feature/appcheck/final

Author: pavlo

FirebaseAdmin/FirebaseAdmin/AppCheck/AppCheckApiClient.cs

@@ -0,0 +1,87 @@
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace FirebaseAdmin.AppCheck
+{
+    /// <summary>
+    /// Interface representing a decoded Firebase App Check token, returned from the {@link AppCheck.verifyToken} method..
+    /// </summary>
+    public class AppCheckDecodedToken
+    {
+        internal AppCheckDecodedToken(Args args)
+        {
+            this.AppId = args.AppId;
+            this.Issuer = args.Issuer;
+            this.Subject = args.Subject;
+            this.Audience = args.Audience;
+            this.ExpirationTimeSeconds = (int)args.ExpirationTimeSeconds;
+            this.IssuedAtTimeSeconds = (int)args.IssuedAtTimeSeconds;
+        }
+
+        /// <summary>
+        /// Gets or sets the issuer identifier for the issuer of the response.
+        /// </summary>
+        public string Issuer { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Firebase App ID corresponding to the app the token belonged to.
+        /// As a convenience, this value is copied over to the {@link AppCheckDecodedToken.app_id | app_id} property.
+        /// </summary>
+        public string Subject { get; set; }
+
+        /// <summary>
+        /// Gets or sets the audience for which this token is intended.
+        /// This value is a JSON array of two strings, the first is the project number of your
+        /// Firebase project, and the second is the project ID of the same project.
+        /// </summary>
+        public string[] Audience { get; set; }
+
+        /// <summary>
+        /// Gets or sets the App Check token's c time, in seconds since the Unix epoch. That is, the
+        /// time at which this App Check token expires and should no longer be considered valid.
+        /// </summary>
+        public int ExpirationTimeSeconds { get; set; }
+
+        /// <summary>
+        /// Gets or sets the App Check token's issued-at time, in seconds since the Unix epoch. That is, the
+        /// time at which this App Check token was issued and should start to be considered valid.
+        /// </summary>
+        public int IssuedAtTimeSeconds { get; set; }
+
+        /// <summary>
+        /// Gets or sets the App ID corresponding to the App the App Check token belonged to.
+        /// This value is not actually one of the JWT token claims. It is added as a
+        /// convenience, and is set as the value of the {@link AppCheckDecodedToken.sub | sub} property.
+        /// </summary>
+        public string AppId { get; set; }
+
+        /// <summary>
+        /// Gets or sets key .
+        /// </summary>
+        public Dictionary<string, string> Key { get; set; }
+        ////[key: string]: any;
+
+        internal sealed class Args
+        {
+            public string AppId { get; internal set; }
+
+            [JsonProperty("app_id")]
+            internal string Issuer { get; set; }
+
+            [JsonProperty("sub")]
+            internal string Subject { get; set; }
+
+            [JsonProperty("aud")]
+            internal string[] Audience { get; set; }
+
+            [JsonProperty("exp")]
+            internal long ExpirationTimeSeconds { get; set; }
+
+            [JsonProperty("iat")]
+            internal long IssuedAtTimeSeconds { get; set; }
+
+            [JsonIgnore]
+            internal IReadOnlyDictionary<string, object> Claims { get; set; }
+        }
+    }
+}

FirebaseAdmin/FirebaseAdmin/AppCheck/AppCheckDecodedToken.cs

@@ -0,0 +1,53 @@
+namespace FirebaseAdmin.AppCheck
+{
+    /// <summary>
+    /// Error codes that can be raised by the Firebase App Check APIs.
+    /// </summary>
+    public enum AppCheckErrorCode
+    {
+        /// <summary>
+        /// Process is aborted
+        /// </summary>
+        Aborted,
+
+        /// <summary>
+        /// Argument is not valid
+        /// </summary>
+        InvalidArgument,
+
+        /// <summary>
+        /// Credential is not valid
+        /// </summary>
+        InvalidCredential,
+
+        /// <summary>
+        /// The server internal error
+        /// </summary>
+        InternalError,
+
+        /// <summary>
+        /// Permission is denied
+        /// </summary>
+        PermissionDenied,
+
+        /// <summary>
+        /// Unauthenticated
+        /// </summary>
+        Unauthenticated,
+
+        /// <summary>
+        /// Resource is not found
+        /// </summary>
+        NotFound,
+
+        /// <summary>
+        /// App Check Token is expired
+        /// </summary>
+        AppCheckTokenExpired,
+
+        /// <summary>
+        /// Unknown Error
+        /// </summary>
+        UnknownError,
+    }
+}

