vendor/kreait/firebase-php/src/Firebase/Factory.php line 516

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Kreait\Firebase;
  7. use Firebase\Auth\Token\Cache\InMemoryCache;
  8. use Firebase\Auth\Token\Domain\Generator;
  9. use Firebase\Auth\Token\Domain\Verifier;
  10. use Firebase\Auth\Token\Generator as CustomTokenGenerator;
  11. use Firebase\Auth\Token\HttpKeyStore;
  12. use Firebase\Auth\Token\TenantAwareGenerator;
  13. use Firebase\Auth\Token\TenantAwareVerifier;
  14. use Firebase\Auth\Token\Verifier as LegacyIdTokenVerifier;
  15. use Google\Auth\ApplicationDefaultCredentials;
  16. use Google\Auth\Cache\MemoryCacheItemPool;
  17. use Google\Auth\Credentials\AppIdentityCredentials;
  18. use Google\Auth\Credentials\GCECredentials;
  19. use Google\Auth\Credentials\ServiceAccountCredentials;
  20. use Google\Auth\Credentials\UserRefreshCredentials;
  21. use Google\Auth\CredentialsLoader;
  22. use Google\Auth\FetchAuthTokenCache;
  23. use Google\Auth\FetchAuthTokenInterface;
  24. use Google\Auth\HttpHandler\HttpHandlerFactory;
  25. use Google\Auth\Middleware\AuthTokenMiddleware;
  26. use Google\Auth\ProjectIdProviderInterface;
  27. use Google\Auth\SignBlobInterface;
  28. use Google\Cloud\Firestore\FirestoreClient;
  29. use Google\Cloud\Storage\StorageClient;
  30. use GuzzleHttp\Client;
  31. use GuzzleHttp\HandlerStack;
  32. use GuzzleHttp\MessageFormatter;
  33. use GuzzleHttp\Psr7\Utils as GuzzleUtils;
  34. use GuzzleHttp\RequestOptions;
  35. use Kreait\Clock;
  36. use Kreait\Clock\SystemClock;
  37. use Kreait\Firebase;
  38. use Kreait\Firebase\Auth\CustomTokenViaGoogleIam;
  39. use Kreait\Firebase\Auth\DisabledLegacyCustomTokenGenerator;
  40. use Kreait\Firebase\Auth\DisabledLegacyIdTokenVerifier;
  41. use Kreait\Firebase\Auth\IdTokenVerifier;
  42. use Kreait\Firebase\Auth\TenantId;
  43. use Kreait\Firebase\Exception\InvalidArgumentException;
  44. use Kreait\Firebase\Exception\MessagingApiExceptionConverter;
  45. use Kreait\Firebase\Exception\RuntimeException;
  46. use Kreait\Firebase\Http\HttpClientOptions;
  47. use Kreait\Firebase\Http\Middleware;
  48. use Kreait\Firebase\Project\ProjectId;
  49. use Kreait\Firebase\Value\Email;
  50. use Kreait\Firebase\Value\Url;
  51. use Psr\Cache\CacheItemPoolInterface;
  52. use Psr\Http\Message\UriInterface;
  53. use Psr\Log\LoggerInterface;
  54. use Psr\Log\LogLevel;
  55. use Psr\SimpleCache\CacheInterface;
  56. use Throwable;
  58. class Factory
  59. {
  60.     public const API_CLIENT_SCOPES = [
  61.         'https://www.googleapis.com/auth/iam',
  62.         'https://www.googleapis.com/auth/cloud-platform',
  63.         'https://www.googleapis.com/auth/firebase',
  64.         'https://www.googleapis.com/auth/firebase.database',
  65.         'https://www.googleapis.com/auth/firebase.messaging',
  66.         'https://www.googleapis.com/auth/firebase.remoteconfig',
  67.         'https://www.googleapis.com/auth/userinfo.email',
  68.         'https://www.googleapis.com/auth/securetoken',
  69.     ];
  71.     protected ?UriInterface $databaseUri null;
  73.     protected ?string $defaultStorageBucket null;
  75.     protected ?ServiceAccount $serviceAccount null;
  77.     protected ?FetchAuthTokenInterface $googleAuthTokenCredentials null;
  79.     protected ?ProjectId $projectId null;
  81.     protected ?Email $clientEmail null;
  83.     protected CacheInterface $verifierCache;
  85.     protected CacheItemPoolInterface $authTokenCache;
  87.     protected bool $discoveryIsDisabled false;
  89.     protected bool $guzzleDebugModeIsEnabled false;
  91.     /**
  92.      * @deprecated 5.7.0 Use {@see withClientOptions} instead.
