UNPKG

7.92 kBTypeScriptView Raw
1import * as auth from "firebase-admin/auth";
2import { EventContext } from "../../v1/cloud-functions";
3import { HttpsError } from "./https";
4export { HttpsError };
5/**
6 * Shorthand auth blocking events from GCIP.
7 * @hidden
8 * @alpha
9 */
10export type AuthBlockingEventType = "beforeCreate" | "beforeSignIn" | "beforeSendEmail" | "beforeSendSms";
11/**
12 * The `UserRecord` passed to Cloud Functions is the same
13 * {@link https://firebase.google.com/docs/reference/admin/node/firebase-admin.auth.userrecord | UserRecord}
14 * that is returned by the Firebase Admin SDK.
15 */
16export type UserRecord = auth.UserRecord;
17/**
18 * `UserInfo` that is part of the `UserRecord`.
19 */
20export type UserInfo = auth.UserInfo;
21/**
22 * Helper class to create the user metadata in a `UserRecord` object.
23 */
24export declare class UserRecordMetadata implements auth.UserMetadata {
25 creationTime: string;
26 lastSignInTime: string;
27 constructor(creationTime: string, lastSignInTime: string);
28 /** Returns a plain JavaScript object with the properties of UserRecordMetadata. */
29 toJSON(): AuthUserMetadata;
30}
31/**
32 * Helper function that creates a `UserRecord` class from data sent over the wire.
33 * @param wireData data sent over the wire
34 * @returns an instance of `UserRecord` with correct toJSON functions
35 */
36export declare function userRecordConstructor(wireData: Record<string, unknown>): UserRecord;
37/**
38 * User info that is part of the `AuthUserRecord`.
39 */
40export interface AuthUserInfo {
41 /**
42 * The user identifier for the linked provider.
43 */
44 uid: string;
45 /**
46 * The display name for the linked provider.
47 */
48 displayName: string;
49 /**
50 * The email for the linked provider.
51 */
52 email: string;
53 /**
54 * The photo URL for the linked provider.
55 */
56 photoURL: string;
57 /**
58 * The linked provider ID (for example, "google.com" for the Google provider).
59 */
60 providerId: string;
61 /**
62 * The phone number for the linked provider.
63 */
64 phoneNumber: string;
65}
66/**
67 * Additional metadata about the user.
68 */
69export interface AuthUserMetadata {
70 /**
71 * The date the user was created, formatted as a UTC string.
72 */
73 creationTime: string;
74 /**
75 * The date the user last signed in, formatted as a UTC string.
76 */
77 lastSignInTime: string;
78}
79/**
80 * Interface representing the common properties of a user-enrolled second factor.
81 */
82export interface AuthMultiFactorInfo {
83 /**
84 * The ID of the enrolled second factor. This ID is unique to the user.
85 */
86 uid: string;
87 /**
88 * The optional display name of the enrolled second factor.
89 */
90 displayName?: string;
91 /**
92 * The type identifier of the second factor. For SMS second factors, this is `phone`.
93 */
94 factorId: string;
95 /**
96 * The optional date the second factor was enrolled, formatted as a UTC string.
97 */
98 enrollmentTime?: string;
99 /**
100 * The phone number associated with a phone second factor.
101 */
102 phoneNumber?: string;
103}
104/**
105 * The multi-factor related properties for the current user, if available.
106 */
107export interface AuthMultiFactorSettings {
108 /**
109 * List of second factors enrolled with the current user.
110 */
111 enrolledFactors: AuthMultiFactorInfo[];
112}
113/**
114 * The `UserRecord` passed to auth blocking functions from the identity platform.
115 */
116export interface AuthUserRecord {
117 /**
118 * The user's `uid`.
119 */
120 uid: string;
121 /**
122 * The user's primary email, if set.
123 */
124 email?: string;
125 /**
126 * Whether or not the user's primary email is verified.
127 */
128 emailVerified: boolean;
129 /**
130 * The user's display name.
131 */
132 displayName?: string;
133 /**
134 * The user's photo URL.
135 */
136 photoURL?: string;
137 /**
138 * The user's primary phone number, if set.
139 */
140 phoneNumber?: string;
141 /**
142 * Whether or not the user is disabled: `true` for disabled; `false` for
143 * enabled.
144 */
145 disabled: boolean;
146 /**
147 * Additional metadata about the user.
