chore: resolve comments

boikoa-gl · boikoa-gl · commit 23868e8f6e3a · 2025-12-10T15:26:37.000+01:00
diff --git a/src/firebase-namespace-api.ts b/src/firebase-namespace-api.ts
@@ -16,7 +16,6 @@
 
 import { appCheck } from './app-check/app-check-namespace';
 import { auth } from './auth/auth-namespace';
-import { fpnv } from './fpnv/fpnv-namespace';
 import { database } from './database/database-namespace';
 import { firestore } from './firestore/firestore-namespace';
 import { instanceId } from './instance-id/instance-id-namespace';
@@ -44,7 +43,6 @@ export namespace app {
   export interface App extends AppCore {
     appCheck(): appCheck.AppCheck;
     auth(): auth.Auth;
-    fpnv(): fpnv.Fpnv;
     database(url?: string): database.Database;
     firestore(): firestore.Firestore;
     installations(): installations.Installations;
@@ -83,7 +81,6 @@ export namespace app {
 export * from './credential/index';
 export { appCheck } from './app-check/app-check-namespace';
 export { auth } from './auth/auth-namespace';
-export { fpnv } from './fpnv/fpnv-namespace';
 export { database } from './database/database-namespace';
 export { firestore } from './firestore/firestore-namespace';
 export { instanceId } from './instance-id/instance-id-namespace';
diff --git a/src/fpnv/base-fpnv.ts b/src/fpnv/base-fpnv.ts
diff --git a/src/fpnv/fpnv-api.ts b/src/fpnv/fpnv-api.ts
@@ -1,5 +1,6 @@
 /*!
- * Copyright 2021 Google LLC
+ * @license
+ * Copyright 2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,26 +15,25 @@
  * limitations under the License.
  */
 
-import { App } from '../app';
-
-// Import all public types with aliases, and re-export from the auth namespace.
-
-import { Fpnv as TFpnv } from './fpnv';
-
-import {
-  BaseFpnv as TBaseFpnv,
-} from './base-fpnv';
-
-import {
-  FpnvToken as TFpnvToken,
-} from './token-verifier';
 
+/**
+ * Interface representing a Fpnv token.
+ */
+export interface FpnvToken {
+    aud: string;
+    auth_time: number;
+    exp: number;
+    iat: number;
+    iss: string;
+    sub: string;
+
+    getPhoneNumber(): string;
+
+    /**
+     * Other arbitrary claims included in the ID token.
+     */
+    [key: string]: any;
+}
 
-export declare function fpnv(app?: App): fpnv.Fpnv;
+export {FpnvErrorCode, FirebasePnvError, ErrorInfo} from '../utils/error';
 
-/* eslint-disable @typescript-eslint/no-namespace */
-export namespace fpnv {
-    export type BaseFpnv = TBaseFpnv;
-    export type Fpnv = TFpnv;
-    export type FpnvToken = TFpnvToken;
-}
diff --git a/src/fpnv/fpnv.ts b/src/fpnv/fpnv.ts
@@ -1,6 +1,6 @@
 /*!
  * @license
- * Copyright 2017 Google LLC
+ * Copyright 2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,26 +16,36 @@
  */
 
 import { App } from '../app';
-import { BaseFpnv } from './base-fpnv';
+import { FpnvToken } from './fpnv-api';
+import {
+  FirebasePhoneNumberTokenVerifier,
+  createFPNTVerifier,
+} from './token-verifier';
 
 /**
  * Fpnv service bound to the provided app.
  */
-export class Fpnv extends BaseFpnv {
+export class Fpnv  {
   private readonly app_: App;
 
+   protected readonly fpnvVerifier: FirebasePhoneNumberTokenVerifier;
+
   constructor(app: App) {
-    super(app);
 
