o }l~i@sdZddlmZmZddlZddlmZmZmZddlmZm Z m Z ddl m Z dZ defd d Zdd edeeeffd d ZGdddZGdddZdS)zFirebase App Check module.)AnyDictN) PyJWKClientExpiredSignatureErrorInvalidTokenError)InvalidAudienceErrorInvalidIssuerErrorInvalidSignatureError)_utils _app_checkreturncCst|ttSN)r get_app_service_APP_CHECK_ATTRIBUTE_AppCheckService)appr_/var/www/newdalilibackend/backend/venv/lib/python3.10/site-packages/firebase_admin/app_check.py_get_app_check_servicesrtokencCst||S)aXVerifies a Firebase App Check token. Args: token: A token from App Check. app: An App instance (optional). Returns: Dict[str, Any]: The token's decoded claims. Raises: ValueError: If the app's ``project_id`` is invalid or unspecified, or if the token's headers or payload are invalid. )r verify_token)rrrrrrsrc@sjeZdZdZdZdZdZdZdZddZ de de e e ffd d Z d e ddfd d Zde de fddZdS)rz?Service class that implements Firebase App Check functionality.z(https://firebaseappcheck.googleapis.com/z/https://firebaseappcheck.googleapis.com/v1/jwksNcCs6|j|_|js tdd|j|_t|jdd|_dS)NzA project ID must be specified to access the App Check service. Either set the projectId option, use service account credentials, or set the GOOGLE_CLOUD_PROJECT environment variable.z projects/i`T)lifespan) project_id _project_id ValueError_scoped_project_idr _JWKS_URL _jwks_client)selfrrrr__init__5s z_AppCheckService.__init__rr cCsHtd||j|}|t||||j}| d|d<|S)z$Verifies a Firebase App Check token.zapp check tokensubapp_id) _Validators check_stringrget_signing_key_from_jwt_has_valid_token_headersjwtget_unverified_header_decode_and_verifykeyget)rr signing_keyverified_claimsrrrrCs  z_AppCheckService.verify_tokenheaderscCs<|ddkr td|d}|dkrtd|ddS) z9Checks whether the token has valid headers for App Check.typJWTz9The provided App Check token has an incorrect type headeralgRS256zQThe provided App Check token has an incorrect alg header. Expected RS256 but got .N)r*r)rr- algorithmrrrr%Qs z)_AppCheckService._has_valid_token_headersr+c Csi}z tj||dg|jd}WnDtytdty)td|jdty7td|jtyAtdt yS}ztd|d }~ww| d }t |t rc|j|vrgtd | d  |jsttd td| d|S)z.Decodes and verifies the token from App Check.r1) algorithmsaudiencez6The provided App Check token has an invalid signature.zbThe provided App Check token has an incorrect "aud" (audience) claim. Expected payload to include r2z^The provided App Check token has an incorrect "iss" (issuer) claim. Expected claim to include z)The provided App Check token has expired.z(Decoding App Check token failed. Error: Naudz>Firebase App Check token has incorrect "aud" (audience) claim.issz2Token does not contain the correct "iss" (issuer).z2The provided App Check token "sub" (subject) claimr )r&decoderr rrr_APP_CHECK_ISSUERrrr* isinstancelist startswithr"r#)rrr+payload exceptionr5rrrr(^sX     z#_AppCheckService._decode_and_verify)__name__ __module__ __qualname____doc__r9rrrrrstrrrrr%r(rrrrr,s rc@s&eZdZdZededefddZdS)r"zA collection of data validation utilities. Methods provided in this class raise ``ValueErrors`` if any validations fail. labelvaluecCs6|dur td||t|tstd||dS)z&Checks if the given value is a string.Nz%{0} "{1}" must be a non-empty string.z{0} "{1}" must be a string.)rformatr:rC)clsrDrErrrr#s  z_Validators.check_stringN)r?r@rArB classmethodrCrr#rrrrr"sr"r )rBtypingrrr&rrrrrr firebase_adminr rrrCrrr"rrrrs ^