UNPKG

firebase-functions/lib/common/providers/https.d.ts

Version:

8.56 kBTypeScriptView Raw

1/// <reference types="node" />
2import * as express from "express";
3import { DecodedAppCheckToken } from "firebase-admin/app-check";
4import { DecodedIdToken } from "firebase-admin/auth";
5import { TaskContext } from "./tasks";
6/** An express request with the wire format representation of the request body. */
7export interface Request extends express.Request {
  /** The wire format representation of the request body. */
  rawBody: Buffer;
10}
11/**
* The interface for AppCheck tokens verified in Callable functions
*/
14export interface AppCheckData {
  /**
   * The app ID of a Firebase App attested by the App Check token.
   */
  appId: string;
  /**
   * Decoded App Check token.
   */
  token: DecodedAppCheckToken;
  /**
   * Indicates if the token has been consumed.
   *
   * @remarks
   * `false` value indicates that this is the first time the App Check service has seen this token and marked the
   * token as consumed for future use of the token.
   *
   * `true` value indicates the token has previously been marked as consumed by the App Check service. In this case,
   *  consider taking extra precautions, such as rejecting the request or requiring additional security checks.
   */
  alreadyConsumed?: boolean;
34}
35/**
* The interface for Auth tokens verified in Callable functions
*/
38export interface AuthData {
  uid: string;
  token: DecodedIdToken;
41}
42/**
* The interface for metadata for the API as passed to the handler.
*/
45export interface CallableContext {
  /**
   * The result of decoding and verifying a Firebase AppCheck token.
   */
  app?: AppCheckData;
  /**
   * The result of decoding and verifying a Firebase Auth ID token.
   */
  auth?: AuthData;
  /**
   * An unverified token for a Firebase Instance ID.
   */
  instanceIdToken?: string;
  /**
   * The raw request handled by the callable.
   */
  rawRequest: Request;
62}
63/**
* The request used to call a callable function.
*/
66export interface CallableRequest<T = any> {
  /**
   * The parameters used by a client when calling this function.
   */
  data: T;
  /**
   * The result of decoding and verifying a Firebase AppCheck token.
   */
  app?: AppCheckData;
  /**
   * The result of decoding and verifying a Firebase Auth ID token.
   */
  auth?: AuthData;
  /**
   * An unverified token for a Firebase Instance ID.
   */
  instanceIdToken?: string;
  /**
   * The raw request handled by the callable.
   */
  rawRequest: Request;
  /**
   * Whether this is a streaming request.
   * Code can be optimized by not trying to generate a stream of chunks to
   * call response.sendChunk on if request.acceptsStreaming is false.
   * It is always safe, however, to call response.sendChunk as this will
   * noop if acceptsStreaming is false.
   */
  acceptsStreaming: boolean;
95}
96/**
* CallableProxyResponse allows streaming response chunks and listening to signals
* triggered in events such as a disconnect.
*/
100export interface CallableResponse<T = unknown> {
  /**
   * Writes a chunk of the response body to the client. This method can be called
   * multiple times to stream data progressively.
   * Returns a promise of whether the data was written. This can be false, for example,
   * if the request was not a streaming request. Rejects if there is a network error.
   */
  sendChunk: (chunk: T) => Promise<boolean>;
  /**
   * An AbortSignal that is triggered when the client disconnects or the
   * request is terminated prematurely.
   */
  signal: AbortSignal;
113}
114/**
* The set of Firebase Functions status codes. The codes are the same at the
* ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md | gRPC}.
*
* @remarks
* Possible values:
*
* - `cancelled`: The operation was cancelled (typically by the caller).
*
* - `unknown`: Unknown error or an error from a different error domain.
*
* - `invalid-argument`: Client specified an invalid argument. Note that this
*   differs from `failed-precondition`. `invalid-argument` indicates
*   arguments that are problematic regardless of the state of the system
*   (e.g. an invalid field name).
*
* - `deadline-exceeded`: Deadline expired before operation could complete.
*   For operations that change the state of the system, this error may be
*   returned even if the operation has completed successfully. For example,
*   a successful response from a server could have been delayed long enough
*   for the deadline to expire.
*
* - `not-found`: Some requested document was not found.
*
* - `already-exists`: Some document that we attempted to create already
*   exists.
*
* - `permission-denied`: The caller does not have permission to execute the
*   specified operation.
*
* - `resource-exhausted`: Some resource has been exhausted, perhaps a
*   per-user quota, or perhaps the entire file system is out of space.
*
* - `failed-precondition`: Operation was rejected because the system is not
*   in a state required for the operation's execution.