  93.      */
  94.     protected ?string $httpProxy null;
  96.     protected static string $databaseUriPattern 'https://%s.firebaseio.com';
  98.     protected static string $storageBucketNamePattern '%s.appspot.com';
  100.     protected Clock $clock;
  102.     /** @var callable|null */
  103.     protected $httpLogMiddleware;
  105.     /** @var callable|null */
  106.     protected $httpDebugLogMiddleware;
  108.     /** @var callable|null */
  109.     protected $databaseAuthVariableOverrideMiddleware;
  111.     protected ?TenantId $tenantId null;
  113.     protected HttpClientOptions $httpClientOptions;
  115.     public function __construct()
  116.     {
  117.         $this->clock = new SystemClock();
  118.         $this->verifierCache = new InMemoryCache();
  119.         $this->authTokenCache = new MemoryCacheItemPool();
  120.         $this->httpClientOptions HttpClientOptions::default();
  121.     }
  123.     /**
  124.      * @param string|array<string, string>|ServiceAccount $value
  125.      */
  126.     public function withServiceAccount($value): self
  127.     {
  128.         $serviceAccount ServiceAccount::fromValue($value);
  130.         $factory = clone $this;
  131.         $factory->serviceAccount $serviceAccount;
  133.         return $factory
  134.             ->withProjectId($serviceAccount->getProjectId())
  135.             ->withClientEmail($serviceAccount->getClientEmail())
  136.         ;
  137.     }
  139.     public function withProjectId(string $projectId): self
  140.     {
  141.         $factory = clone $this;
  142.         $factory->projectId ProjectId::fromString($projectId);
  144.         return $factory;
  145.     }
  147.     public function withClientEmail(string $clientEmail): self
  148.     {
  149.         $factory = clone $this;
  150.         $factory->clientEmail = new Email($clientEmail);
  152.         return $factory;
  153.     }
  155.     public function withTenantId(string $tenantId): self
  156.     {
  157.         $factory = clone $this;
  158.         $factory->tenantId TenantId::fromString($tenantId);
  160.         return $factory;
  161.     }
  163.     public function withDisabledAutoDiscovery(): self
  164.     {
  165.         $factory = clone $this;
  166.         $factory->discoveryIsDisabled true;
  168.         return $factory;
  169.     }
  171.     /**
  172.      * @param UriInterface|string $uri
  173.      */
  174.     public function withDatabaseUri($uri): self
  175.     {
  176.         $factory = clone $this;
  177.         $factory->databaseUri GuzzleUtils::uriFor($uri);
  179.         return $factory;
  180.     }
  182.     /**
  183.      * The object to use as the `auth` variable in your Realtime Database Rules
  184.      * when the Admin SDK reads from or writes to the Realtime Database.
  185.      *
  186.      * This allows you to downscope the Admin SDK from its default full read and
  187.      * write privileges. You can pass `null` to act as an unauthenticated client.
