Merge pull request #10 from firebase/require-uid

v2.0.0
googlearchive · Sep 15, 2014 · 2c209c9 · 2c209c9
2 parents 1fddca4 + 60e99f6
commit 2c209c9
Show file tree

Hide file tree

Showing 16 changed files with 408 additions and 253 deletions.
diff --git a/Gruntfile.js b/Gruntfile.js
@@ -15,7 +15,10 @@ module.exports = function(grunt) {
         '!js/src/cryptojs.js'
       ],
       options: {
-        sub: true // Allow 
+        curly: true,
+        eqeqeq: true,
+        node: true,
+        sub: true
       }
     },
 
@@ -39,7 +42,7 @@ module.exports = function(grunt) {
       },
       'js-token-generator': {
         src        : src,
-        dest       : 'build/firebase-token-generator.js',
+        dest       : 'dist/firebase-token-generator.js',
         options    : {
           compilerOpts: {
             'generate_exports'  : true,
@@ -51,7 +54,7 @@ module.exports = function(grunt) {
       },
       'js-token-generator-debug': {
         src        : src,
-        dest       : 'build/firebase-token-generator-debug.js',
+        dest       : 'dist/firebase-token-generator-debug.js',
         options    : {
           compilerOpts: {
             'generate_exports'  : true,
@@ -63,7 +66,7 @@ module.exports = function(grunt) {
       },
       'js-token-generator-node': {
         src        : src,
-        dest       : 'build/firebase-token-generator-node.js',
+        dest       : 'dist/firebase-token-generator-node.js',
         options    : {
           compilerOpts: {
             'generate_exports'  : true,
@@ -88,7 +91,7 @@ module.exports = function(grunt) {
     jasmine: {
       dist: {
         src: [
-          'build/firebase-token-generator.js'
+          'dist/firebase-token-generator.js'
         ],
         options: {
           vendor: [],
@@ -100,7 +103,7 @@ module.exports = function(grunt) {
       },
       debug: {
         src: [
-          'build/firebase-token-generator-debug.js'
+          'dist/firebase-token-generator-debug.js'
         ],
         options: {
           vendor: [],

diff --git a/README.md b/README.md
@@ -43,13 +43,16 @@ this snippet of Node.js code:
 ```js
 var FirebaseTokenGenerator = require("firebase-token-generator");
 var tokenGenerator = new FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
-var token = tokenGenerator.createToken({some: "arbitrary", data: "here"});
+var token = tokenGenerator.createToken({uid: "1", some: "arbitrary", data: "here"});
 ```
 
-The arbitrary payload object passed into `createToken()` is then available for use within your
+The payload passed to `createToken()` is made available for use within your
 security rules via the [`auth` variable](https://www.firebase.com/docs/security/api/rule/auth.html).
-This is how you pass trusted authentication details (e.g. the client's user ID) into your
-Firebase rules.
+This is how you pass trusted authentication details (e.g. the client's user ID)
+to your Firebase security rules. The payload can contain any data of your
+choosing, however it must contain a "uid" key, which must be a string of less
+than 256 characters. The generated token must be less than 1024 characters in
+total.
 
