feat(fac): Expose FAC APIs from firebase-admin/app-check entry point

Author: lahirumaramba

entrypoints.json

@@ -8,6 +8,10 @@
     "typings": "./lib/app/index.d.ts",
     "dist": "./lib/app/index.js"
   },
+  "firebase-admin/app-check": {
+    "typings": "./lib/app-check/index.d.ts",
+    "dist": "./lib/app-check/index.js"
+  },
   "firebase-admin/auth": {
     "typings": "./lib/auth/index.d.ts",
     "dist": "./lib/auth/index.js"

etc/firebase-admin.api.md

@@ -44,34 +44,18 @@ export namespace app {
 }
 
 // @public
-export function appCheck(app?: app.App): appCheck.AppCheck;
+export function appCheck(app?: App): appCheck.AppCheck;
 
 // @public (undocumented)
 export namespace appCheck {
-    export interface AppCheck {
-        // (undocumented)
-        app: app.App;
-        createToken(appId: string): Promise<AppCheckToken>;
-        verifyToken(appCheckToken: string): Promise<VerifyAppCheckTokenResponse>;
-    }
-    export interface AppCheckToken {
-        token: string;
-        ttlMillis: number;
-    }
-    export interface DecodedAppCheckToken {
-        // (undocumented)
-        [key: string]: any;
-        app_id: string;
-        aud: string[];
-        exp: number;
-        iat: number;
-        iss: string;
-        sub: string;
-    }
-    export interface VerifyAppCheckTokenResponse {
-        appId: string;
-        token: appCheck.DecodedAppCheckToken;
-    }
+    // Warning: (ae-forgotten-export) The symbol "AppCheck" needs to be exported by the entry point default-namespace.d.ts
+    export type AppCheck = AppCheck;
+    // Warning: (ae-forgotten-export) The symbol "AppCheckToken" needs to be exported by the entry point default-namespace.d.ts
+    export type AppCheckToken = AppCheckToken;
+    // Warning: (ae-forgotten-export) The symbol "DecodedAppCheckToken" needs to be exported by the entry point default-namespace.d.ts
+    export type DecodedAppCheckToken = DecodedAppCheckToken;
+    // Warning: (ae-forgotten-export) The symbol "VerifyAppCheckTokenResponse" needs to be exported by the entry point default-namespace.d.ts
+    export type VerifyAppCheckTokenResponse = VerifyAppCheckTokenResponse;
 }
 
 // @public

etc/firebase-admin.app-check.api.md

@@ -0,0 +1,49 @@
+## API Report File for "firebase-admin.app-check"
+
+> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
+
+```ts
+
+import { Agent } from 'http';
+
+// @public
+export class AppCheck {
+    // Warning: (ae-forgotten-export) The symbol "App" needs to be exported by the entry point index.d.ts
+    //
+    // (undocumented)
+    readonly app: App;
+    createToken(appId: string): Promise<AppCheckToken>;
+    verifyToken(appCheckToken: string): Promise<VerifyAppCheckTokenResponse>;
+}
+
+// @public
+export interface AppCheckToken {
+    token: string;
+    ttlMillis: number;
+}
+
+// @public
+export interface DecodedAppCheckToken {
+    // (undocumented)
+    [key: string]: any;
+    app_id: string;
+    aud: string[];
+    exp: number;
+    iat: number;
+    iss: string;
+    sub: string;
+}
+
+// @public
+export function getAppCheck(app?: App): AppCheck;
+
+// @public
+export interface VerifyAppCheckTokenResponse {
+    appId: string;
+    token: DecodedAppCheckToken;
+}
+
+
+// (No @packageDocumentation comment for this package)
+
+```

package-lock.json

@@ -65,6 +65,9 @@
       "app": [
         "lib/app"
       ],
+      "app-check": [
+        "lib/app-check"
+      ],
       "auth": [
         "lib/auth"
       ],
@@ -103,6 +106,10 @@
       "require": "./lib/app/index.js",
       "import": "./lib/esm/app/index.js"
     },
+    "./app-check": {
+      "require": "./lib/app-check/index.js",
+      "import": "./lib/esm/app-check/index.js"
+    },
     "./auth": {
       "require": "./lib/auth/index.js",
       "import": "./lib/esm/auth/index.js"

package.json

@@ -15,17 +15,15 @@
  * limitations under the License.
  */
 
-import { appCheck } from './index';
+import { App } from '../app';
+import { FirebaseApp } from '../app/firebase-app';
 import {
   HttpRequestConfig, HttpClient, HttpError, AuthorizedHttpClient, HttpResponse
 } from '../utils/api-request';
-import { FirebaseApp } from '../app/firebase-app';
 import { PrefixedFirebaseError } from '../utils/error';
-
 import * as utils from '../utils/index';
 import * as validator from '../utils/validator';
-
-import AppCheckToken = appCheck.AppCheckToken;
+import { AppCheckToken } from './app-check-api'
 