*
* - `aborted`: The operation was aborted, typically due to a concurrency
*   issue like transaction aborts, etc.
*
* - `out-of-range`: Operation was attempted past the valid range.
*
* - `unimplemented`: Operation is not implemented or not supported/enabled.
*
* - `internal`: Internal errors. Means some invariants expected by
*   underlying system has been broken. If you see one of these errors,
*   something is very broken.
*
* - `unavailable`: The service is currently unavailable. This is most likely
*   a transient condition and may be corrected by retrying with a backoff.
*
* - `data-loss`: Unrecoverable data loss or corruption.
*
* - `unauthenticated`: The request does not have valid authentication
*   credentials for the operation.
*/
169export type FunctionsErrorCode = "ok" | "cancelled" | "unknown" | "invalid-argument" | "deadline-exceeded" | "not-found" | "already-exists" | "permission-denied" | "resource-exhausted" | "failed-precondition" | "aborted" | "out-of-range" | "unimplemented" | "internal" | "unavailable" | "data-loss" | "unauthenticated";
170/** @hidden */
171export type CanonicalErrorCodeName = "OK" | "CANCELLED" | "UNKNOWN" | "INVALID_ARGUMENT" | "DEADLINE_EXCEEDED" | "NOT_FOUND" | "ALREADY_EXISTS" | "PERMISSION_DENIED" | "UNAUTHENTICATED" | "RESOURCE_EXHAUSTED" | "FAILED_PRECONDITION" | "ABORTED" | "OUT_OF_RANGE" | "UNIMPLEMENTED" | "INTERNAL" | "UNAVAILABLE" | "DATA_LOSS";
172/** @hidden */
173interface HttpErrorCode {
  canonicalName: CanonicalErrorCodeName;
  status: number;
176}
177/** @hidden */
178interface HttpErrorWireFormat {
  details?: unknown;
  message: string;
  status: CanonicalErrorCodeName;
182}
183/**
* An explicit error that can be thrown from a handler to send an error to the
* client that called the function.
*/
187export declare class HttpsError extends Error {
  /**
   * A standard error code that will be returned to the client. This also
   * determines the HTTP status code of the response, as defined in code.proto.
   */
  readonly code: FunctionsErrorCode;
  /**
   * Extra data to be converted to JSON and included in the error response.
   */
  readonly details: unknown;
  /**
   * A wire format representation of a provided error code.
   *
   * @hidden
   */
  readonly httpErrorCode: HttpErrorCode;
  constructor(code: FunctionsErrorCode, message: string, details?: unknown);
  /**
   * Returns a JSON-serializable representation of this object.
   */
  toJSON(): HttpErrorWireFormat;
208}
209/** @hidden */
210interface HttpRequest extends Request {
  body: {
      data: any;
  };
214}
215/** @hidden */
216export declare function isValidRequest(req: Request): req is HttpRequest;
217/**
* Encodes arbitrary data in our special format for JSON.
* This is exposed only for testing.
*/
221/** @hidden */
222export declare function encode(data: any): any;
223/**
* Decodes our special format for JSON into native types.
* This is exposed only for testing.
*/
227/** @hidden */
228export declare function decode(data: any): any;
229/**
* Be careful when changing token status values.
*
* Users are encouraged to setup log-based metric based on these values, and
* changing their values may cause their metrics to break.
