Skip to main content

rs_firebase_admin_sdk/
lib.rs

1pub mod api_uri;
2pub mod auth;
3pub mod client;
4pub mod credentials;
5#[cfg(feature = "tokens")]
6pub mod jwt;
7pub mod util;
8
9use auth::FirebaseAuth;
10use client::ReqwestApiClient;
11use core::marker::PhantomData;
12use credentials::{GCPCredentialsError, emulator::EmulatorCredentials, get_project_id};
13use error_stack::{Report, ResultExt};
14use google_cloud_auth::credentials::{AccessTokenCredentials, Builder};
15pub use google_cloud_auth::credentials::{Credentials, CredentialsProvider};
16
17const FIREBASE_AUTH_SCOPES: [&str; 2] = [
18    "https://www.googleapis.com/auth/cloud-platform",
19    "https://www.googleapis.com/auth/userinfo.email",
20];
21
22/// Base privileged manager for Firebase
23pub struct App<C> {
24    credentials: Credentials,
25    project_id: String,
26    _credentials_provider: PhantomData<C>,
27}
28
29impl App<EmulatorCredentials> {
30    /// Firebase app backend by emulator
31    pub fn emulated() -> Self {
32        let credentials = EmulatorCredentials::default();
33        Self {
34            project_id: credentials.project_id.clone(),
35            credentials: credentials.into(),
36            _credentials_provider: PhantomData,
37        }
38    }
39
40    /// Firebase authentication manager for emulator
41    pub fn auth(&self, emulator_url: String) -> FirebaseAuth<ReqwestApiClient> {
42        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
43
44        FirebaseAuth::emulated(emulator_url, &self.project_id, client)
45    }
46
47    /// OIDC token verifier for emulator
48    #[cfg(feature = "tokens")]
49    pub fn id_token_verifier(&self) -> impl jwt::TokenValidator {
50        jwt::EmulatorValidator
51    }
52}
53
54impl App<AccessTokenCredentials> {
55    /// Create instance of Firebase app for live project with an explicit project ID,
56    /// bypassing environment variable and credential header resolution.
57    pub fn live_with_project_id(project_id: &str) -> Result<Self, Report<GCPCredentialsError>> {
58        let credentials: Credentials = Builder::default()
59            .with_scopes(FIREBASE_AUTH_SCOPES)
60            .build_access_token_credentials()
61            .change_context(GCPCredentialsError)?
62            .into();
63
64        Ok(Self {
65            credentials,
66            project_id: project_id.to_string(),
67            _credentials_provider: PhantomData,
68        })
69    }
70
71    /// Create instance of Firebase app for live project
72    pub async fn live() -> Result<Self, Report<GCPCredentialsError>> {
73        let credentials: Credentials = Builder::default()
74            .with_scopes(FIREBASE_AUTH_SCOPES)
75            .build_access_token_credentials()
76            .change_context(GCPCredentialsError)?
77            .into();
78
79        let project_id = get_project_id(&credentials)
80            .await
81            .change_context(GCPCredentialsError)?;
82
83        Ok(Self {
84            credentials,
85            project_id,
86            _credentials_provider: PhantomData,
87        })
88    }
89
90    /// Create Firebase authentication manager
91    pub fn auth(&self) -> FirebaseAuth<ReqwestApiClient> {
92        let client = ReqwestApiClient::new(reqwest::Client::new(), self.credentials.clone());
93
94        FirebaseAuth::live(&self.project_id, client)
95    }
96
97    /// Create OIDC token verifier
98    #[cfg(feature = "tokens")]
99    pub fn id_token_verifier(
100        &self,
101    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
102        jwt::LiveValidator::new_jwt_validator(self.project_id.clone())
103            .change_context(credentials::GCPCredentialsError)
104    }
105
106    /// Create cookie token verifier
107    #[cfg(feature = "tokens")]
108    pub fn cookie_token_verifier(
109        &self,
110    ) -> Result<impl jwt::TokenValidator, Report<credentials::GCPCredentialsError>> {
111        jwt::LiveValidator::new_cookie_validator(self.project_id.clone())
112            .change_context(credentials::GCPCredentialsError)
113    }
114}