | * A standard error code that will be returned to the client. This also
|
164 | * determines the HTTP status code of the response, as defined in code.proto.
|
165 | */
|
166 | readonly code: FunctionsErrorCode;
|
167 | /**
|
168 | * Extra data to be converted to JSON and included in the error response.
|
169 | */
|
170 | readonly details: unknown;
|
171 | /**
|
172 | * A wire format representation of a provided error code.
|
173 | *
|
174 | * @hidden
|
175 | */
|
176 | readonly httpErrorCode: HttpErrorCode;
|
177 | constructor(code: FunctionsErrorCode, message: string, details?: unknown);
|
178 | /**
|
179 | * Returns a JSON-serializable representation of this object.
|
180 | */
|
181 | toJSON(): HttpErrorWireFormat;
|
182 | }
|
183 | /** @hidden */
|
184 | interface HttpRequest extends Request {
|
185 | body: {
|
186 | data: any;
|
187 | };
|
188 | }
|
189 | /** @hidden */
|
190 | export declare function isValidRequest(req: Request): req is HttpRequest;
|
191 | /**
|
192 | * Encodes arbitrary data in our special format for JSON.
|
193 | * This is exposed only for testing.
|
194 | */
|
195 | /** @hidden */
|
196 | export declare function encode(data: any): any;
|
197 | /**
|
198 | * Decodes our special format for JSON into native types.
|
199 | * This is exposed only for testing.
|
200 | */
|
201 | /** @hidden */
|
202 | export declare function decode(data: any): any;
|
203 | /**
|
204 | * Be careful when changing token status values.
|
205 | *
|
206 | * Users are encouraged to setup log-based metric based on these values, and
|
207 | * changing their values may cause their metrics to break.
|
208 | *
|
209 | */
|
210 | /** @hidden */
|
211 | type TokenStatus = "MISSING" | "VALID" | "INVALID";
|
212 | /** @interanl */
|
213 | export declare function checkAuthToken(req: Request, ctx: CallableContext | TaskContext): Promise<TokenStatus>;
|
214 | export {};
|