*
*/
236/** @hidden */
237type TokenStatus = "MISSING" | "VALID" | "INVALID";
238/** @interanl */
239export declare function checkAuthToken(req: Request, ctx: CallableContext | TaskContext): Promise<TokenStatus>;
240export {};

1	`/// <reference types="node" />`
2	`import * as express from "express";`
3	`import { DecodedAppCheckToken } from "firebase-admin/app-check";`
4	`import { DecodedIdToken } from "firebase-admin/auth";`
5	`import { TaskContext } from "./tasks";`
6	`/** An express request with the wire format representation of the request body. */`
7	`export interface Request extends express.Request {`
8	`/** The wire format representation of the request body. */`
9	`rawBody: Buffer;`
10	`}`
11	`/**`
12	`* The interface for AppCheck tokens verified in Callable functions`
13	`*/`
14	`export interface AppCheckData {`
15	`/**`
16	`* The app ID of a Firebase App attested by the App Check token.`
17	`*/`
18	`appId: string;`
19	`/**`
20	`* Decoded App Check token.`
21	`*/`
22	`token: DecodedAppCheckToken;`
23	`/**`
24	`* Indicates if the token has been consumed.`
25	`*`
26	`* @remarks`
27	* `false` value indicates that this is the first time the App Check service has seen this token and marked the
28	`* token as consumed for future use of the token.`
29	`*`
30	* `true` value indicates the token has previously been marked as consumed by the App Check service. In this case,
31	`* consider taking extra precautions, such as rejecting the request or requiring additional security checks.`
32	`*/`
33	`alreadyConsumed?: boolean;`
34	`}`
35	`/**`
36	`* The interface for Auth tokens verified in Callable functions`
37	`*/`
38	`export interface AuthData {`
39	`uid: string;`
40	`token: DecodedIdToken;`
41	`}`
42	`/**`
43	`* The interface for metadata for the API as passed to the handler.`
44	`*/`
45	`export interface CallableContext {`
46	`/**`
47	`* The result of decoding and verifying a Firebase AppCheck token.`
48	`*/`
49	`app?: AppCheckData;`
50	`/**`
51	`* The result of decoding and verifying a Firebase Auth ID token.`
52	`*/`
53	`auth?: AuthData;`
54	`/**`
55	`* An unverified token for a Firebase Instance ID.`
56	`*/`
57	`instanceIdToken?: string;`
58	`/**`
59	`* The raw request handled by the callable.`
60	`*/`
61	`rawRequest: Request;`
62	`}`
63	`/**`
64	`* The request used to call a callable function.`
65	`*/`
66	`export interface CallableRequest<T = any> {`
67	`/**`
68	`* The parameters used by a client when calling this function.`
69	`*/`
70	`data: T;`
71	`/**`
72	`* The result of decoding and verifying a Firebase AppCheck token.`
73	`*/`
74	`app?: AppCheckData;`
75	`/**`
76	`* The result of decoding and verifying a Firebase Auth ID token.`
77	`*/`
78	`auth?: AuthData;`
79	`/**`
80	`* An unverified token for a Firebase Instance ID.`
81	`*/`
82	`instanceIdToken?: string;`
83	`/**`
84	`* The raw request handled by the callable.`
85	`*/`
86	`rawRequest: Request;`
87	`/**`
88	`* Whether this is a streaming request.`
89	`* Code can be optimized by not trying to generate a stream of chunks to`
90	`* call response.sendChunk on if request.acceptsStreaming is false.`
91	`* It is always safe, however, to call response.sendChunk as this will`
92	`* noop if acceptsStreaming is false.`
93	`*/`
94	`acceptsStreaming: boolean;`
95	`}`
96	`/**`
97	`* CallableProxyResponse allows streaming response chunks and listening to signals`
98	`* triggered in events such as a disconnect.`
99	`*/`
100	`export interface CallableResponse<T = unknown> {`
101	`/**`
102	`* Writes a chunk of the response body to the client. This method can be called`
103	`* multiple times to stream data progressively.`
104	`* Returns a promise of whether the data was written. This can be false, for example,`
105	`* if the request was not a streaming request. Rejects if there is a network error.`
106	`*/`
107	`sendChunk: (chunk: T) => Promise<boolean>;`
108	`/**`
109	`* An AbortSignal that is triggered when the client disconnects or the`
110	`* request is terminated prematurely.`
111	`*/`
112	`signal: AbortSignal;`
113	`}`
114	`/**`
115	`* The set of Firebase Functions status codes. The codes are the same at the`
116	`* ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md \| gRPC}.`
117	`*`
118	`* @remarks`
119	`* Possible values:`
120	`*`
121	* - `cancelled`: The operation was cancelled (typically by the caller).
122	`*`
123	* - `unknown`: Unknown error or an error from a different error domain.
124	`*`
125	* - `invalid-argument`: Client specified an invalid argument. Note that this
126	* differs from `failed-precondition`. `invalid-argument` indicates
127	`* arguments that are problematic regardless of the state of the system`
128	`* (e.g. an invalid field name).`
129	`*`
130	* - `deadline-exceeded`: Deadline expired before operation could complete.
131	`* For operations that change the state of the system, this error may be`
132	`* returned even if the operation has completed successfully. For example,`
133	`* a successful response from a server could have been delayed long enough`
134	`* for the deadline to expire.`
135	`*`
136	* - `not-found`: Some requested document was not found.
