///
import * as express from 'express';
import * as firebase from 'firebase-admin';
import { TaskContext } from './tasks';
/** @hidden */
export interface Request extends express.Request {
/** The wire format representation of the request body. */
rawBody: Buffer;
}
interface DecodedAppCheckToken {
/**
* The issuer identifier for the issuer of the response.
*
* This value is a URL with the format
* `https://firebaseappcheck.googleapis.com/`, where `` is the
* same project number specified in the [`aud`](#aud) property.
*/
iss: string;
/**
* The Firebase App ID corresponding to the app the token belonged to.
*
* As a convenience, this value is copied over to the [`app_id`](#app_id) property.
*/
sub: string;
/**
* The audience for which this token is intended.
*
* This value is a JSON array of two strings, the first is the project number of your
* Firebase project, and the second is the project ID of the same project.
*/
aud: string[];
/**
* The App Check token's expiration time, in seconds since the Unix epoch. That is, the
* time at which this App Check token expires and should no longer be considered valid.
*/
exp: number;
/**
* The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
* time at which this App Check token was issued and should start to be considered
* valid.;
*/
iat: number;
/**
* The App ID corresponding to the App the App Check token belonged to.
*
* This value is not actually one of the JWT token claims. It is added as a
* convenience, and is set as the value of the [`sub`](#sub) property.
*/
app_id: string;
[key: string]: any;
}
/**
* The interface for AppCheck tokens verified in Callable functions
*/
export interface AppCheckData {
appId: string;
token: DecodedAppCheckToken;
}
/**
* The interface for Auth tokens verified in Callable functions
*/
export interface AuthData {
uid: string;
token: firebase.auth.DecodedIdToken;
}
/**
* The interface for metadata for the API as passed to the handler.
*/
export interface CallableContext {
/**
* The result of decoding and verifying a Firebase AppCheck token.
*/
app?: AppCheckData;
/**
* The result of decoding and verifying a Firebase Auth ID token.
*/
auth?: AuthData;
/**
* An unverified token for a Firebase Instance ID.
*/
instanceIdToken?: string;
/**
* The raw request handled by the callable.
*/
rawRequest: Request;
}
/**
* The request used to call a callable function.
*/
export interface CallableRequest {
/**
* The parameters used by a client when calling this function.
*/
data: T;
/**
* The result of decoding and verifying a Firebase AppCheck token.
*/
app?: AppCheckData;
/**
* The result of decoding and verifying a Firebase Auth ID token.
*/
auth?: AuthData;
/**
* An unverified token for a Firebase Instance ID.
*/
instanceIdToken?: string;
/**
* The raw request handled by the callable.
*/
rawRequest: Request;
}
/**
* The set of Firebase Functions status codes. The codes are the same at the
* ones exposed by gRPC here:
* https://github.com/grpc/grpc/blob/master/doc/statuscodes.md
*
* Possible values:
*
* - `cancelled`: The operation was cancelled (typically by the caller).
*
* - `unknown`: Unknown error or an error from a different error domain.
*
* - `invalid-argument`: Client specified an invalid argument. Note that this
* differs from `failed-precondition`. `invalid-argument` indicates
* arguments that are problematic regardless of the state of the system
* (e.g. an invalid field name).
*
* - `deadline-exceeded`: Deadline expired before operation could complete.
* For operations that change the state of the system, this error may be
* returned even if the operation has completed successfully. For example,
* a successful response from a server could have been delayed long enough
* for the deadline to expire.
*
* - `not-found`: Some requested document was not found.
*
* - `already-exists`: Some document that we attempted to create already
* exists.
*
* - `permission-denied`: The caller does not have permission to execute the
* specified operation.
*
* - `resource-exhausted`: Some resource has been exhausted, perhaps a
* per-user quota, or perhaps the entire file system is out of space.
*
* - `failed-precondition`: Operation was rejected because the system is not
* in a state required for the operation's execution.
*
* - `aborted`: The operation was aborted, typically due to a concurrency
* issue like transaction aborts, etc.
*
* - `out-of-range`: Operation was attempted past the valid range.
*
* - `unimplemented`: Operation is not implemented or not supported/enabled.
*
* - `internal`: Internal errors. Means some invariants expected by
* underlying system has been broken. If you see one of these errors,
* something is very broken.
*
* - `unavailable`: The service is currently unavailable. This is most likely
* a transient condition and may be corrected by retrying with a backoff.
*
* - `data-loss`: Unrecoverable data loss or corruption.
*
* - `unauthenticated`: The request does not have valid authentication
* credentials for the operation.
*/
export declare type FunctionsErrorCode = 'ok' | 'cancelled' | 'unknown' | 'invalid-argument' | 'deadline-exceeded' | 'not-found' | 'already-exists' | 'permission-denied' | 'resource-exhausted' | 'failed-precondition' | 'aborted' | 'out-of-range' | 'unimplemented' | 'internal' | 'unavailable' | 'data-loss' | 'unauthenticated';
/** @hidden */
export declare type CanonicalErrorCodeName = 'OK' | 'CANCELLED' | 'UNKNOWN' | 'INVALID_ARGUMENT' | 'DEADLINE_EXCEEDED' | 'NOT_FOUND' | 'ALREADY_EXISTS' | 'PERMISSION_DENIED' | 'UNAUTHENTICATED' | 'RESOURCE_EXHAUSTED' | 'FAILED_PRECONDITION' | 'ABORTED' | 'OUT_OF_RANGE' | 'UNIMPLEMENTED' | 'INTERNAL' | 'UNAVAILABLE' | 'DATA_LOSS';
/** @hidden */
interface HttpErrorCode {
canonicalName: CanonicalErrorCodeName;
status: number;
}
/** @hidden */
interface HttpErrorWireFormat {
details?: unknown;
message: string;
status: CanonicalErrorCodeName;
}
/**
* An explicit error that can be thrown from a handler to send an error to the
* client that called the function.
*/
export declare class HttpsError extends Error {
/**
* A standard error code that will be returned to the client. This also
* determines the HTTP status code of the response, as defined in code.proto.
*/
readonly code: FunctionsErrorCode;
/**
* Extra data to be converted to JSON and included in the error response.
*/
readonly details: unknown;
/**
* A wire format representation of a provided error code.
*
* @hidden
*/
readonly httpErrorCode: HttpErrorCode;
constructor(code: FunctionsErrorCode, message: string, details?: unknown);
/**
* Returns a JSON-serializable representation of this object.
*/
toJSON(): HttpErrorWireFormat;
}
/** @hidden */
interface HttpRequest extends Request {
body: {
data: any;
};
}
/** @hidden */
export declare function isValidRequest(req: Request): req is HttpRequest;
/**
* Encodes arbitrary data in our special format for JSON.
* This is exposed only for testing.
*/
/** @hidden */
export declare function encode(data: any): any;
/**
* Decodes our special format for JSON into native types.
* This is exposed only for testing.
*/
/** @hidden */
export declare function decode(data: any): any;
/**
* Be careful when changing token status values.
*
* Users are encouraged to setup log-based metric based on these values, and
* changing their values may cause their metrics to break.
*
*/
/** @hidden */
declare type TokenStatus = 'MISSING' | 'VALID' | 'INVALID';
/** @interanl */
export declare function checkAuthToken(req: Request, ctx: CallableContext | TaskContext): Promise;
export {};