  188.      *
  189.      * @see https://firebase.google.com/docs/database/admin/start#authenticate-with-limited-privileges
  190.      *
  191.      * @param array<string, mixed>|null $override
  192.      */
  193.     public function withDatabaseAuthVariableOverride(?array $override): self
  194.     {
  195.         $factory = clone $this;
  196.         $factory->databaseAuthVariableOverrideMiddleware Middleware::addDatabaseAuthVariableOverride($override);
  198.         return $factory;
  199.     }
  201.     public function withDefaultStorageBucket(string $name): self
  202.     {
  203.         $factory = clone $this;
  204.         $factory->defaultStorageBucket $name;
  206.         return $factory;
  207.     }
  209.     public function withVerifierCache(CacheInterface $cache): self
  210.     {
  211.         $factory = clone $this;
  212.         $factory->verifierCache $cache;
  214.         return $factory;
  215.     }
  217.     public function withAuthTokenCache(CacheItemPoolInterface $cache): self
  218.     {
  219.         $factory = clone $this;
  220.         $factory->authTokenCache $cache;
  222.         return $factory;
  223.     }
  225.     public function withEnabledDebug(?LoggerInterface $logger null): self
  226.     {
  227.         $factory = clone $this;
  229.         if ($logger !== null) {
  230.             $factory $factory->withHttpDebugLogger($logger);
  231.         } else {
  232.             Firebase\Util\Deprecation::trigger(__METHOD__.' without a '.LoggerInterface::class);
  233.             // @codeCoverageIgnoreStart
  234.             $factory->guzzleDebugModeIsEnabled true;
  235.             // @codeCoverageIgnoreEnd
  236.         }
  238.         return $factory;
  239.     }
  241.     public function withHttpClientOptions(HttpClientOptions $options): self
  242.     {
  243.         $factory = clone $this;
  244.         $factory->httpClientOptions $options;
  246.         return $factory;
  247.     }
  249.     public function withHttpLogger(LoggerInterface $logger, ?MessageFormatter $formatter null, ?string $logLevel null, ?string $errorLogLevel null): self
  250.     {
  251.         $formatter $formatter ?: new MessageFormatter();
  252.         $logLevel $logLevel ?: LogLevel::INFO;
  253.         $errorLogLevel $errorLogLevel ?: LogLevel::NOTICE;
  255.         $factory = clone $this;
  256.         $factory->httpLogMiddleware Middleware::log($logger$formatter$logLevel$errorLogLevel);
  258.         return $factory;
  259.     }
  261.     public function withHttpDebugLogger(LoggerInterface $logger, ?MessageFormatter $formatter null, ?string $logLevel null, ?string $errorLogLevel null): self
  262.     {
  263.         $formatter $formatter ?: new MessageFormatter(MessageFormatter::DEBUG);
  264.         $logLevel $logLevel ?: LogLevel::INFO;
  265.         $errorLogLevel $errorLogLevel ?: LogLevel::NOTICE;
  267.         $factory = clone $this;
  268.         $factory->httpDebugLogMiddleware Middleware::log($logger$formatter$logLevel$errorLogLevel);
  270.         return $factory;
  271.     }
  273.     public function withHttpProxy(string $proxy): self
  274.     {
  275.         $factory $this->withHttpClientOptions(
  276.             $this->httpClientOptions->withProxy($proxy)
  277.         );
  279.         $factory->httpProxy $factory->httpClientOptions->proxy();
  281.         return $factory;
  282.     }
  284.     public function withClock(Clock $clock): self
  285.     {
  286.         $factory = clone $this;
  287.         $factory->clock $clock;
  289.         return $factory;
  290.     }
  292.     protected function getServiceAccount(): ?ServiceAccount
  293.     {
  294.         if ($this->serviceAccount !== null) {
  295.             return $this->serviceAccount;
  296.         }
  298.         if ($credentials Util::getenv('FIREBASE_CREDENTIALS')) {
  299.             return $this->serviceAccount ServiceAccount::fromValue($credentials);
  300.         }
  302.         if ($this->discoveryIsDisabled) {
  303.             return null;
  304.         }
  306.         if ($credentials Util::getenv('GOOGLE_APPLICATION_CREDENTIALS')) {
  307.             try {
  308.                 return $this->serviceAccount ServiceAccount::fromValue($credentials);
  309.             } catch (InvalidArgumentException $e) {
  310.                 // Do nothing, continue trying
