Bump admin SDK version. Remove vendored APIs + sniffing

.github/workflows/test.yaml

@@ -13,8 +13,6 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 10.x
-          - 12.x
           - 14.x
           - 16.x
     steps:
@@ -38,7 +36,6 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 12.x
           - 14.x
           - 16.x
     steps:

package.json

@@ -229,9 +229,9 @@
     "yargs": "^15.3.1"
   },
   "peerDependencies": {
-    "firebase-admin": "^8.0.0 || ^9.0.0 || ^10.0.0"
+    "firebase-admin": "^10.0.0"
   },
   "engines": {
-    "node": "^8.13.0 || >=10.10.0"
+    "node": ">=14.10.0"
   }
 }

src/common/providers/https.ts

@@ -22,7 +22,8 @@
 
 import * as cors from 'cors';
 import * as express from 'express';
-import * as firebase from 'firebase-admin';
+import { DecodedAppCheckToken } from 'firebase-admin/app-check';
+import { DecodedIdToken } from 'firebase-admin/auth';
 
 import * as logger from '../../logger';
 
@@ -40,60 +41,6 @@ export interface Request extends express.Request {
   rawBody: Buffer;
 }
 
-// This is actually a firebase.appCheck.DecodedAppCheckToken, but
-// that type may not be available in some supported SDK versions.
-// Declare as an inline type, which DecodedAppCheckToken will be
-// able to merge with.
-// TODO: Replace with the real type once we bump the min-version of
-// the admin SDK
-interface DecodedAppCheckToken {
-  /**
-   * The issuer identifier for the issuer of the response.
-   *
-   * This value is a URL with the format
-   * `https://firebaseappcheck.googleapis.com/<PROJECT_NUMBER>`, where `<PROJECT_NUMBER>` is the
-   * same project number specified in the [`aud`](#aud) property.
-   */
-  iss: string;
-
-  /**
-   * The Firebase App ID corresponding to the app the token belonged to.
-   *
-   * As a convenience, this value is copied over to the [`app_id`](#app_id) property.
-   */
-  sub: string;
-
-  /**
-   * The audience for which this token is intended.
-   *
-   * This value is a JSON array of two strings, the first is the project number of your
-   * Firebase project, and the second is the project ID of the same project.
-   */
-  aud: string[];
-
-  /**
-   * The App Check token's expiration time, in seconds since the Unix epoch. That is, the
-   * time at which this App Check token expires and should no longer be considered valid.
-   */
-  exp: number;
-
-  /**
-   * The App Check token's issued-at time, in seconds since the Unix epoch. That is, the
-   * time at which this App Check token was issued and should start to be considered
-   * valid.;
-   */
-  iat: number;
-
-  /**
-   * The App ID corresponding to the App the App Check token belonged to.
-   *
-   * This value is not actually one of the JWT token claims. It is added as a
-   * convenience, and is set as the value of the [`sub`](#sub) property.
-   */
-  app_id: string;
-  [key: string]: any;
-}
-
 /**
  * The interface for AppCheck tokens verified in Callable functions
  */
@@ -107,7 +54,7 @@ export interface AppCheckData {
  */
 export interface AuthData {
   uid: string;
-  token: firebase.auth.DecodedIdToken;
+  token: DecodedIdToken;
 }
 
 // This type is the direct v1 callable interface and is also an interface
@@ -553,10 +500,8 @@ export function unsafeDecodeToken(token: string): unknown {
  * This is exposed only for testing.
  */
 /** @internal */
-export function unsafeDecodeIdToken(
-  token: string
-): firebase.auth.DecodedIdToken {
-  const decoded = unsafeDecodeToken(token) as firebase.auth.DecodedIdToken;
+export function unsafeDecodeIdToken(token: string): DecodedIdToken {
+  const decoded = unsafeDecodeToken(token) as DecodedIdToken;
   decoded.uid = decoded.sub;
   return decoded;
 }
@@ -642,7 +587,7 @@ export async function checkAuthToken(
   if (match) {
     const idToken = match[1];
     try {
-      let authToken: firebase.auth.DecodedIdToken;
+      let authToken: DecodedIdToken;
       if (isDebugFeatureEnabled('skipTokenVerification')) {
         authToken = unsafeDecodeIdToken(idToken);
       } else {
@@ -672,11 +617,6 @@ async function checkAppCheckToken(
     return 'MISSING';
   }
   try {
-    if (!apps().admin.appCheck) {
-      throw new Error(
-        'Cannot validate AppCheck token. Please update Firebase Admin SDK to >= v9.8.0'
-      );
-    }
     let appCheckData;
     if (isDebugFeatureEnabled('skipTokenVerification')) {
       const decodedToken = unsafeDecodeAppCheckToken(appCheck);

src/v2/providers/database.ts

@@ -44,14 +44,14 @@ export const updatedEventType = 'google.firebase.database.ref.v1.updated';
 /** @internal */
 export const deletedEventType = 'google.firebase.database.ref.v1.deleted';
 
-/** @internal */
+/** @hidden */
 export interface RawRTDBCloudEventData {
   ['@type']: 'type.googleapis.com/google.events.firebase.database.v1.ReferenceEventData';
   data: any;
   delta: any;
 }
 
-/** @internal */
+/** @hidden */
 export interface RawRTDBCloudEvent extends CloudEvent<RawRTDBCloudEventData> {
   firebasedatabasehost: string;
   instance: string;