Add Auth Blocking samples for v1 & v2 functions (#1003)

Author: colerogers

2nd-gen/auth-blocking-functions/.gitignore

@@ -0,0 +1,66 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+firebase-debug.log*
+firebase-debug.*.log*
+
+# Firebase cache
+.firebase/
+
+# Firebase config
+
+# Uncomment this if you'd like others to create their own Firebase project.
+# For a team working on the same Firebase project(s), it is recommended to leave
+# it commented so all members can deploy to the same project(s) in .firebaserc.
+# .firebaserc
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env

2nd-gen/auth-blocking-functions/README.md

@@ -0,0 +1,25 @@
+# Firebase SDK for Cloud Functions 2nd Gen Quickstart - Auth Blocking Functions
+================================================
+
+The Auth Blocking functions Quickstart demonstrates how to block account sign in and creation when using Firebase Auth or Google Cloud Identity Platform in a Firebase App.
+
+
+- [Read more about auth blocking functions](https://firebase.google.com/docs/auth/extend-with-blocking-functions)
+- [Read more about Cloud Functions for Firebase](https://firebase.google.com/docs/functions/)
+
+
+Getting Started
+---------------
+
+To try this sample, you need a test app with Firebase Auth and Cloud Firestore enabled. Don't use a live app with real users!
+
+1. Install dependencies with `npm install`
+2. Deploy the functions with `firebase deploy --only functions`
+3. Try to create an account using an email address with a domain _other than_ `@acme.com`. It should fail.
+4. Add an existing user's email address to the `banned` collection in Cloud Firestore. Then, try to sign in as that user. It should fail.
+
+
+License
+-------
+
+© Google, 2022. Licensed under an [Apache-2](../../../LICENSE) license.

2nd-gen/auth-blocking-functions/firebase.json

@@ -0,0 +1,7 @@
+{
+  "functions": {
+    "predeploy": [
+      "npm --prefix \"$RESOURCE_DIR\" run lint"
+    ]
+  }
+}

2nd-gen/auth-blocking-functions/functions/.eslintrc.js

@@ -0,0 +1,14 @@
+module.exports = {
+  root: true,
+  env: {
+    es6: true,
+    node: true,
+  },
+  extends: [
+    "eslint:recommended",
+    "google",
+  ],
+  rules: {
+    quotes: ["error", "double"],
+  },
+};

2nd-gen/auth-blocking-functions/functions/.gitignore

@@ -0,0 +1 @@
+node_modules/

2nd-gen/auth-blocking-functions/functions/index.js

@@ -0,0 +1,66 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const {beforeUserCreated, beforeUserSignedIn, HttpsError} = require("firebase-functions/v2/identity");
+const {admin} = require("firebase-admin");
+
+admin.initializeApp();
+const db = admin.firestore();
+
+// [START v2ValidateNewUser]
+// [START v2beforeCreateFunctionTrigger]
+// Block account creation with any non-acme email address.
+exports.validatenewuser = beforeUserCreated((event) => {
+  // [END v2beforeCreateFunctionTrigger]
+  // [START v2readUserData]
+  // User data passed in from the CloudEvent.
+  const user = event.data;
+  // [END v2readUserData]
+
+  // [START v2domainHttpsError]
+  // Only users of a specific domain can sign up.
+  if (!user?.email?.includes('@acme.com')) {
+    // Throwing an HttpsError so that the Auth service rejects the account creation.
+    throw new HttpsError('invalid-argument', "Unauthorized email");
+  }
+  // [END v2domainHttpsError]
+});
+// [END v2ValidateNewUser]
+
+// [START v2CheckForBan]
+// [START v2beforeSignInFunctionTrigger]
+// Block account sign in with any banned account.
+exports.checkforban = beforeUserSignedIn(async (event) => {
+  // [END v2beforeSignInFunctionTrigger]
+  // [START v2readEmailData]
+  // Email passed from the CloudEvent.
+  const email = event.data.email || "";
+  // [END v2readEmailData]
+
+  // [START v2documentGet]
+  // Obtain a document in Firestore of the banned email address.
+  const doc = await db.collection("banned").doc(email).get();
+  // [END v2documentGet]
+
+  // [START v2bannedHttpsError]
+  // Checking that the document exists for the email address.
+  if (doc.exists) {
+    // Throwing an HttpsError so that the Auth service rejects the account sign in.
+    throw new HttpsError('invalid-argument', "Unauthorized email");
+  }
+  // [END v2bannedHttpsError]
+});
+// [START v2CheckForBan]

2nd-gen/auth-blocking-functions/functions/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "functions",
+  "description": "Cloud Functions for Firebase",
+  "scripts": {
+    "lint": "eslint .",
+    "serve": "firebase emulators:start --only functions",
+    "shell": "firebase functions:shell",
+    "start": "npm run shell",
+    "deploy": "firebase deploy --only functions",
+    "logs": "firebase functions:log"
+  },
+  "engines": {
+    "node": "16"
+  },
+  "main": "index.js",
+  "dependencies": {
+    "firebase-admin": "^10.1.0",
+    "firebase-functions": "^3.22.0"
+  },
+  "devDependencies": {
+    "eslint": "^8.9.0",
+    "eslint-config-google": "^0.14.0",
+    "firebase-functions-test": "^0.2.0"
+  },
+  "private": true
+}

auth-blocking-functions/.gitignore

@@ -0,0 +1,66 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+firebase-debug.log*
+firebase-debug.*.log*
+
+# Firebase cache
+.firebase/
+
+# Firebase config
+
+# Uncomment this if you'd like others to create their own Firebase project.
+# For a team working on the same Firebase project(s), it is recommended to leave
+# it commented so all members can deploy to the same project(s) in .firebaserc.
+# .firebaserc
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env

auth-blocking-functions/README.md

@@ -0,0 +1,25 @@
+# Firebase SDK for Cloud Functions Quickstart - Auth Blocking Functions
+================================================
+
+The Auth Blocking functions Quickstart demonstrates how to block account sign in and creation when using Firebase Auth or Google Cloud Identity Platform in a Firebase App.
+
+
+- [Read more about auth blocking functions](https://firebase.google.com/docs/auth/extend-with-blocking-functions)
+- [Read more about Cloud Functions for Firebase](https://firebase.google.com/docs/functions/)
+
+
+Getting Started
+---------------
+
+To try this sample, you need a test app with Firebase Auth and Cloud Firestore enabled. Don't use a live app with real users!
+
+1. Install dependencies with `npm install`
+2. Deploy the functions with `firebase deploy --only functions`
+3. Try to create an account using an email address with a domain _other than_ `@acme.com`. It should fail.
+4. Add an existing user's email address to the `banned` collection in Cloud Firestore. Then, try to sign in as that user. It should fail.
+
+
+License
+-------
+
+© Google, 2022. Licensed under an [Apache-2](../../../LICENSE) license.

auth-blocking-functions/firebase.json

@@ -0,0 +1,7 @@
+{
+  "functions": {
+    "predeploy": [
+      "npm --prefix \"$RESOURCE_DIR\" run lint"
+    ]
+  }
+}