  311.             }
  312.         }
  314.         // @codeCoverageIgnoreStart
  315.         // We can't reliably test this without re-implementing it ourselves
  316.         if ($credentials CredentialsLoader::fromWellKnownFile()) {
  317.             try {
  318.                 return $this->serviceAccount ServiceAccount::fromValue($credentials);
  319.             } catch (InvalidArgumentException $e) {
  320.                 // Do nothing, continue trying
  321.             }
  322.         }
  323.         // @codeCoverageIgnoreEnd
  325.         // ... or don't
  326.         return null;
  327.     }
  329.     protected function getProjectId(): ?ProjectId
  330.     {
  331.         if ($this->projectId !== null) {
  332.             return $this->projectId;
  333.         }
  335.         $serviceAccount $this->getServiceAccount();
  337.         if ($serviceAccount !== null) {
  338.             return $this->projectId ProjectId::fromString($serviceAccount->getProjectId());
  339.         }
  341.         if ($this->discoveryIsDisabled) {
  342.             return null;
  343.         }
  345.         if (
  346.             ($credentials $this->getGoogleAuthTokenCredentials())
  347.             && ($credentials instanceof ProjectIdProviderInterface)
  348.             && ($projectId $credentials->getProjectId())
  349.         ) {
  350.             return $this->projectId ProjectId::fromString($projectId);
  351.         }
  353.         if ($projectId Util::getenv('GOOGLE_CLOUD_PROJECT')) {
  354.             return $this->projectId ProjectId::fromString($projectId);
  355.         }
  357.         if ($projectId Util::getenv('GCLOUD_PROJECT')) {
  358.             return $this->projectId ProjectId::fromString($projectId);
  359.         }
  361.         return null;
  362.     }
  364.     protected function getClientEmail(): ?Email
  365.     {
  366.         if ($this->clientEmail !== null) {
  367.             return $this->clientEmail;
  368.         }
  370.         $serviceAccount $this->getServiceAccount();
  372.         if ($serviceAccount !== null) {
  373.             return $this->clientEmail = new Email($serviceAccount->getClientEmail());
  374.         }
  376.         if ($this->discoveryIsDisabled) {
  377.             return null;
  378.         }
  380.         try {
  381.             if (
  382.                 ($credentials $this->getGoogleAuthTokenCredentials())
  383.                 && ($credentials instanceof SignBlobInterface)
  384.                 && ($clientEmail $credentials->getClientName())
  385.             ) {
  386.                 return $this->clientEmail = new Email($clientEmail);
  387.             }
  388.         } catch (Throwable $e) {
  389.             return null;
  390.         }
  392.         return null;
  393.     }
  395.     protected function getDatabaseUri(): UriInterface
  396.     {
  397.         if ($this->databaseUri !== null) {
  398.             return $this->databaseUri;
  399.         }
  401.         $projectId $this->getProjectId();
  403.         if ($projectId !== null) {
  404.             return $this->databaseUri GuzzleUtils::uriFor(\sprintf(self::$databaseUriPattern$projectId->sanitizedValue()));
  405.         }
  407.         throw new RuntimeException('Unable to build a database URI without a project ID');
  408.     }
  410.     protected function getStorageBucketName(): ?string
  411.     {
  412.         if ($this->defaultStorageBucket) {
  413.             return $this->defaultStorageBucket;
  414.         }
  416.         $projectId $this->getProjectId();
  418.         if ($projectId !== null) {
  419.             return $this->defaultStorageBucket \sprintf(self::$storageBucketNamePattern$projectId->sanitizedValue());
  420.         }
  422.         return null;
  423.     }
  425.     public function createAuth(): Contract\Auth
  426.     {
  427.         $projectId $this->getProjectId();
  428.         $tenantId $this->tenantId;
  430.         $httpClient $this->createApiClient([
  431.             'base_uri' => 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/',
  432.         ]);
  434.         $authApiClient = new Auth\ApiClient($httpClient$tenantId);
  435.         $customTokenGenerator $this->createCustomTokenGenerator();
  436.         $idTokenVerifier $this->createIdTokenVerifier();
