StorageAuthorizer to Swift (#10117)

Author: paulb777

FirebaseCombineSwift.podspec

@@ -51,11 +51,11 @@ for internal testing only. It should not be published.
   s.osx.framework = 'AppKit'
   s.tvos.framework = 'UIKit'
 
-  s.dependency 'FirebaseCore', '~> 9.0'
-  s.dependency 'FirebaseAuth', '~> 9.0'
-  s.dependency 'FirebaseFunctions', '~> 9.0'
-  s.dependency 'FirebaseFirestore', '~> 9.0'
-  s.dependency 'FirebaseStorage', '~> 9.0'
+  s.dependency 'FirebaseCore', '~> 9.5'
+  s.dependency 'FirebaseAuth', '~> 9.5'
+  s.dependency 'FirebaseFunctions', '~> 9.5'
+  s.dependency 'FirebaseFirestore', '~> 9.5'
+  s.dependency 'FirebaseStorage', '~> 9.5'
 
   s.pod_target_xcconfig = {
     'HEADER_SEARCH_PATHS' => '"${PODS_TARGET_SRCROOT}"',

FirebaseCombineSwift/Sources/Storage/StorageReference+Combine.swift

@@ -14,9 +14,9 @@
 
 #if canImport(Combine) && swift(>=5.0)
 
+  import Foundation
   import Combine
   import FirebaseStorage
-  import FirebaseStorageInternal
 
   @available(swift 5.0)
   @available(iOS 13.0, macOS 10.15, macCatalyst 13.0, tvOS 13.0, watchOS 6.0, *)

FirebaseCombineSwift/Tests/Integration/Storage/StorageIntegration.swift

@@ -289,7 +289,7 @@ class StorageIntegration: XCTestCase {
         case .finished:
           XCTFail("Unexpected success return from putFile)")
         case let .failure(error):
-          XCTAssertEqual(String(describing: error), "unknown")
+          XCTAssertTrue(String(describing: error).starts(with: "unknown"))
           expectation.fulfill()
         }
       }, receiveValue: { value in

FirebaseCombineSwift/Tests/Unit/Storage/StorageReferenceTests.swift

@@ -56,7 +56,7 @@ class StorageReferenceTests: XCTestCase {
       .sink { completion in
         if case let .failure(error) = completion {
           putFileExpectation.fulfill()
-          XCTAssertEqual("unknown", String(describing: error))
+          XCTAssertTrue(String(describing: error).starts(with: "unknown"))
         }
       } receiveValue: { metadata in
         XCTFail("💥 result unexpected")

FirebaseCore/Extension/FIRLogger.h

@@ -116,6 +116,21 @@ extern void FIRLogInfo(FIRLoggerService service, NSString *messageCode, NSString
 extern void FIRLogDebug(FIRLoggerService service, NSString *messageCode, NSString *message, ...)
     NS_FORMAT_FUNCTION(3, 4);
 
+// TODO: Come up with a better logging scheme for Swift.
+/**
+ * Logs a message to the Xcode console and the device log. If running from AppStore, will
+ * not log any messages with a level higher than FirebaseLoggerLevelNotice to avoid log spamming.
+ * This function is intended to be used by Swift clients that do not support variadic parameters.
+ * (required) log level (one of the FirebaseLoggerLevel enum values).
+ * (required) service name of type FirebaseLoggerService.
+ * (required) message code starting with "I-" which means iOS, followed by a capitalized
+ *            three-character service identifier and a six digit integer message ID that is unique
+ *            within the service.
+ *            An example of the message code is @"I-COR000001".
+ * (required) message string.
+ */
+extern void FIRLogDebugSwift(FIRLoggerService service, NSString *messageCode, NSString *message);
+
 #ifdef __cplusplus
 }  // extern "C"
 #endif  // __cplusplus

FirebaseCore/Sources/FIRLogger.m

@@ -157,6 +157,11 @@ void FIRLogBasic(FIRLoggerLevel level,
 FIR_LOGGING_FUNCTION(Info)
 FIR_LOGGING_FUNCTION(Debug)
 
+// Swift does not support variadic function calls
+void FIRLogDebugSwift(FIRLoggerService service, NSString *messageCode, NSString *message) {
+  FIRLogDebug(service, messageCode, @"%@", message);
+}
+
 #undef FIR_MAKE_LOGGER
 
 #pragma mark - FIRLoggerWrapper

FirebaseStorage.podspec

@@ -37,12 +37,11 @@ Firebase Storage provides robust, secure file uploads and downloads from Firebas
     'FirebaseStorage/Typedefs/*.h',
   ]
 
-  s.dependency 'FirebaseStorageInternal', '~> 9.0'
   s.dependency 'FirebaseAppCheckInterop', '~> 9.0'
   s.dependency 'FirebaseAuthInterop', '~> 9.0'
   s.dependency 'FirebaseCore', '~> 9.0'
-  s.dependency 'FirebaseCoreExtension', '~> 9.0'
-  s.dependency 'GTMSessionFetcher/Core', '>= 1.7', '< 3.0'
+  s.dependency 'FirebaseCoreExtension', '~> 9.5'
+  s.dependency 'GTMSessionFetcher/Core', '~> 2.1'
 
   s.test_spec 'ObjCIntegration' do |objc_tests|
     objc_tests.scheme = { :code_coverage => true }