FirebaseAdmin/FirebaseAdmin/AppCheck/AppCheckErrorCode.cs

@@ -0,0 +1,229 @@
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using FirebaseAdmin.Util;
+using Google.Apis.Json;
+using Newtonsoft.Json;
+
+namespace FirebaseAdmin.AppCheck
+{
+    /// <summary>
+    /// Parses error responses received from the Auth service, and creates instances of
+    /// <see cref="FirebaseAppCheckException"/>.
+    /// </summary>
+    internal sealed class AppCheckErrorHandler
+    : HttpErrorHandler<FirebaseAppCheckException>,
+        IHttpRequestExceptionHandler<FirebaseAppCheckException>,
+        IDeserializeExceptionHandler<FirebaseAppCheckException>
+    {
+        internal static readonly AppCheckErrorHandler Instance = new AppCheckErrorHandler();
+
+        private static readonly IReadOnlyDictionary<string, ErrorInfo> CodeToErrorInfo =
+            new Dictionary<string, ErrorInfo>()
+            {
+                {
+                    "ABORTED",
+                    new ErrorInfo(
+                        ErrorCode.Aborted,
+                        AppCheckErrorCode.Aborted,
+                        "App check is aborted")
+                },
+                {
+                    "INVALID_ARGUMENT",
+                    new ErrorInfo(
+                        ErrorCode.InvalidArgument,
+                        AppCheckErrorCode.InvalidArgument,
+                        "An argument is not valid")
+                },
+                {
+                    "INVALID_CREDENTIAL",
+                    new ErrorInfo(
+                        ErrorCode.InvalidArgument,
+                        AppCheckErrorCode.InvalidCredential,
+                        "The credential is not valid")
+                },
+                {
+                    "PERMISSION_DENIED",
+                    new ErrorInfo(
+                        ErrorCode.PermissionDenied,
+                        AppCheckErrorCode.PermissionDenied,
+                        "The permission is denied")
+                },
+                {
+                    "UNAUTHENTICATED",
+                    new ErrorInfo(
+                        ErrorCode.Unauthenticated,
+                        AppCheckErrorCode.Unauthenticated,
+                        "Unauthenticated")
+                },
+                {
+                    "NOT_FOUND",
+                    new ErrorInfo(
+                        ErrorCode.NotFound,
+                        AppCheckErrorCode.NotFound,
+                        "The resource is not found")
+                },
+                {
+                    "UNKNOWN",
+                    new ErrorInfo(
+                        ErrorCode.Unknown,
+                        AppCheckErrorCode.UnknownError,
+                        "unknown-error")
+                },
+            };
+
+        private AppCheckErrorHandler() { }
+
+        public FirebaseAppCheckException HandleHttpRequestException(
+            HttpRequestException exception)
+        {
+            var temp = exception.ToFirebaseException();
+            return new FirebaseAppCheckException(
+                temp.ErrorCode,
+                temp.Message,
+                inner: temp.InnerException,
+                response: temp.HttpResponse);
+        }
+
+        public FirebaseAppCheckException HandleDeserializeException(
+            Exception exception, ResponseInfo responseInfo)
+        {
+            return new FirebaseAppCheckException(
+                ErrorCode.Unknown,
+                $"Error while parsing AppCheck service response. Deserialization error: {responseInfo.Body}",
+                AppCheckErrorCode.UnknownError,
+                inner: exception,
+                response: responseInfo.HttpResponse);
+        }
+
+        protected sealed override FirebaseExceptionArgs CreateExceptionArgs(
+            HttpResponseMessage response, string body)
+        {
+            var appCheckError = this.ParseAppCheckError(body);
+
+            ErrorInfo info;
+            CodeToErrorInfo.TryGetValue(appCheckError.Code, out info);
+
+            var defaults = base.CreateExceptionArgs(response, body);
+            return new FirebaseAppCheckExceptionArgs()
+            {
+                Code = info?.ErrorCode ?? defaults.Code,
+                Message = info?.GetMessage(appCheckError) ?? defaults.Message,
+                HttpResponse = response,
+                ResponseBody = body,
+                AppCheckErrorCode = info?.AppCheckErrorCode,
+            };
+        }
+
+        protected override FirebaseAppCheckException CreateException(FirebaseExceptionArgs args)
