v2 onRequest does not enforce AppCheck

[AmitMY]

Related issues

#1377

[REQUIRED] Version info

"firebase-admin":
"firebase-functions":

node: v18.15.0

firebase-functions: "4.4.1",

firebase-tools: 12.5.4

firebase-admin: "11.11.0",

[REQUIRED] Test case

import {onRequest} from 'firebase-functions/v2/https';

onRequest({enforceAppCheck: true}, (req, res) => res.status(200).end());

[REQUIRED] Steps to reproduce

Set up a cloud function using v2 onRequest, with enforceAppCheck: true

[REQUIRED] Expected behavior

Calling the function (locally or when deployed) with the HTTP request should be blocked if no app check token is available

[REQUIRED] Actual behavior

Function works fine, same as #1377 without any token

Were you able to successfully deploy your functions?

yes

[Berlioz]

The just-add-water AppCheck integration is for callable functions, i.e ones created with onCall(), not onRequest(). As a workaround you can import the firebase-admin SDK and verify the X-Firebase-AppCheck header yourself. (If you use vscode or something else with typescript autocomplete, you'll see that enforceAppCheck is only a defined property on CallableOptions, not HttpsOptions).

[AmitMY]

I am using WebStorm, and indeed it does show enforceAppCheck as an option for HttpsOptions

I think this is a bug then, specifically here:

firebase-functions/src/v2/providers/https.ts

Line 52 in 3e7a4b7

export interface HttpsOptions extends Omit<GlobalOptions, "region"> {

Fixed in: #1477