functions-samples/Node-1st-gen/quickstarts/auth-blocking-functions/functions/index.js at 84005a5d501368e6b197d06d3524bfaa7f2e33d7 · firebase/functions-samples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/**
 * Copyright 2022 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

const {functions} = require("firebase-functions/v1");
const { beforeUserCreated, beforeUserSignedIn } = require("firebase-functions/v2/identity");

const {admin} = require("firebase-admin");

admin.initializeApp();
const db = admin.firestore();

// [START v1ValidateNewUser]
// [START v1beforeCreateFunctionTrigger]
// Block account creation with any non-acme email address.
exports.validateNewUser = beforeUserCreated(({ data: user }) => {

    // [END v1beforeCreateFunctionTrigger]
    // [START v1readEmailData]
    // Email passed from the User object.
      const email = user.email || "";
      // [END v1readEmailData]

      // [START v1domainHttpsError]
      // Only users of a specific domain can sign up.
      if (!email.includes("acme.com")) {
        // Throwing an HttpsError so that Auth rejects the account creation.
        throw new functions.https.HttpsError(
            "invalid-argument",
            "Unauthorized email",
        );
      }
    // [END v1domainHttpsError]
    });
// [END v1ValidateNewUser]

// [START v1CheckForBan]
// [START v1beforeSignInFunctionTrigger]
// Block account sign in with any banned account.
exports.checkForBan = beforeUserSignedIn(async ({ data: user }) => {

    // [END v1beforeSignInFunctionTrigger]
    // [START v1readEmailData]
    // Email passed from the User object.
      const email = user.email || "";
      // [END v1readEmailData]

      // [START v1documentGet]
      // Obtain a document in Firestore of the banned email address.
      const doc = await db.collection("banned").doc(email).get();
      // [END v1documentGet]

      // [START v1bannedHttpsError]
      // Checking that the document exists for the email address.
      if (doc.exists) {
      // Throwing an HttpsError so that Auth rejects the account sign in.
        throw new functions.https.HttpsError(
            "invalid-argument",
            "Unauthorized email",
        );
      }
    // [END v1bannedHttpsError]
    });
// [START v1CheckForBan]