rs-firebase-admin-sdk 4.2.1

Firebase Admin SDK for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

pub mod api_uri;
pub mod auth;
pub mod client;
pub mod credentials;
#[cfg(feature = "tokens")]
pub mod jwt;
pub mod util;

use auth::FirebaseAuth;
use client::ReqwestApiClient;
use core::marker::PhantomData;
use credentials::{GCPCredentialsError, emulator::EmulatorCredentials, get_project_id};
use error_stack::{Report, ResultExt};
use google_cloud_auth::credentials::{AccessTokenCredentials, Builder};
pub use google_cloud_auth::credentials::{Credentials, CredentialsProvider};

const FIREBASE_AUTH_SCOPES: [&str; 2] = [
    "https://www.googleapis.com/auth/cloud-platform",
    "https://www.googleapis.com/auth/userinfo.email",
];

/// Base privileged manager for Firebase
pub struct App<C> {
    credentials: Credentials,
    project_id: String,
    _credentials_provider: PhantomData<C>,
}

impl App<EmulatorCredentials> {
    /// Firebase app backend by emulator
    pub fn emulated() -> Self {
        let credentials = EmulatorCredentials::default();
        Self {
            project_id: credentials.project_id.clone(),
            credentials: credentials.into(),
            _credentials_provider: PhantomData,
        }
    }

    /// Firebase authentication manager for emulator
    pub fn auth(&self, emulator_url: String) -> FirebaseAuth<ReqwestApiClient> {
        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());

        FirebaseAuth::emulated(emulator_url, &self.project_id, client)
    }

    /// OIDC token verifier for emulator
    #[cfg(feature = "tokens")]
    pub fn id_token_verifier(&self) -> impl jwt::TokenValidator {
        jwt::EmulatorValidator
    }
}

impl App<AccessTokenCredentials> {
    /// Create instance of Firebase app for live project with an explicit project ID,
    /// bypassing environment variable and credential header resolution.
    pub async fn live_with_project_id(
        project_id: &str,
    ) -> Result<Self, Report<GCPCredentialsError>> {
        let credentials: Credentials = Builder::default()
            .with_scopes(FIREBASE_AUTH_SCOPES)
            .build_access_token_credentials()
            .change_context(GCPCredentialsError)?
            .into();

        Ok(Self {
            credentials,
            project_id: project_id.to_string(),
            _credentials_provider: PhantomData,
        })
    }

    /// Create instance of Firebase app for live project
    pub async fn live() -> Result<Self, Report<GCPCredentialsError>> {
        let credentials: Credentials = Builder::default()
            .with_scopes(FIREBASE_AUTH_SCOPES)
            .build_access_token_credentials()
            .change_context(GCPCredentialsError)?
            .into();

        let project_id = get_project_id(&credentials)
            .await
            .change_context(GCPCredentialsError)?;

        Ok(Self {
            credentials,
            project_id,
            _credentials_provider: PhantomData,
        })
    }

    /// Create Firebase authentication manager
    pub fn auth(&self) -> FirebaseAuth<ReqwestApiClient> {
        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());

        FirebaseAuth::live(&self.project_id, client)
    }

    /// Create OIDC token verifier
    #[cfg(feature = "tokens")]
    pub async fn id_token_verifier(
        &self,
    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
        jwt::LiveValidator::new_jwt_validator(self.project_id.clone())
            .change_context(credentials::GCPCredentialsError)
    }

    /// Create cookie token verifier
    #[cfg(feature = "tokens")]
    pub async fn cookie_token_verifier(
        &self,
    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
        jwt::LiveValidator::new_cookie_validator(self.project_id.clone())
            .change_context(credentials::GCPCredentialsError)
    }
}