rs_firebase_admin_sdk/
lib.rs

1pub mod api_uri;
2pub mod auth;
3pub mod client;
4pub mod credentials;
5#[cfg(feature = "tokens")]
6pub mod jwt;
7pub mod util;
8
9use auth::FirebaseAuth;
10use client::ReqwestApiClient;
11use credentials::{GCPCredentialsError, emulator::EmulatorCredentials, get_project_id};
12use error_stack::{Report, ResultExt};
13use google_cloud_auth::credentials::{AccessTokenCredentials, Builder};
14
15const FIREBASE_AUTH_SCOPES: [&str; 2] = [
16    "https://www.googleapis.com/auth/cloud-platform",
17    "https://www.googleapis.com/auth/userinfo.email",
18];
19
20pub type LiveAuthAdmin = FirebaseAuth<ReqwestApiClient<AccessTokenCredentials>>;
21/// Default Firebase Auth Emulator admin manager
22pub type EmulatorAuthAdmin = FirebaseAuth<ReqwestApiClient<EmulatorCredentials>>;
23
24/// Base privileged manager for Firebase
25pub struct App<C> {
26    credentials: C,
27    project_id: String,
28}
29
30impl App<EmulatorCredentials> {
31    /// Firebase app backend by emulator
32    pub fn emulated() -> Self {
33        let credentials = EmulatorCredentials::default();
34        Self {
35            project_id: credentials.project_id.clone(),
36            credentials,
37        }
38    }
39
40    /// Firebase authentication manager for emulator
41    pub fn auth(&self, emulator_url: String) -> EmulatorAuthAdmin {
42        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
43
44        FirebaseAuth::emulated(emulator_url, &self.credentials.project_id, client)
45    }
46
47    /// OIDC token verifier for emulator
48    #[cfg(feature = "tokens")]
49    pub fn id_token_verifier(&self) -> impl jwt::TokenValidator {
50        jwt::EmulatorValidator
51    }
52}
53
54impl App<AccessTokenCredentials> {
55    /// Create instance of Firebase app for live project
56    pub async fn live() -> Result<Self, Report<GCPCredentialsError>> {
57        let credentials = Builder::default()
58            .with_scopes(FIREBASE_AUTH_SCOPES)
59            .build_access_token_credentials()
60            .change_context(GCPCredentialsError)?;
61
62        let project_id = get_project_id(&credentials)
63            .await
64            .change_context(GCPCredentialsError)?;
65
66        Ok(Self {
67            credentials,
68            project_id,
69        })
70    }
71
72    /// Create Firebase authentication manager
73    pub fn auth(&self) -> LiveAuthAdmin {
74        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
75
76        FirebaseAuth::live(&self.project_id, client)
77    }
78
79    /// Create OIDC token verifier
80    #[cfg(feature = "tokens")]
81    pub async fn id_token_verifier(
82        &self,
83    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
84        let project_id = credentials::get_project_id(&self.credentials).await?;
85
86        jwt::LiveValidator::new_jwt_validator(project_id)
87            .change_context(credentials::GCPCredentialsError)
88    }
89
90    // /// Create cookie token verifier
91    #[cfg(feature = "tokens")]
92    pub async fn cookie_token_verifier(
93        &self,
94    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
95        let project_id = credentials::get_project_id(&self.credentials).await?;
96
97        jwt::LiveValidator::new_cookie_validator(project_id)
98            .change_context(credentials::GCPCredentialsError)
99    }
100}