  437.         $signInHandler = new Firebase\Auth\SignIn\GuzzleHandler($httpClient);
  439.         return new Auth($authApiClient$httpClient$customTokenGenerator$idTokenVerifier$signInHandler$tenantId$projectId);
  440.     }
  442.     public function createCustomTokenGenerator(): Generator
  443.     {
  444.         $serviceAccount $this->getServiceAccount();
  445.         $clientEmail $this->getClientEmail();
  446.         $privateKey $serviceAccount !== null $serviceAccount->getPrivateKey() : '';
  448.         if ($clientEmail && $privateKey !== '') {
  449.             if ($this->tenantId !== null) {
  450.                 return new TenantAwareGenerator($this->tenantId->toString(), (string) $clientEmail$privateKey);
  451.             }
  453.             return new CustomTokenGenerator((string) $clientEmail$privateKey);
  454.         }
  456.         if ($clientEmail !== null) {
  457.             return new CustomTokenViaGoogleIam((string) $clientEmail$this->createApiClient(), $this->tenantId);
  458.         }
  460.         return new DisabledLegacyCustomTokenGenerator(
  461.             'Custom Token Generation is disabled because the current credentials do not permit it'
  462.         );
  463.     }
  465.     public function createIdTokenVerifier(): Verifier
  466.     {
  467.         $projectId $this->getProjectId();
  469.         if (!($projectId instanceof ProjectId)) {
  470.             return new DisabledLegacyIdTokenVerifier(
  471.                 'ID Token Verification is disabled because no project ID was provided'
  472.             );
  473.         }
  475.         $keyStore = new HttpKeyStore(new Client(), $this->verifierCache);
  477.         $baseVerifier = new LegacyIdTokenVerifier($projectId->sanitizedValue(), $keyStore);
  479.         if ($this->tenantId !== null) {
  480.             $baseVerifier = new TenantAwareVerifier($this->tenantId->toString(), $baseVerifier);
  481.         }
  483.         return new IdTokenVerifier($baseVerifier$this->clock);
  484.     }
  486.     public function createDatabase(): Contract\Database
  487.     {
  488.         $http $this->createApiClient();
  490.         /** @var HandlerStack $handler */
  491.         $handler $http->getConfig('handler');
  492.         $handler->push(Firebase\Http\Middleware::ensureJsonSuffix(), 'realtime_database_json_suffix');
  494.         if ($this->databaseAuthVariableOverrideMiddleware) {
  495.             $handler->push($this->databaseAuthVariableOverrideMiddleware'database_auth_variable_override');
  496.         }
  498.         return new Database($this->getDatabaseUri(), new Database\ApiClient($http));
  499.     }
  501.     public function createRemoteConfig(): Contract\RemoteConfig
  502.     {
  503.         $projectId $this->getProjectId();
  505.         if (!($projectId instanceof ProjectId)) {
  506.             throw new RuntimeException('Unable to create the messaging service without a project ID');
  507.         }
  509.         $http $this->createApiClient([
  510.             'base_uri' => "https://firebaseremoteconfig.googleapis.com/v1/projects/{$projectId->value()}/remoteConfig",
  511.         ]);
  513.         return new RemoteConfig(new RemoteConfig\ApiClient($http));
  514.     }
  516.     public function createMessaging(): Contract\Messaging
  517.     {
  518.         $projectId $this->getProjectId();
  520.         if (!($projectId instanceof ProjectId)) {
  521.             throw new RuntimeException('Unable to create the messaging service without a project ID');
  522.         }
  524.         $errorHandler = new MessagingApiExceptionConverter($this->clock);
  526.         $messagingApiClient = new Messaging\ApiClient(
  527.             $this->createApiClient([
  528.                 'base_uri' => 'https://fcm.googleapis.com/v1/projects/'.$projectId->value(),
  529.             ]),
  530.             $errorHandler
  531.         );
  533.         $appInstanceApiClient = new Messaging\AppInstanceApiClient(
  534.             $this->createApiClient([
  535.                 'base_uri' => 'https://iid.googleapis.com',
  536.                 'headers' => [
  537.                     'access_token_auth' => 'true',
  538.                 ],
  539.             ]),
  540.             $errorHandler
  541.         );
  543.         return new Messaging($projectId$messagingApiClient$appInstanceApiClient);
