tanam/triggers/users.js

Pluggable CMS for Firebase

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_js_1 = require("crypto-js");
const admin = require("firebase-admin");
const functions = require("firebase-functions");
const configService = require("../services/config.service");
const siteService = require("../services/site-info.service");
exports.createUser = functions.auth.user().onCreate((firebaseUser) => __awaiter(this, void 0, void 0, function* () {
    const tanamConfig = configService.getConfig();
    const tanamConfigRole = tanamConfig.users ? tanamConfig.users[firebaseUser.email] : null;
    const envRole = firebaseUser.email === process.env.TANAM_OWNER ? 'superAdmin' : null;
    const initialRole = envRole || tanamConfigRole;
    // Use gravatar as default if photoUrl isn't specified in user data
    // https://en.gravatar.com/site/implement/images/
    const gravatarHash = crypto_js_1.MD5(firebaseUser.email || firebaseUser.uid).toString().toLowerCase();
    const user = {
        uid: firebaseUser.uid,
        name: firebaseUser.displayName || firebaseUser.email,
        email: firebaseUser.email,
        photoUrl: firebaseUser.photoURL || `https://www.gravatar.com/avatar/${gravatarHash}.jpg?s=1024&d=identicon`,
        roles: !!initialRole ? [initialRole] : [],
    };
    console.log(`Creating account: ${JSON.stringify({ user })}`);
    return Promise.all([
        siteService.initializeSite(),
        admin.firestore()
            .collection('tanam').doc(process.env.GCLOUD_PROJECT)
            .collection('users').doc(firebaseUser.uid)
            .set(user),
        setUserRoleToAuth(user),
    ]);
}));
exports.deleteUser = functions.auth.user().onDelete(firebaseUser => {
    console.log(`Deleting account: ${JSON.stringify({ firebaseUser })}`);
    return admin.firestore()
        .collection('tanam').doc(process.env.GCLOUD_PROJECT)
        .collection('users').doc(firebaseUser.uid)
        .delete();
});
exports.updateAuthRoles = functions.firestore.document('tanam/{siteId}/users/{uid}').onUpdate((change, context) => {
    const uid = context.params.uid;
    const userBefore = change.before.data();
    const userAfter = change.after.data();
    const promises = [];
    if (userBefore.roles.length !== userAfter.roles.length
        || userBefore.roles.some((role) => userAfter.roles.indexOf(role) === -1)) {
        promises.push(setUserRoleToAuth({ uid: uid, roles: userAfter.roles }));
    }
    return Promise.all(promises);
});
function setUserRoleToAuth({ uid, roles }) {
    const customClaims = { tanam: { [process.env.GCLOUD_PROJECT]: roles } };
    console.log(`[setUserRoleToAuth] ${JSON.stringify({ uid, customClaims })}`);
    return admin.auth().setCustomUserClaims(uid, customClaims);
}
//# sourceMappingURL=users.js.map