rs_firebase_admin_sdk/
lib.rs

1pub mod api_uri;
2pub mod auth;
3pub mod client;
4pub mod credentials;
5#[cfg(feature = "tokens")]
6pub mod jwt;
7pub mod util;
8
9use auth::FirebaseAuth;
10use client::ReqwestApiClient;
11use core::marker::PhantomData;
12use credentials::{GCPCredentialsError, emulator::EmulatorCredentials, get_project_id};
13use error_stack::{Report, ResultExt};
14use google_cloud_auth::credentials::{AccessTokenCredentials, Builder};
15pub use google_cloud_auth::credentials::{Credentials, CredentialsProvider};
16
17const FIREBASE_AUTH_SCOPES: [&str; 2] = [
18    "https://www.googleapis.com/auth/cloud-platform",
19    "https://www.googleapis.com/auth/userinfo.email",
20];
21
22/// Base privileged manager for Firebase
23pub struct App<C> {
24    credentials: Credentials,
25    project_id: String,
26    _credentials_provider: PhantomData<C>,
27}
28
29impl App<EmulatorCredentials> {
30    /// Firebase app backend by emulator
31    pub fn emulated() -> Self {
32        let credentials = EmulatorCredentials::default();
33        Self {
34            project_id: credentials.project_id.clone(),
35            credentials: credentials.into(),
36            _credentials_provider: PhantomData,
37        }
38    }
39
40    /// Firebase authentication manager for emulator
41    pub fn auth(&self, emulator_url: String) -> FirebaseAuth<ReqwestApiClient> {
42        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
43
44        FirebaseAuth::emulated(emulator_url, &self.project_id, client)
45    }
46
47    /// OIDC token verifier for emulator
48    #[cfg(feature = "tokens")]
49    pub fn id_token_verifier(&self) -> impl jwt::TokenValidator {
50        jwt::EmulatorValidator
51    }
52}
53
54impl App<AccessTokenCredentials> {
55    /// Create instance of Firebase app for live project
56    pub async fn live() -> Result<Self, Report<GCPCredentialsError>> {
57        let credentials: Credentials = Builder::default()
58            .with_scopes(FIREBASE_AUTH_SCOPES)
59            .build_access_token_credentials()
60            .change_context(GCPCredentialsError)?
61            .into();
62
63        let project_id = get_project_id(&credentials)
64            .await
65            .change_context(GCPCredentialsError)?;
66
67        Ok(Self {
68            credentials,
69            project_id,
70            _credentials_provider: PhantomData,
71        })
72    }
73
74    /// Create Firebase authentication manager
75    pub fn auth(&self) -> FirebaseAuth<ReqwestApiClient> {
76        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
77
78        FirebaseAuth::live(&self.project_id, client)
79    }
80
81    /// Create OIDC token verifier
82    #[cfg(feature = "tokens")]
83    pub async fn id_token_verifier(
84        &self,
85    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
86        let project_id = credentials::get_project_id(&self.credentials).await?;
87
88        jwt::LiveValidator::new_jwt_validator(project_id)
89            .change_context(credentials::GCPCredentialsError)
90    }
91
92    // /// Create cookie token verifier
93    #[cfg(feature = "tokens")]
94    pub async fn cookie_token_verifier(
95        &self,
96    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
97        let project_id = credentials::get_project_id(&self.credentials).await?;
98
99        jwt::LiveValidator::new_cookie_validator(project_id)
100            .change_context(credentials::GCPCredentialsError)
101    }
102}
rs_firebase_admin_sdk/lib.rs

rs_firebase_admin_sdk/
lib.rs
