Skip to main content

Firebase Functions

Quick links: Frontend β€’ Backend

Backend​

Firebase Functions in apps/functions expose HTTPS handlers for OAuth start/callback and publish flows per provider, plus schedulers to refresh tokens.

Exports (index.js):

  • ping
  • Meta: metaWebhook
  • Public API (Express): api routes under /v1/*
  • Media proxy: media
  • Orchestrators: publishOrchestrator, repostOrchestrator
  • Facebook: fbAuthStart, fbAuthCallback, publishFacebook
  • Instagram: igAuthStart, igAuthCallback, publishInstagram
  • Threads: thAuthStart, thAuthCallback, publishThreads
  • X: xAuthStart, xAuthCallback, xAuth1Start, xAuth1Callback, publishX
  • YouTube: ytAuthStart, ytAuthCallback, ytRefreshNow, ytRefreshSweep, publishYoutube
  • TikTok: ttAuthStart, ttAuthCallback, ttRefreshNow, ttRefreshSweep, publishTiktok, pollTiktok, pollerTiktok, scheduledTikTokPoll, onOrganicPostCreated

Configuration (config.js):

  • Initializes Admin SDK.
  • Provides cfg() returning provider credentials and callback URLs.
  • Provides cors(res) for permissive CORS headers.

Patterns:

  • Each *_start verifies Firebase ID token from Authorization: Bearer <idToken>, saves a random state in Firestore oauthStates/{state} with {uid, provider, returnTo} and returns a provider auth URL.
  • Each *_callback exchanges code for tokens, stores tokens in users/{uid}/integrations/{provider} with metadata and deletes the oauthStates/{state} document.
  • Provider publish* functions perform posting and write per‑platform run states; orchestrators enqueue these via Cloud Tasks.
  • *_refreshNow and *_refreshSweep implement token refresh on demand and periodic sweeps.

Security:

  • Public API uses API keys (soku-api-key header); user‑scoped routes (e.g., API key management, publishPost) require Firebase ID token.
  • Webhooks/verifications (Stripe, Meta, TikTok verification) do not require ID tokens but validate signatures/verify tokens.
  • Use environment variables for secrets (see setup docs).

Related frontend: see Frontend

Frontend​

  • Client hooks/services under apps/web/src/features/integrations call *_start/*_publish endpoints with the user’s ID token.
  • useConnectIntegration β†’ startAuth(platform, idToken, returnTo, isLocal) to initiate OAuth; see provider docs for details.
  • usePublish* hooks call publish endpoints; see provider docs for request shapes.

Related backend: see Backend