  544.     }
  546.     /**
  547.      * @param string|Url|UriInterface|mixed $defaultDynamicLinksDomain
  548.      */
  549.     public function createDynamicLinksService($defaultDynamicLinksDomain null): Contract\DynamicLinks
  550.     {
  551.         $apiClient $this->createApiClient();
  553.         if ($defaultDynamicLinksDomain) {
  554.             return DynamicLinks::withApiClientAndDefaultDomain($apiClient$defaultDynamicLinksDomain);
  555.         }
  557.         return DynamicLinks::withApiClient($apiClient);
  558.     }
  560.     public function createFirestore(): Contract\Firestore
  561.     {
  562.         $config = [];
  563.         $projectId $this->getProjectId();
  564.         $serviceAccount $this->getServiceAccount();
  566.         if ($serviceAccount !== null) {
  567.             $config['keyFile'] = $serviceAccount->asArray();
  568.         } elseif ($this->discoveryIsDisabled) {
  569.             throw new RuntimeException('Unable to create a Firestore Client without credentials');
  570.         }
  572.         if ($projectId !== null) {
  573.             $config['projectId'] = $projectId->value();
  574.         }
  576.         if (!($projectId instanceof ProjectId)) {
  577.             // This is the case with user refresh credentials
  578.             $config['suppressKeyFileNotice'] = true;
  579.         }
  581.         try {
  582.             $firestoreClient = new FirestoreClient($config);
  583.         } catch (Throwable $e) {
  584.             throw new RuntimeException('Unable to create a FirestoreClient: '.$e->getMessage(), $e->getCode(), $e);
  585.         }
  587.         return Firestore::withFirestoreClient($firestoreClient);
  588.     }
  590.     public function createStorage(): Contract\Storage
  591.     {
  592.         $config = [];
  593.         $projectId $this->getProjectId();
  594.         $serviceAccount $this->getServiceAccount();
  596.         if ($serviceAccount !== null) {
  597.             $config['keyFile'] = $serviceAccount->asArray();
  598.         } elseif ($this->discoveryIsDisabled) {
  599.             throw new RuntimeException('Unable to create a Storage Client without credentials');
  600.         }
  602.         if ($projectId instanceof ProjectId) {
  603.             $config['projectId'] = $projectId->value();
  604.         } else {
  605.             // This is the case with user refresh credentials
  606.             $config['suppressKeyFileNotice'] = true;
  607.         }
  609.         try {
  610.             $storageClient = new StorageClient($config);
  611.         } catch (Throwable $e) {
  612.             throw new RuntimeException('Unable to create a Storage Client: '.$e->getMessage(), $e->getCode(), $e);
  613.         }
  615.         return new Storage($storageClient$this->getStorageBucketName());
  616.     }
  618.     /**
  619.      * @codeCoverageIgnore
  620.      *
  621.      * @return array{
  622.      *     credentialsType: class-string|null,
  623.      *     databaseUrl: string,
  624.      *     defaultStorageBucket: string|null,
  625.      *     serviceAccount: array{
  626.      *         client_email: string|null,
  627.      *         private_key: string|null,
  628.      *         project_id: string|null,
  629.      *         type: string
  630.      *     }|array<string, string|null>|null,
  631.      *     projectId: string|null,
  632.      *     tenantId: string|null,
  633.      *     verifierCacheType: class-string|null,
  634.      * }
  635.      */
  636.     public function getDebugInfo(): array
  637.     {
  638.         $credentials $this->getGoogleAuthTokenCredentials();
  639.         $projectId $this->getProjectId();
  640.         $serviceAccount $this->getServiceAccount();
  642.         try {
  643.             $databaseUrl = (string) $this->getDatabaseUri();
  644.         } catch (Throwable $e) {
  645.             $databaseUrl $e->getMessage();
  646.         }
  648.         $serviceAccountInfo null;
  649.         if ($serviceAccount !== null) {
  650.             $serviceAccountInfo $serviceAccount->asArray();
  651.             $serviceAccountInfo['private_key'] = $serviceAccountInfo['private_key'] ? '{exists, redacted}' '{not set}';
  652.         }
  654.         return [
  655.             'credentialsType' => $credentials !== null \get_class($credentials) : null,