 // App Check backend constants
 const FIREBASE_APP_CHECK_V1_API_URL_FORMAT = 'https://firebaseappcheck.googleapis.com/v1beta/projects/{projectId}/apps/{appId}:exchangeCustomToken';
@@ -43,21 +41,21 @@ export class AppCheckApiClient {
   private readonly httpClient: HttpClient;
   private projectId?: string;
 
-  constructor(private readonly app: FirebaseApp) {
+  constructor(private readonly app: App) {
     if (!validator.isNonNullObject(app) || !('options' in app)) {
       throw new FirebaseAppCheckError(
         'invalid-argument',
         'First argument passed to admin.appCheck() must be a valid Firebase app instance.');
     }
-    this.httpClient = new AuthorizedHttpClient(app);
+    this.httpClient = new AuthorizedHttpClient(app as FirebaseApp);
   }
 
   /**
    * Exchange a signed custom token to App Check token
    * 
    * @param customToken The custom token to be exchanged.
    * @param appId The mobile App ID.
-   * @return A promise that fulfills with a `AppCheckToken`.
+   * @returns A promise that fulfills with a `AppCheckToken`.
    */
   public exchangeToken(customToken: string, appId: string): Promise<AppCheckToken> {
     if (!validator.isNonEmptyString(appId)) {
@@ -143,7 +141,7 @@ export class AppCheckApiClient {
    * Creates an AppCheckToken from the API response.
    *
    * @param resp API response object.
-   * @return An AppCheckToken instance.
+   * @returns An AppCheckToken instance.
    */
   private toAppCheckToken(resp: HttpResponse): AppCheckToken {
     const token = resp.data.attestationToken;
@@ -164,7 +162,7 @@ export class AppCheckApiClient {
    * is expressed as "3s", while 3 seconds and 1 nanosecond is expressed as "3.000000001s", 
    * and 3 seconds and 1 microsecond is expressed as "3.000001s".
    * 
-   * @return The duration in milliseconds.
+   * @returns The duration in milliseconds.
    */
   private stringToMilliseconds(duration: string): number {
     if (!validator.isNonEmptyString(duration) || !duration.endsWith('s')) {
@@ -211,8 +209,8 @@ export type AppCheckErrorCode =
 /**
  * Firebase App Check error code structure. This extends PrefixedFirebaseError.
  *
- * @param {AppCheckErrorCode} code The error code.
- * @param {string} message The error message.
+ * @param code The error code.
+ * @param message The error message.
  * @constructor
  */
 export class FirebaseAppCheckError extends PrefixedFirebaseError {

src/app-check/app-check-api-client-internal.ts

@@ -0,0 +1,98 @@
+/*!
+ * @license
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Interface representing an App Check token.
+ */
+export interface AppCheckToken {
+  /**
+   * The Firebase App Check token.
+   */
+  token: string;
+
+  /**
+   * The time-to-live duration of the token in milliseconds.
+   */
+  ttlMillis: number;
+}
+
+/**
+ * Interface representing a decoded Firebase App Check token, returned from the
+ * {@link appCheck.AppCheck.verifyToken `verifyToken()`} method.
+ */
+export interface DecodedAppCheckToken {
+  /**
+   * The issuer identifier for the issuer of the response.
+   *
+   * This value is a URL with the format
+   * `https://firebaseappcheck.googleapis.com/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
+   * same project number specified in the [`aud`](#aud) property.
+   */
+  iss: string;
+
+  /**
+   * The Firebase App ID corresponding to the app the token belonged to.
+   *
+   * As a convenience, this value is copied over to the [`app_id`](#app_id) property.
+   */
+  sub: string;
+
+  /**
+   * The audience for which this token is intended.
+   *
+   * This value is a JSON array of two strings, the first is the project number of your
+   * Firebase project, and the second is the project ID of the same project.
+   */
+  aud: string[];
+
+  /**
+   * The App Check token's expiration time, in seconds since the Unix epoch. That is, the
+   * time at which this App Check token expires and should no longer be considered valid.
+   */
+  exp: number;
+
+  /**
+   * The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
+   * time at which this App Check token was issued and should start to be considered
+   * valid.
+   */
+  iat: number;
+
+  /**
+   * The App ID corresponding to the App the App Check token belonged to.
+   *
+   * This value is not actually one of the JWT token claims. It is added as a
+   * convenience, and is set as the value of the [`sub`](#sub) property.
+   */
+  app_id: string;
+  [key: string]: any;
+}
+
+/**
+ * Interface representing a verified App Check token response.
+ */
+export interface VerifyAppCheckTokenResponse {
+  /**
+   * The App ID corresponding to the App the App Check token belonged to.
+   */
+  appId: string;
+
+  /**
+   * The decoded Firebase App Check token.
+   */
+  token: DecodedAppCheckToken;
+}