     this.app_ = app;
+    this.fpnvVerifier = createFPNTVerifier(app);
   }
 
   /**
-     * Returns the app associated with this Fpnv instance.
-     *
-     * @returns The app associated with this Fpnv instance.
-     */
+   * Returns the app associated with this Auth instance.
+   *
+   * @returns The app associated with this Auth instance.
+   */
   get app(): App {
     return this.app_;
   }
+
+  public async verifyToken(idToken: string): Promise<FpnvToken> {
+    return await this.fpnvVerifier.verifyJWT(idToken);
+  }
 }
diff --git a/src/fpnv/index.ts b/src/fpnv/index.ts
@@ -1,5 +1,6 @@
 /*!
- * Copyright 2020 Google LLC
+ * @license
+ * Copyright 2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,22 +54,3 @@ export function getFirebasePnv(app?: App): Fpnv {
   const firebaseApp: FirebaseApp = app as FirebaseApp;
   return firebaseApp.getOrInitService('fpnv', (app) => new Fpnv(app));
 }
-
-export {
-  Fpnv,
-} from './fpnv';
-
-export {
-  BaseFpnv,
-} from './base-fpnv';
-
-
-export {
-  FpnvToken,
-} from './token-verifier';
-
-
-export {
-  FirebasePnvError,
-  FpnvErrorCode,
-} from '../utils/error';
diff --git a/src/fpnv/token-verifier.ts b/src/fpnv/token-verifier.ts
@@ -1,40 +1,43 @@
+/*!
+ * @license
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 import { App } from '../app';
-import { FpnvErrorCode, ErrorInfo, FirebasePnvError } from '../utils/error';
+import { FpnvErrorCode, FirebasePnvError, ErrorInfo } from '../utils/error';
+import {FirebasePhoneNumberTokenInfo, FpnvToken} from './fpnv-api';
 import * as util from '../utils/index';
 import * as validator from '../utils/validator';
 import {
   DecodedToken, decodeJwt, JwtError, JwtErrorCode,
   PublicKeySignatureVerifier, ALGORITHM_ES256, SignatureVerifier,
 } from '../utils/jwt';
 
-export interface FpnvToken {
-    aud: string;
-    auth_time: number;
-    exp: number;
-    iat: number;
-    iss: string;
-    sub: string;
-
-    getPhoneNumber(): string;
-
-    /**
-     * Other arbitrary claims included in the ID token.
-     */
-    [key: string]: any;
-}
-
 const CLIENT_CERT_URL = 'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com';
 
-export const PN_TOKEN_INFO: FirebasePhoneNumberTokenInfo = {
+
+const PN_TOKEN_INFO: FirebasePhoneNumberTokenInfo = {
   url: 'https://firebase.google.com/docs/phone-number-verification',
   verifyApiName: 'verifyToken()',
   jwtName: 'Firebase Phone Verification token',
   shortName: 'FPNV token',
   typ: 'JWT',
-  expiredErrorCode: FpnvErrorCode.COMMON_ISSUE,
+  expiredErrorCode: FpnvErrorCode.EXPIRED_TOKEN,
 };
 
-export interface FirebasePhoneNumberTokenInfo {
+interface FirebasePhoneNumberTokenInfo {
     /** Documentation URL. */
     url: string;
     /** verify API name. */
@@ -63,42 +66,42 @@ export class FirebasePhoneNumberTokenVerifier {
 
     if (!validator.isURL(clientCertUrl)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The provided public client certificate URL is an invalid URL.',
       );
     } else if (!validator.isURL(issuer)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The provided JWT issuer is an invalid URL.',
       );
     } else if (!validator.isNonNullObject(tokenInfo)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The provided JWT information is not an object or null.',
       );
     } else if (!validator.isURL(tokenInfo.url)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The provided JWT verification documentation URL is invalid.',
       );
     } else if (!validator.isNonEmptyString(tokenInfo.verifyApiName)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The JWT verify API name must be a non-empty string.',
       );
     } else if (!validator.isNonEmptyString(tokenInfo.jwtName)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The JWT public full name must be a non-empty string.',
       );
     } else if (!validator.isNonEmptyString(tokenInfo.shortName)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The JWT public short name must be a non-empty string.',
       );
     } else if (!validator.isNonNullObject(tokenInfo.expiredErrorCode) || !('code' in tokenInfo.expiredErrorCode)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.INVALID_ARGUMENT,
         'The JWT expiration error code must be a non-null ErrorInfo object.',
       );
     }
@@ -113,7 +116,7 @@ export class FirebasePhoneNumberTokenVerifier {
   public async verifyJWT(jwtToken: string): Promise<FpnvToken> {
     if (!validator.isString(jwtToken)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.PROJECT_NOT_FOUND,
         `First argument to ${this.tokenInfo.verifyApiName} must be a ${this.tokenInfo.jwtName} string.`,
       );
     }
@@ -129,7 +132,7 @@ export class FirebasePhoneNumberTokenVerifier {
     const projectId = await util.findProjectId(this.app);
     if (!validator.isNonEmptyString(projectId)) {
       throw new FirebasePnvError(
-        FpnvErrorCode.COMMON_ISSUE,
+        FpnvErrorCode.PROJECT_NOT_FOUND,
         'Must initialize app with a cert credential or set your Firebase project ID as the ' +
                 `GOOGLE_CLOUD_PROJECT environment variable to call ${this.tokenInfo.verifyApiName}.`);
     }
@@ -156,10 +159,10 @@ export class FirebasePhoneNumberTokenVerifier {
         const errorMessage = `Decoding ${this.tokenInfo.jwtName} failed. Make sure you passed ` +
                     `the entire string JWT which represents ${this.shortNameArticle} ` +
                     `${this.tokenInfo.shortName}.` + verifyJwtTokenDocsMessage;
-        throw new FirebasePnvError(FpnvErrorCode.COMMON_ISSUE,
+        throw new FirebasePnvError(FpnvErrorCode.INVALID_ARGUMENT,
           errorMessage);
       }
-      throw new FirebasePnvError(FpnvErrorCode.COMMON_ISSUE, err.message);
+      throw new FirebasePnvError(FpnvErrorCode.INVALID_ARGUMENT, err.message);
     }
   }
 