 
 ## Token Options
@@ -77,7 +80,7 @@ Here is an example of how to use the second `options` argument:
 var FirebaseTokenGenerator = require("firebase-token-generator");
 var tokenGenerator = new FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
 var token = tokenGenerator.createToken(
-  {some: "arbitrary", data: "here"},
+  {uid: "1", some: "arbitrary", data: "here"},
   {admin: true}
 );
 ```

diff --git a/bower.json b/bower.json
@@ -1,12 +1,12 @@
 {
   "name": "firebase-token-generator",
-  "version": "1.1.3",
+  "version": "2.0.0",
   "homepage": "https://firebase.com",
   "authors": [
     "Firebase <[email protected]>"
   ],
   "description": "Firebase Token Generator for JavaScript",
-  "main": "./build/firebase-token-generator.js",
+  "main": "./dist/firebase-token-generator.js",
   "keywords": [
     "Firebase",
     "synchronization",

diff --git a/build/firebase-token-generator.js b/build/firebase-token-generator.js
diff --git a/build/firebase-token-generator-debug.js → dist/firebase-token-generator-debug.js b/build/firebase-token-generator-debug.js → dist/firebase-token-generator-debug.js
@@ -988,21 +988,42 @@ fb.tokengenerator.validation.validateSecret = function(fnName, argumentNumber, s
     throw new Error(fb.tokengenerator.validation.errorPrefix_(fnName, argumentNumber, false) + "must be a valid firebase namespace secret.");
   }
 };
-fb.tokengenerator.validation.validateCredentialData = function(fnName, argumentNumber, cred, optional) {
+fb.tokengenerator.validation.validateCredentialData = function(fnName, argumentNumber, data, isAdminToken) {
+  var isDataAnObject = typeof data === "object";
+  if(data === null || !isDataAnObject) {
+    if(!isDataAnObject && !isAdminToken) {
+      throw new Error(fb.tokengenerator.validation.errorPrefix_(fnName, argumentNumber, false) + "must be a dictionary of token data.");
+    }
+  }else {
+    if(data.uid === null || typeof data.uid !== "string") {
+      if(!isAdminToken || typeof data.uid !== "undefined") {
+        throw new Error(fb.tokengenerator.validation.errorPrefix_(fnName, argumentNumber, false) + 'must contain a "uid" key that must be a string.');
+      }
+    }else {
+      if(data.uid.length > 256) {
+        throw new Error(fb.tokengenerator.validation.errorPrefix_(fnName, argumentNumber, false) + 'must contain a "uid" key that must not be longer than 256 bytes.');
+      }
+    }
+  }
 };
-fb.tokengenerator.validation.validateCredentialOptions = function(fnName, argumentNumber, opt, optional) {
-  if(optional && !goog.isDef(opt)) {
+fb.tokengenerator.validation.validateCredentialOptions = function(fnName, argumentNumber, opt) {
+  if(!goog.isDef(opt)) {
     return
   }
-  if(opt === null || typeof opt != "object") {
-    throw new Error(fb.tokengenerator.validation.errorPrefix_(fnName, argumentNumber, optional) + "must be a dictionary of token options.");
+  if(opt === null || typeof opt !== "object") {
+    throw new Error(fb.tokengenerator.validation.errorPrefix_(fnName, argumentNumber, true) + "must be a dictionary of token options.");
   }
 };
 fb.tokengenerator.validation.validateOption = function(prefix, optName, opt, expectedType, suffix) {
   if(typeof opt !== expectedType || expectedType === "number" && isNaN(opt)) {
     throw new Error(prefix + ' option "' + optName + '" must be ' + suffix + ", instead got " + opt);
   }
 };
+fb.tokengenerator.validation.validateGeneratedToken = function(token) {
+  if(token.length > 1024) {
+    throw new Error("Generated token must be less than 1024 bytes long");
+  }
+};
 goog.provide("goog.dom.NodeType");
 goog.dom.NodeType = {ELEMENT:1, ATTRIBUTE:2, TEXT:3, CDATA_SECTION:4, ENTITY_REFERENCE:5, ENTITY:6, PROCESSING_INSTRUCTION:7, COMMENT:8, DOCUMENT:9, DOCUMENT_TYPE:10, DOCUMENT_FRAGMENT:11, NOTATION:12};
 goog.provide("goog.debug.Error");
@@ -2409,25 +2430,25 @@ goog.crypt.base64.init_ = function() {
   }
 };
 goog.provide("FirebaseTokenGenerator");
+goog.require("CryptoJS");
 goog.require("fb.tokengenerator.constants");
-goog.require("fb.tokengenerator.validation");
 goog.require("fb.tokengenerator.json");
 goog.require("fb.tokengenerator.utf8");
+goog.require("fb.tokengenerator.validation");
 goog.require("goog.crypt.base64");
-goog.require("CryptoJS");
 var TOKEN_SEP = ".";
 var TOKEN_VERSION = 0;
-FirebaseTokenGenerator = function(secret) {
+var FirebaseTokenGenerator = function(secret) {
   fb.tokengenerator.validation.validateArgCount("new FirebaseTokenGenerator", 1, 1, arguments.length);
   fb.tokengenerator.validation.validateSecret("new FirebaseTokenGenerator", 1, secret);
   this.mSecret = secret
 };
 FirebaseTokenGenerator.prototype.createToken = function(data, options) {
   var funcName = "FirebaseTokenGenerator.createToken";
   fb.tokengenerator.validation.validateArgCount(funcName, 1, 2, arguments.length);
-  fb.tokengenerator.validation.validateCredentialData(funcName, 1, data, false);
-  fb.tokengenerator.validation.validateCredentialOptions(funcName, 2, options, true);
+  fb.tokengenerator.validation.validateCredentialOptions(funcName, 2, options);
   options = options || {};
+  fb.tokengenerator.validation.validateCredentialData(funcName, 1, data, options["admin"] === true);
   if(FirebaseTokenGenerator.isEmptyObject_(data) && FirebaseTokenGenerator.isUselessOptionsObject_(options)) {
     throw new Error(funcName + ": data is empty and no options are set.  This token will have no effect on Firebase.");
   }
@@ -2446,7 +2467,7 @@ FirebaseTokenGenerator.prototype.createOptionsClaims = function(func_name, opts)
       case "expires":
       ;
       case "notBefore":
-        var code = o == "notBefore" ? "nbf" : "exp";
+        var code = o === "notBefore" ? "nbf" : "exp";
         if(opts[o] instanceof Date) {
           claims[code] = Math.round(opts[o].getTime() / 1E3)
         }else {
@@ -2486,6 +2507,7 @@ FirebaseTokenGenerator.prototype.createToken_ = function(claims) {
   var sig = goog.crypt.base64.encodeByteArray(hashBytes, true);
   sig = this.removeBase64Pad_(sig);
   var token = encodedHeader + TOKEN_SEP + encodedClaims + TOKEN_SEP + sig;
+  fb.tokengenerator.validation.validateGeneratedToken(token);
   return token
 };
 FirebaseTokenGenerator.prototype.noPadWebsafeBase64Encode_ = function(str) {