137	`*`
138	* - `already-exists`: Some document that we attempted to create already
139	`* exists.`
140	`*`
141	* - `permission-denied`: The caller does not have permission to execute the
142	`* specified operation.`
143	`*`
144	* - `resource-exhausted`: Some resource has been exhausted, perhaps a
145	`* per-user quota, or perhaps the entire file system is out of space.`
146	`*`
147	* - `failed-precondition`: Operation was rejected because the system is not
148	`* in a state required for the operation's execution.`
149	`*`
150	* - `aborted`: The operation was aborted, typically due to a concurrency
151	`* issue like transaction aborts, etc.`
152	`*`
153	* - `out-of-range`: Operation was attempted past the valid range.
154	`*`
155	* - `unimplemented`: Operation is not implemented or not supported/enabled.
156	`*`
157	* - `internal`: Internal errors. Means some invariants expected by
158	`* underlying system has been broken. If you see one of these errors,`
159	`* something is very broken.`
160	`*`
161	* - `unavailable`: The service is currently unavailable. This is most likely
162	`* a transient condition and may be corrected by retrying with a backoff.`
163	`*`
164	* - `data-loss`: Unrecoverable data loss or corruption.
165	`*`
166	* - `unauthenticated`: The request does not have valid authentication
167	`* credentials for the operation.`
168	`*/`
169	`export type FunctionsErrorCode = "ok" \| "cancelled" \| "unknown" \| "invalid-argument" \| "deadline-exceeded" \| "not-found" \| "already-exists" \| "permission-denied" \| "resource-exhausted" \| "failed-precondition" \| "aborted" \| "out-of-range" \| "unimplemented" \| "internal" \| "unavailable" \| "data-loss" \| "unauthenticated";`
170	`/** @hidden */`
171	`export type CanonicalErrorCodeName = "OK" \| "CANCELLED" \| "UNKNOWN" \| "INVALID_ARGUMENT" \| "DEADLINE_EXCEEDED" \| "NOT_FOUND" \| "ALREADY_EXISTS" \| "PERMISSION_DENIED" \| "UNAUTHENTICATED" \| "RESOURCE_EXHAUSTED" \| "FAILED_PRECONDITION" \| "ABORTED" \| "OUT_OF_RANGE" \| "UNIMPLEMENTED" \| "INTERNAL" \| "UNAVAILABLE" \| "DATA_LOSS";`
172	`/** @hidden */`
173	`interface HttpErrorCode {`
174	`canonicalName: CanonicalErrorCodeName;`
175	`status: number;`
176	`}`
177	`/** @hidden */`
178	`interface HttpErrorWireFormat {`
179	`details?: unknown;`
180	`message: string;`
181	`status: CanonicalErrorCodeName;`
182	`}`
183	`/**`
184	`* An explicit error that can be thrown from a handler to send an error to the`
185	`* client that called the function.`
186	`*/`
187	`export declare class HttpsError extends Error {`
188	`/**`
189	`* A standard error code that will be returned to the client. This also`
190	`* determines the HTTP status code of the response, as defined in code.proto.`
191	`*/`
192	`readonly code: FunctionsErrorCode;`
193	`/**`
194	`* Extra data to be converted to JSON and included in the error response.`
195	`*/`
196	`readonly details: unknown;`
197	`/**`
198	`* A wire format representation of a provided error code.`
199	`*`
200	`* @hidden`
201	`*/`
202	`readonly httpErrorCode: HttpErrorCode;`
203	`constructor(code: FunctionsErrorCode, message: string, details?: unknown);`
204	`/**`
205	`* Returns a JSON-serializable representation of this object.`
206	`*/`
207	`toJSON(): HttpErrorWireFormat;`
208	`}`
209	`/** @hidden */`
210	`interface HttpRequest extends Request {`
211	`body: {`
212	`data: any;`
213	`};`
214	`}`
215	`/** @hidden */`
216	`export declare function isValidRequest(req: Request): req is HttpRequest;`
217	`/**`
218	`* Encodes arbitrary data in our special format for JSON.`
219	`* This is exposed only for testing.`
220	`*/`
221	`/** @hidden */`
222	`export declare function encode(data: any): any;`
223	`/**`
224	`* Decodes our special format for JSON into native types.`
225	`* This is exposed only for testing.`
226	`*/`
227	`/** @hidden */`
228	`export declare function decode(data: any): any;`
229	`/**`
230	`* Be careful when changing token status values.`
231	`*`
232	`* Users are encouraged to setup log-based metric based on these values, and`
233	`* changing their values may cause their metrics to break.`
234	`*`
235	`*/`
236	`/** @hidden */`
237	`type TokenStatus = "MISSING" \| "VALID" \| "INVALID";`
238	`/** @interanl */`
239	`export declare function checkAuthToken(req: Request, ctx: CallableContext \| TaskContext): Promise<TokenStatus>;`
240	`export {};`