FirebaseStorage/Sources/Internal/StorageTokenAuthorizer.swift

@@ -0,0 +1,124 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import Foundation
+
+import FirebaseAppCheckInterop
+import FirebaseAuthInterop
+import FirebaseCore
+@_implementationOnly import FirebaseCoreExtension
+
+#if COCOAPODS
+  import GTMSessionFetcher
+#else
+  import GTMSessionFetcherCore
+#endif
+
+internal class StorageTokenAuthorizer: NSObject, GTMSessionFetcherAuthorizer {
+  func authorizeRequest(_ request: NSMutableURLRequest?,
+                        completionHandler handler: @escaping (Error?) -> Void) {
+    // Set version header on each request
+    let versionString = "ios/\(FirebaseVersion())"
+    request?.setValue(versionString, forHTTPHeaderField: "x-firebase-storage-version")
+
+    // Set GMP ID on each request
+    request?.setValue(googleAppID, forHTTPHeaderField: "x-firebase-gmpid")
+
+    var tokenError: NSError?
+    let callbackQueue = fetcherService.callbackQueue ?? DispatchQueue.main
+    let fetchTokenGroup = DispatchGroup()
+    if let auth = auth {
+      fetchTokenGroup.enter()
+      auth.getToken(forcingRefresh: false) { token, error in
+        if let error = error as? NSError {
+          var errorDictionary = error.userInfo
+          errorDictionary["ResponseErrorDomain"] = error.domain
+          errorDictionary["ResponseErrorCode"] = error.code
+          errorDictionary[NSLocalizedDescriptionKey] =
+            "User is not authenticated, please authenticate" +
+            " using Firebase Authentication and try again."
+          tokenError = NSError(domain: "FIRStorageErrorDomain",
+                               code: StorageErrorCode.unauthenticated.rawValue,
+                               userInfo: errorDictionary)
+        } else if let token = token {
+          let firebaseToken = "Firebase \(token)"
+          request?.setValue(firebaseToken, forHTTPHeaderField: "Authorization")
+        }
+        fetchTokenGroup.leave()
+      }
+    }
+    if let appCheck = appCheck {
+      fetchTokenGroup.enter()
+      appCheck.getToken(forcingRefresh: false) { tokenResult in
+        request?.setValue(tokenResult.token, forHTTPHeaderField: "X-Firebase-AppCheck")
+
+        if let error = tokenResult.error {
+          // TODO: Define better way to use FIRLogger from Swift.
+          FIRLogDebugSwift(
+            "[FirebaseStorage]",
+            "I-STR000001",
+            "Failed to fetch AppCheck token. Error: \(error)"
+          )
+        }
+        fetchTokenGroup.leave()
+      }
+    }
+    fetchTokenGroup.notify(queue: callbackQueue) {
+      handler(tokenError)
+    }
+  }
+
+  func authorizeRequest(_ request: NSMutableURLRequest?, delegate: Any, didFinish sel: Selector) {
+    fatalError("Internal error: Should not call old authorizeRequest")
+  }
+
+  // Note that stopAuthorization, isAuthorizingRequest, and userEmail
+  // aren't relevant with the Firebase App/Auth implementation of tokens,
+  // and thus aren't implemented. Token refresh is handled transparently
+  // for us, and we don't allow the auth request to be stopped.
+  // Auth is also not required so the world doesn't stop.
+  func stopAuthorization() {}
+
+  func stopAuthorization(for request: URLRequest) {}
+
+  func isAuthorizingRequest(_ request: URLRequest) -> Bool {
+    return false
+  }
+
+  func isAuthorizedRequest(_ request: URLRequest) -> Bool {
+    guard let authHeader = request.allHTTPHeaderFields?["Authorization"] else {
+      return false
+    }
+    return authHeader.hasPrefix("Firebase")
+  }
+
+  var userEmail: String?
+
+  internal let fetcherService: GTMSessionFetcherService
+  private let googleAppID: String
+  private let auth: AuthInterop?
+  private let appCheck: AppCheckInterop?
+
+  private let serialAuthArgsQueue = DispatchQueue(label: "com.google.firebasestorage.authorizer")
+
+  init(googleAppID: String,
+       fetcherService: GTMSessionFetcherService,
+       authProvider: AuthInterop?,
+       appCheck: AppCheckInterop?) {
+    self.googleAppID = googleAppID
+    self.fetcherService = fetcherService
+    auth = authProvider
+    self.appCheck = appCheck
+  }
+}

FirebaseStorage/Sources/Storage.swift

@@ -14,7 +14,6 @@
 
 import Foundation
 
-import FirebaseStorageInternal
 import FirebaseCore
 import FirebaseAppCheckInterop
 import FirebaseAuthInterop
@@ -286,7 +285,7 @@ import FirebaseAuthInterop
       fetcherService?.isRetryEnabled = true
       fetcherService?.retryBlock = retryWhenOffline
       fetcherService?.allowLocalhostRequest = true
-      let authorizer = FIRStorageTokenAuthorizer(
+      let authorizer = StorageTokenAuthorizer(
         googleAppID: app.options.googleAppID,
         fetcherService: fetcherService!,
         authProvider: auth,