Lines 1-38javascript
2 * Firebase Anonymous Auth client for Bridge Server.
4 * Uses the Firebase Auth REST API directly instead of the client SDK
5 * to avoid Node.js compatibility issues with the browser-oriented SDK.
7 * Each Bridge instance signs in anonymously and obtains:
8 * - A unique UID (used as bridgeId)
9 * - An ID token (used as Bearer token for Cloud Functions)
11 * Credentials are persisted to ~/.ccpocket/firebase-credentials.json
12 * so that Bridge restarts reuse the same UID instead of creating
13 * a new anonymous account each time.
15import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
16import { homedir } from "node:os";
17import { dirname, join } from "node:path";
18const FIREBASE_API_KEY = "AIzaSyAptNnokWPqJIgv2Lr3I8ETN6bqZb5BGvc";
HighHigh Secret
Package contains a high-severity secret pattern.
dist/firebase-auth.jsView on unpkg · L18 19const SIGN_UP_URL = `https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=${FIREBASE_API_KEY}`;
20const REFRESH_URL = `https://securetoken.googleapis.com/v1/token?key=${FIREBASE_API_KEY}`;
21const CREDENTIALS_DIR = join(homedir(), ".ccpocket");
22const CREDENTIALS_FILE = join(CREDENTIALS_DIR, "firebase-credentials.json");
23class FirebaseTokenRefreshError extends Error {
26 constructor(status, responseText) {
27 super(`Firebase token refresh failed (${status}): ${responseText}`);
29 this.responseText = responseText;
32function isRecoverableRefreshError(err) {
33 return err instanceof FirebaseTokenRefreshError && err.status === 400;
35function loadCredentials(credentialsFile) {
37 if (!existsSync(credentialsFile))