rs_firebase_admin_sdk/
lib.rs

1pub mod api_uri;
2pub mod auth;
3pub mod client;
4pub mod credentials;
5#[cfg(feature = "tokens")]
6pub mod jwt;
7pub mod util;
8
9use auth::FirebaseAuth;
10use client::ReqwestApiClient;
11use credentials::{GCPCredentialsError, emulator::EmulatorCredentials, get_project_id};
12use error_stack::{Report, ResultExt};
13pub use google_cloud_auth::credentials::CredentialsProvider;
14use google_cloud_auth::credentials::{AccessTokenCredentials, Builder};
15
16const FIREBASE_AUTH_SCOPES: [&str; 2] = [
17    "https://www.googleapis.com/auth/cloud-platform",
18    "https://www.googleapis.com/auth/userinfo.email",
19];
20
21pub type LiveAuthAdmin = FirebaseAuth<ReqwestApiClient<AccessTokenCredentials>>;
22/// Default Firebase Auth Emulator admin manager
23pub type EmulatorAuthAdmin = FirebaseAuth<ReqwestApiClient<EmulatorCredentials>>;
24
25/// Base privileged manager for Firebase
26pub struct App<C> {
27    credentials: C,
28    project_id: String,
29}
30
31impl App<EmulatorCredentials> {
32    /// Firebase app backend by emulator
33    pub fn emulated() -> Self {
34        let credentials = EmulatorCredentials::default();
35        Self {
36            project_id: credentials.project_id.clone(),
37            credentials,
38        }
39    }
40
41    /// Firebase authentication manager for emulator
42    pub fn auth(&self, emulator_url: String) -> EmulatorAuthAdmin {
43        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
44
45        FirebaseAuth::emulated(emulator_url, &self.credentials.project_id, client)
46    }
47
48    /// OIDC token verifier for emulator
49    #[cfg(feature = "tokens")]
50    pub fn id_token_verifier(&self) -> impl jwt::TokenValidator {
51        jwt::EmulatorValidator
52    }
53}
54
55impl App<AccessTokenCredentials> {
56    /// Create instance of Firebase app for live project
57    pub async fn live() -> Result<Self, Report<GCPCredentialsError>> {
58        let credentials = Builder::default()
59            .with_scopes(FIREBASE_AUTH_SCOPES)
60            .build_access_token_credentials()
61            .change_context(GCPCredentialsError)?;
62
63        let project_id = get_project_id(&credentials)
64            .await
65            .change_context(GCPCredentialsError)?;
66
67        Ok(Self {
68            credentials,
69            project_id,
70        })
71    }
72
73    /// Create Firebase authentication manager
74    pub fn auth(&self) -> LiveAuthAdmin {
75        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
76
77        FirebaseAuth::live(&self.project_id, client)
78    }
79
80    /// Create OIDC token verifier
81    #[cfg(feature = "tokens")]
82    pub async fn id_token_verifier(
83        &self,
84    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
85        let project_id = credentials::get_project_id(&self.credentials).await?;
86
87        jwt::LiveValidator::new_jwt_validator(project_id)
88            .change_context(credentials::GCPCredentialsError)
89    }
90
91    // /// Create cookie token verifier
92    #[cfg(feature = "tokens")]
93    pub async fn cookie_token_verifier(
94        &self,
95    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
96        let project_id = credentials::get_project_id(&self.credentials).await?;
97
98        jwt::LiveValidator::new_cookie_validator(project_id)
99            .change_context(credentials::GCPCredentialsError)
100    }
101}
rs_firebase_admin_sdk/lib.rs

rs_firebase_admin_sdk/
lib.rs