148 */
149 metadata: AuthUserMetadata;
150 /**
151 * An array of providers (for example, Google, Facebook) linked to the user.
152 */
153 providerData: AuthUserInfo[];
154 /**
155 * The user's hashed password (base64-encoded).
156 */
157 passwordHash?: string;
158 /**
159 * The user's password salt (base64-encoded).
160 */
161 passwordSalt?: string;
162 /**
163 * The user's custom claims object if available, typically used to define
164 * user roles and propagated to an authenticated user's ID token.
165 */
166 customClaims?: Record<string, any>;
167 /**
168 * The ID of the tenant the user belongs to, if available.
169 */
170 tenantId?: string | null;
171 /**
172 * The date the user's tokens are valid after, formatted as a UTC string.
173 */
174 tokensValidAfterTime?: string;
175 /**
176 * The multi-factor related properties for the current user, if available.
177 */
178 multiFactor?: AuthMultiFactorSettings;
179}
180/** The additional user info component of the auth event context */
181export interface AdditionalUserInfo {
182 providerId?: string;
183 profile?: any;
184 username?: string;
185 isNewUser: boolean;
186 recaptchaScore?: number;
187 email?: string;
188 phoneNumber?: string;
189}
190/** The credential component of the auth event context */
191export interface Credential {
192 claims?: {
193 [key: string]: any;
194 };
195 idToken?: string;
196 accessToken?: string;
197 refreshToken?: string;
198 expirationTime?: string;
199 secret?: string;
200 providerId: string;
201 signInMethod: string;
202}
203/**
204 * Possible types of emails as described by the GCIP backend, which can be:
205 * - A sign-in email
206 * - A password reset email
207 */
208export type EmailType = "EMAIL_SIGN_IN" | "PASSWORD_RESET";
209/**
210 * The type of SMS message, which can be:
211 * - A sign-in or sign up SMS message
212 * - A multi-factor sign-in SMS message
213 * - A multi-factor enrollment SMS message
214 */
215export type SmsType = "SIGN_IN_OR_SIGN_UP" | "MULTI_FACTOR_SIGN_IN" | "MULTI_FACTOR_ENROLLMENT";
216/** Defines the auth event context for blocking events */
217export interface AuthEventContext extends EventContext {
218 locale?: string;
219 ipAddress: string;
220 userAgent: string;
221 additionalUserInfo?: AdditionalUserInfo;
222 credential?: Credential;
223 emailType?: EmailType;
224 smsType?: SmsType;
225}
226/** Defines the auth event for 2nd gen blocking events */
227export interface AuthBlockingEvent extends AuthEventContext {
228 data?: AuthUserRecord;
229}
230/** The reCAPTCHA action options. */
231export type RecaptchaActionOptions = "ALLOW" | "BLOCK";
232/** The handler response type for `beforeEmailSent` blocking events */
233export interface BeforeEmailResponse {
234 recaptchaActionOverride?: RecaptchaActionOptions;
235}
236/** The handler response type for `beforeSmsSent` blocking events */
237export interface BeforeSmsResponse {
238 recaptchaActionOverride?: RecaptchaActionOptions;
239}
240/** The handler response type for `beforeCreate` blocking events */
241export interface BeforeCreateResponse {
242 displayName?: string;
243 disabled?: boolean;
244 emailVerified?: boolean;
245 photoURL?: string;
246 customClaims?: object;
247 recaptchaActionOverride?: RecaptchaActionOptions;
248}
249/** The handler response type for `beforeSignIn` blocking events */
250export interface BeforeSignInResponse extends BeforeCreateResponse {
251 sessionClaims?: object;
252}
253export type MaybeAsync<T> = T | Promise<T>;
254export type HandlerV1 = (userOrContext: AuthUserRecord | AuthEventContext, context?: AuthEventContext) => MaybeAsync<BeforeCreateResponse | BeforeSignInResponse | BeforeEmailResponse | BeforeSmsResponse | void>;
255export type HandlerV2 = (event: AuthBlockingEvent) => MaybeAsync<BeforeCreateResponse | BeforeSignInResponse | BeforeEmailResponse | BeforeSmsResponse | void>;
256export type AuthBlockingEventHandler = (HandlerV1 | HandlerV2) & {
257 platform: "gcfv1" | "gcfv2";
258};