o  i@sdZddlmZmZddlZddlmZmZmZmZddlm Z m Z m Z ddl m Z dZdefd d Zdd edeeeffd d ZGdddZGdddZdS)zFirebase App Check module.)AnyDictN) PyJWKClientExpiredSignatureErrorInvalidTokenError DecodeError)InvalidAudienceErrorInvalidIssuerErrorInvalidSignatureError)_utils _app_checkreturncCst|ttSN)r get_app_service_APP_CHECK_ATTRIBUTE_AppCheckService)apprx/var/www/snowflake_co_dev_github/snow_flake_back_end_deploy/env/lib/python3.10/site-packages/firebase_admin/app_check.py_get_app_check_servicesrtokencCst||S)aVerifies a Firebase App Check token. Args: token: A token from App Check. app: An App instance (optional). Returns: Dict[str, Any]: The token's decoded claims. Raises: ValueError: If the app's ``project_id`` is invalid or unspecified, or if the token's headers or payload are invalid. PyJWKClientError: If PyJWKClient fails to fetch a valid signing key. )r verify_token)rrrrrrsrc@sveZdZdZdZdZdZdZdZde iZ ddZ de d ee effd d Zd ed dfd dZde de fddZdS)rz?Service class that implements Firebase App Check functionality.z(https://firebaseappcheck.googleapis.com/z/https://firebaseappcheck.googleapis.com/v1/jwksNzx-goog-api-clientcCs:|j|_|js tdd|j|_t|jd|jd|_dS)NzA project ID must be specified to access the App Check service. Either set the projectId option, use service account credentials, or set the GOOGLE_CLOUD_PROJECT environment variable.z projects/i`T)lifespanheaders) project_id _project_id ValueError_scoped_project_idr _JWKS_URL_APP_CHECK_HEADERS _jwks_client)selfrrrr__init__:s   z_AppCheckService.__init__rr c Csztd|z|j|}|t||||j}Wnt t fy3}zt d||d}~ww| d|d<|S)z$Verifies a Firebase App Check token.zapp check tokenz)Verifying App Check token failed. Error: Nsubapp_id) _Validators check_stringr get_signing_key_from_jwt_has_valid_token_headersjwtget_unverified_header_decode_and_verifykeyrrrget)r!r signing_keyverified_claims exceptionrrrrIs  z_AppCheckService.verify_tokenrcCs<|ddkr td|d}|dkrtd|ddS) z9Checks whether the token has valid headers for App Check.typJWTz9The provided App Check token has an incorrect type headeralgRS256zQThe provided App Check token has an incorrect alg header. Expected RS256 but got .N)r-r)r!r algorithmrrrr(\s z)_AppCheckService._has_valid_token_headersr.c Cs0i}z tj||dg|jd}Wn]ty }ztd|d}~wty5}z td|jd|d}~wtyI}z td|j|d}~wtyY}ztd|d}~wt yl}ztd ||d}~ww| d }t |t r||j|vrtd | d  |jstd td| d|S)z.Decodes and verifies the token from App Check.r4) algorithmsaudiencez6The provided App Check token has an invalid signature.NzbThe provided App Check token has an incorrect "aud" (audience) claim. Expected payload to include r5z^The provided App Check token has an incorrect "iss" (issuer) claim. Expected claim to include z)The provided App Check token has expired.z(Decoding App Check token failed. Error: audz>Firebase App Check token has incorrect "aud" (audience) claim.issz2Token does not contain the correct "iss" (issuer).z2The provided App Check token "sub" (subject) claimr#)r)decoderr rrr _APP_CHECK_ISSUERrrr- isinstancelist startswithr%r&)r!rr.payloadr0r8rrrr+ist  z#_AppCheckService._decode_and_verify)__name__ __module__ __qualname____doc__r<rrrr r get_metrics_headerrr"strrrrr(r+rrrrr-s rc@s&eZdZdZededefddZdS)r%zA collection of data validation utilities. Methods provided in this class raise ``ValueErrors`` if any validations fail. labelvaluecCs>|durt|d|dt|tst|d|ddS)z&Checks if the given value is a string.Nz "z" must be a non-empty string.z" must be a string.)rr=rF)clsrGrHrrrr&s  z_Validators.check_stringN)rArBrCrD classmethodrFrr&rrrrr%sr%r)rDtypingrrr)rrrrrr r firebase_adminr rrrFrrr%rrrrs h