Skip to content

add authcontxt params to database_event#270

Open
kushalpalesha wants to merge 6 commits intomainfrom
kp/rtdb
Open

add authcontxt params to database_event#270
kushalpalesha wants to merge 6 commits intomainfrom
kp/rtdb

Conversation

@kushalpalesha
Copy link

@kushalpalesha kushalpalesha commented Mar 3, 2026
edited
Loading

Description
Add authctxt fields so users can access them in their v2 functions.

Code sample

@db_fn.on_value_written(reference="/messages/{pushId}/original")
def makeuppercase_ifnotadmin(event: db_fn.Event[db_fn.Change]) -> None:
    """Listens for new messages added to /messages/{pushId}/original and
    creates an uppercase version of the message to /messages/{pushId}/uppercase
    """
  
    # Only edit data if it is not from admin
    if event.auth_type == "admin":
        return

    # Only edit data when it is first created.
    if event.data.before is not None:
        return

    # Exit when the data is deleted.
    if event.data.after is None:
        return

    # Grab the value that was written to the Realtime Database.
    original = event.data.after
    if not hasattr(original, "upper"):
        print(f"Not a string: {event.reference}")
        return

    # Use the Admin SDK to set an "uppercase" sibling.
    print(f"Uppercasing {event.params['pushId']}: {original}")
    upper = original.upper()
    parent = db.reference(event.reference).parent
    if parent is None:
        print("Message can't be root node.")
        return
    parent.child("uppercase").set(upper)

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Mar 3, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances Firebase Realtime Database functions by exposing authentication context directly within the Event object. This change enables developers to write more sophisticated and secure database triggers that can react differently based on the type of user or principal initiating the event, such as distinguishing between app users, administrators, or unauthenticated requests.

Highlights

  • Authentication Context: Added auth_type and auth_id fields to the Event object for Realtime Database functions, allowing users to access authentication details.
  • Type Definition: Introduced a new AuthType literal type to define possible authentication types (e.g., 'app_user', 'admin', 'unauthenticated', 'unknown').
  • Event Population: Modified the internal event handler to extract and populate the new auth_type and auth_id fields from incoming event attributes.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • src/firebase_functions/db_fn.py
    • Defined AuthType as a _typing.Literal for authentication types.
    • Added auth_type and auth_id fields to the Event dataclass.
    • Updated _db_endpoint_handler to populate auth_type and auth_id from event attributes.
  • tests/test_db.py
    • Modified the mock event attributes to include authtype and authid.
    • Added assertions to verify that the Event object correctly receives and stores the new authentication context fields.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces auth_type and auth_id fields to the database event, enabling developers to access authentication context within their v2 database functions. While this is a useful addition, a critical security vulnerability was identified due to an inconsistency between the AuthType literal definition and the test data, which could lead to logic errors in security checks. Additionally, there's a potential Denial of Service (DoS) vulnerability stemming from improper handling of optional CloudEvent attributes (time and subject). It is recommended to align type hints with actual data values and use safer methods for accessing optional event attributes to mitigate these risks.

@firebase firebase deleted a comment from gemini-code-assist bot Mar 3, 2026
@kushalpalesha
Copy link
Author

kushalpalesha commented Mar 3, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request successfully adds auth_type and auth_id to the database event, enabling users to access authentication context in their v2 functions. The implementation is clean, and the new fields are correctly populated from event attributes. The tests have been updated to cover the case where auth context is present. I've included one suggestion to enhance test coverage by also testing the case where auth context is missing.

@kushalpalesha
Copy link
Author

kushalpalesha commented Mar 3, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds auth_type and auth_id fields to the database.Event object, allowing developers to access authentication context within their v2 database functions. The changes are well-implemented, with appropriate type definitions and safe handling of potentially missing attributes. The accompanying tests effectively verify both the presence of auth context and the default behavior when it's absent. I have one minor suggestion in the test file to improve code consistency.

@kushalpalesha @gemini-code-assist
Update tests/test_db.py
d721821 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 3, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds auth_type and auth_id to the database event, exposing the authentication context to user functions. The Event dataclass is updated with the new fields, and they are populated from the incoming CloudEvent. The implementation is straightforward and includes corresponding tests to verify the new functionality, covering cases with and without authentication context. The changes are correct and well-implemented.

shettyvarun268
shettyvarun268 approved these changes Mar 5, 2026
View reviewed changes
Copy link

@shettyvarun268 shettyvarun268 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shettyvarun268 shettyvarun268 shettyvarun268 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@shettyvarun268 shettyvarun268

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kushalpalesha @shettyvarun268