feat: add basic fpnv #3030
feat: add basic fpnv #3030
Conversation
Summary of ChangesHello @boikoa-gl, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a new Firebase Phone Number Verification (FPNV) module into the Firebase Admin SDK. This feature enables developers to verify phone number tokens, similar to how existing ID tokens are handled. The changes involve adding the necessary service classes, integrating them into the SDK's public API and build configuration, and establishing robust token verification logic, including custom error handling and support for the ES256 JWT algorithm. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a new fpnv (Firebase Phone Number Verification) service. The overall structure is good and follows the existing patterns in the SDK. However, there are a few critical issues that need to be addressed before merging. The error handling for this new service is incomplete, with placeholder error codes in FpnvErrorCode. This will lead to incorrect error reporting. I've provided a suggestion for a more complete implementation. There's also a potential bug in the JWT audience (aud) claim verification that could cause a runtime error. Finally, I've made some suggestions to use more specific error codes to improve the developer experience. Please review the detailed comments.
lahirumaramba
left a comment
lahirumaramba
left a comment
There was a problem hiding this comment.
Thanks! Added a few comments. Please check the CI errors.
Run npm run api-extractor:local to generate apidocs and update the PR with the new files.
lahirumaramba
left a comment
lahirumaramba
left a comment
There was a problem hiding this comment.
Thanks! It is looking good!
Added a few more comments
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a new fpnv (Firebase Phone Number Verification) module. The changes include adding the necessary entry points, API definitions, implementation, and tests. The core logic for token verification seems solid, with good validation and error handling. I've provided some feedback to improve documentation accuracy, address API extractor warnings, and align with some coding best practices. Overall, this is a good addition.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a new Firebase Phone Number Verification (FPNV) feature. The changes include adding the necessary API definitions, implementation, and tests for the fpnv module. Overall, the structure is sound and follows the existing patterns in the SDK. However, I've identified a critical issue in the JWT signature verification logic that will prevent the feature from working correctly. Additionally, there are a few areas for improvement regarding API documentation and type exports to enhance clarity and usability for developers. Addressing these points will ensure the new feature is robust and well-integrated.
| this.signatureVerifier = | ||
| PublicKeySignatureVerifier.withCertificateUrl(clientCertUrl, app.options.httpAgent); |
There was a problem hiding this comment.
The PublicKeySignatureVerifier is hardcoded to verify JWTs using the RS256 algorithm, but FPNV tokens are signed with ES256. This mismatch will cause all signature verifications to fail, making the feature non-functional.
To fix this, PublicKeySignatureVerifier in src/utils/jwt.ts should be modified to accept the desired algorithm. Since I cannot suggest changes to files not in the diff, here is a recommended approach:
- Update
PublicKeySignatureVerifier.withCertificateUrlto accept an optionalalgorithmparameter. - Pass this algorithm to the
PublicKeySignatureVerifierconstructor and store it. - Use the stored algorithm in the
verifymethod when callingverifyJwtSignature.
After making those changes in jwt.ts, you can update the instantiation here to:
this.signatureVerifier = PublicKeySignatureVerifier.withCertificateUrl(
clientCertUrl,
app.options.httpAgent,
ALGORITHM_ES256,
);
| /** | ||
| * The audience for which this token is intended. | ||
| * This value is a JSON array of two strings, the first is the project number of your | ||
| * Firebase project, and the second is the project ID of the same project. | ||
| */ | ||
| aud: string[]; |
There was a problem hiding this comment.
The documentation for the aud (audience) claim is misleading. It states that the values are the project number and project ID, but the implementation in token-verifier.ts expects full URLs that include the issuer prefix (e.g., https://fpnv.googleapis.com/projects/<PROJECT_ID>).
Please update the comment to accurately describe the expected format of the audience values to avoid confusion for developers.
| /** | |
| * The audience for which this token is intended. | |
| * This value is a JSON array of two strings, the first is the project number of your | |
| * Firebase project, and the second is the project ID of the same project. | |
| */ | |
| aud: string[]; | |
| /** | |
| * The audience for which this token is intended. | |
| * This value is an array of two strings, which are URLs that include the project number | |
| * and project ID of your Firebase project (e.g. `https://fpnv.googleapis.com/projects/<PROJECT_ID>`). | |
| */ | |
| aud: string[]; |
| public verifyToken(fpnvJwt: string): Promise<FpnvToken> { | ||
| return this.fpnvVerifier.verifyJWT(fpnvJwt); | ||
| } |
There was a problem hiding this comment.
The public method verifyToken is undocumented, which is also flagged in the generated API report. Please add a TSDoc comment to explain what the method does, its parameters, and what it returns. This improves code clarity and maintainability.
/**
* Verifies a Firebase Phone Number Verification token (FPNV JWT).
*
* @param fpnvJwt - The FPNV JWT string to verify.
* @returns A promise that resolves with the decoded token.
*/
public verifyToken(fpnvJwt: string): Promise<FpnvToken> {
return this.fpnvVerifier.verifyJWT(fpnvJwt);
}
3 participants
Hey there! So you want to contribute to a Firebase SDK?
Before you file this pull request, please read these guidelines:
Discussion
If not, go file an issue about this before creating a pull request to discuss.
Testing
API Changes
us make Firebase APIs better, please propose your change in an issue so that we
can discuss it together.