+        {
+            return new FirebaseAppCheckException(
+                args.Code,
+                args.Message,
+                (args as FirebaseAppCheckExceptionArgs).AppCheckErrorCode,
+                response: args.HttpResponse);
+        }
+
+        private AppCheckError ParseAppCheckError(string body)
+        {
+            try
+            {
+                var parsed = NewtonsoftJsonSerializer.Instance.Deserialize<AppCheckErrorResponse>(body);
+                return parsed.Error ?? new AppCheckError();
+            }
+            catch
+            {
+                // Ignore any error that may occur while parsing the error response. The server
+                // may have responded with a non-json body.
+                return new AppCheckError();
+            }
+        }
+
+        /// <summary>
+        /// Describes a class of errors that can be raised by the Firebase Auth backend API.
+        /// </summary>
+        private sealed class ErrorInfo
+        {
+            private readonly string message;
+
+            internal ErrorInfo(ErrorCode code, AppCheckErrorCode appCheckErrorCode, string message)
+            {
+                this.ErrorCode = code;
+                this.AppCheckErrorCode = appCheckErrorCode;
+                this.message = message;
+            }
+
+            internal ErrorCode ErrorCode { get; private set; }
+
+            internal AppCheckErrorCode AppCheckErrorCode { get; private set; }
+
+            internal string GetMessage(AppCheckError appCheckError)
+            {
+                var message = $"{this.message} ({appCheckError.Code}).";
+                if (!string.IsNullOrEmpty(appCheckError.Detail))
+                {
+                    return $"{message}: {appCheckError.Detail}";
+                }
+
+                return $"{message}";
+            }
+        }
+
+        private sealed class FirebaseAppCheckExceptionArgs : FirebaseExceptionArgs
+        {
+            internal AppCheckErrorCode? AppCheckErrorCode { get; set; }
+        }
+
+        private sealed class AppCheckError
+        {
+            [JsonProperty("message")]
+            internal string Message { get; set; }
+
+            /// <summary>
+            /// Gets the Firebase Auth error code extracted from the response. Returns empty string
+            /// if the error code cannot be determined.
+            /// </summary>
+            internal string Code
+            {
+                get
+                {
+                    var separator = this.GetSeparator();
+                    if (separator != -1)
+                    {
+                        return this.Message.Substring(0, separator);
+                    }
+
+                    return this.Message ?? string.Empty;
+                }
+            }
+
+            /// <summary>
+            /// Gets the error detail sent by the Firebase Auth API. May be null.
+            /// </summary>
+            internal string Detail
+            {
+                get
+                {
+                    var separator = this.GetSeparator();
+                    if (separator != -1)
+                    {
+                        return this.Message.Substring(separator + 1).Trim();
+                    }
+
+                    return null;
+                }
+            }
+
+            private int GetSeparator()
+            {
+                return this.Message?.IndexOf(':') ?? -1;
+            }
+        }
+
+        private sealed class AppCheckErrorResponse
+        {
+            [JsonProperty("error")]
+            internal AppCheckError Error { get; set; }
+        }
+    }
+}

FirebaseAdmin/FirebaseAdmin/AppCheck/AppCheckErrorHandler.cs

@@ -1,23 +1,16 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
-
-namespace FirebaseAdmin.Check
+namespace FirebaseAdmin.AppCheck
 {
     /// <summary>
     /// Interface representing an App Check token.
     /// </summary>
-    /// <remarks>
-    /// Initializes a new instance of the <see cref="AppCheckToken"/> class.
-    /// </remarks>
     /// <param name="tokenValue">Generator from custom token.</param>
     /// <param name="ttlValue">TTl value .</param>
     public class AppCheckToken(string tokenValue, int ttlValue)
     {
         /// <summary>
-        /// Gets the Firebase App Check token.
+        /// Gets or sets the Firebase App Check token.
         /// </summary>
-        public string Token { get; } = tokenValue;
+        public string Token { get; set; } = tokenValue;
 
         /// <summary>
         /// Gets or sets the time-to-live duration of the token in milliseconds.