  656.             'databaseUrl' => $databaseUrl,
  657.             'defaultStorageBucket' => $this->defaultStorageBucket,
  658.             'projectId' => $projectId !== null $projectId->value() : null,
  659.             'serviceAccount' => $serviceAccountInfo,
  660.             'tenantId' => $this->tenantId !== null $this->tenantId->toString() : null,
  661.             'tokenCacheType' => \get_class($this->authTokenCache),
  662.             'verifierCacheType' => \get_class($this->verifierCache),
  663.         ];
  664.     }
  666.     /**
  667.      * @internal
  668.      *
  669.      * @param array<string, mixed>|null $config
  670.      */
  671.     public function createApiClient(?array $config null): Client
  672.     {
  673.         $config ??= [];
  675.         // @codeCoverageIgnoreStart
  676.         if ($this->guzzleDebugModeIsEnabled) {
  677.             $config[RequestOptions::DEBUG] = true;
  678.         }
  679.         // @codeCoverageIgnoreEnd
  681.         if ($proxy $this->httpClientOptions->proxy()) {
  682.             $config[RequestOptions::PROXY] = $proxy;
  683.         }
  685.         if ($connectTimeout $this->httpClientOptions->connectTimeout()) {
  686.             $config[RequestOptions::CONNECT_TIMEOUT] = $connectTimeout;
  687.         }
  689.         if ($readTimeout $this->httpClientOptions->readTimeout()) {
  690.             $config[RequestOptions::READ_TIMEOUT] = $readTimeout;
  691.         }
  693.         if ($totalTimeout $this->httpClientOptions->timeout()) {
  694.             $config[RequestOptions::TIMEOUT] = $totalTimeout;
  695.         }
  697.         $handler $config['handler'] ?? null;
  699.         if (!($handler instanceof HandlerStack)) {
  700.             $handler HandlerStack::create($handler);
  701.         }
  703.         if ($this->httpLogMiddleware) {
  704.             $handler->push($this->httpLogMiddleware'http_logs');
  705.         }
  707.         if ($this->httpDebugLogMiddleware) {
  708.             $handler->push($this->httpDebugLogMiddleware'http_debug_logs');
  709.         }
  711.         $credentials $this->getGoogleAuthTokenCredentials();
  713.         if ($credentials !== null) {
  714.             $projectId $credentials instanceof ProjectIdProviderInterface $credentials->getProjectId() : 'project';
  715.             $cachePrefix 'kreait_firebase_'.$projectId;
  717.             $credentials = new FetchAuthTokenCache($credentials, ['prefix' => $cachePrefix], $this->authTokenCache);
  718.             $authTokenHandlerConfig $config;
  719.             $authTokenHandlerConfig['handler'] = clone $handler;
  721.             $authTokenHandler HttpHandlerFactory::build(new Client($authTokenHandlerConfig));
  723.             $handler->push(new AuthTokenMiddleware($credentials$authTokenHandler));
  724.         }
  726.         $handler->push(Middleware::responseWithSubResponses());
  728.         $config['handler'] = $handler;
  729.         $config['auth'] = 'google_auth';
  731.         return new Client($config);
  732.     }
  734.     /**
  735.      * @internal
  736.      *
  737.      * @param ServiceAccountCredentials|UserRefreshCredentials|AppIdentityCredentials|GCECredentials|CredentialsLoader $credentials
  738.      */
  739.     public function withGoogleAuthTokenCredentials($credentials): self
  740.     {
  741.         $factory = clone $this;
  742.         $factory->googleAuthTokenCredentials $credentials;
  744.         return $factory;
  745.     }
  747.     protected function getGoogleAuthTokenCredentials(): ?FetchAuthTokenInterface
  748.     {
  749.         if ($this->googleAuthTokenCredentials !== null) {
  750.             return $this->googleAuthTokenCredentials;
  751.         }
  753.         $serviceAccount $this->getServiceAccount();
  755.         if ($serviceAccount !== null) {
  756.             return $this->googleAuthTokenCredentials = new ServiceAccountCredentials(self::API_CLIENT_SCOPES$serviceAccount->asArray());
  757.         }
  759.         if ($this->discoveryIsDisabled) {
  760.             return null;
  761.         }
  763.         try {
  764.             return $this->googleAuthTokenCredentials ApplicationDefaultCredentials::getCredentials(self::API_CLIENT_SCOPES);
  765.         } catch (Throwable $e) {
  766.             return null;
  767.         }
  768.     }
  769. }