@@ -183,14 +186,14 @@ export class FirebasePhoneNumberTokenVerifier {
       errorMessage = `${this.tokenInfo.jwtName} has no "kid" claim.`;
       errorMessage += verifyJwtTokenDocsMessage;
     } else if (header.alg !== ALGORITHM_ES256) {
-      errorMessage = `${this.tokenInfo.jwtName} has incorrect algorithm. Expected "` + ALGORITHM_ES256 + '" but got ' +
-                '"' + header.alg + '".' + verifyJwtTokenDocsMessage;
+      errorMessage = `${this.tokenInfo.jwtName} has incorrect algorithm. Expected ` + 
+      `"${ALGORITHM_ES256}" but got "${header.alg}". ${verifyJwtTokenDocsMessage}`;
     } else if (header.typ !== this.tokenInfo.typ) {
       errorMessage = `${this.tokenInfo.jwtName} has incorrect typ. Expected "${this.tokenInfo.typ}" but got ` +
                 '"' + header.typ + '".' + verifyJwtTokenDocsMessage;
     }
     // FPNV Token
-    else if (!((payload.aud as string[]).some(item => item === this.issuer + projectId))) {
+    else if (!((Array.isArray(payload.aud) ? payload.aud : []).some(item => item === this.issuer + projectId))) {
       errorMessage = `${this.tokenInfo.jwtName} has incorrect "aud" (audience) claim. Expected "` +
                 this.issuer + projectId + '" to be one of "' + payload.aud + '".' + projectIdMatchMessage +
                 verifyJwtTokenDocsMessage;
@@ -202,7 +205,7 @@ export class FirebasePhoneNumberTokenVerifier {
     }
 
     if (errorMessage) {
-      throw new FirebasePnvError(FpnvErrorCode.COMMON_ISSUE, errorMessage);
+      throw new FirebasePnvError(FpnvErrorCode.INVALID_ARGUMENT, errorMessage);
     }
   }
 
@@ -224,14 +227,14 @@ export class FirebasePhoneNumberTokenVerifier {
       return new FirebasePnvError(this.tokenInfo.expiredErrorCode, errorMessage);
     } else if (error.code === JwtErrorCode.INVALID_SIGNATURE) {
       const errorMessage = `${this.tokenInfo.jwtName} has invalid signature.` + verifyJwtTokenDocsMessage;
-      return new FirebasePnvError(FpnvErrorCode.COMMON_ISSUE, errorMessage);
+      return new FirebasePnvError(FpnvErrorCode.INVALID_ARGUMENT, errorMessage);
     } else if (error.code === JwtErrorCode.NO_MATCHING_KID) {
       const errorMessage = `${this.tokenInfo.jwtName} has "kid" claim which does not ` +
                 `correspond to a known public key. Most likely the ${this.tokenInfo.shortName} ` +
                 'is expired, so get a fresh token from your client app and try again.';
-      return new FirebasePnvError(FpnvErrorCode.COMMON_ISSUE, errorMessage);
+      return new FirebasePnvError(FpnvErrorCode.INVALID_ARGUMENT, errorMessage);
     }
-    return new FirebasePnvError(FpnvErrorCode.COMMON_ISSUE, error.message);
+    return new FirebasePnvError(FpnvErrorCode.INVALID_ARGUMENT, error.message);
   }
 
 }
diff --git a/src/utils/error.ts b/src/utils/error.ts
