[Feature Request] authCanMatchGuard + helpers

[celestius0]

Feature Request - authCanMatchGuard + helpers

Description

The current auth-guard provided with angular fire is still using the now deprecated class based approach and targets the canActivate property on route definitions.

To freshen things up a bit, I have generated a new guard which utilizes the new functional approach and targets the newer canMatch route definition property. This has the added benefit of preventing components from being unnecessarily loaded which seems to work well and should be more performant.

I based the new code off of the previous implementation documented here. You will notice similarities with the previous guard code here. Would love to see this incorporated into the AngularFire package but honestly I'm too lazy to write tests 😅 so if someone would be interested in owning that and collaborating, I'd be happy to open up a PR.

Code

auth-can-match.guard.ts

import { inject } from '@angular/core';
import { Auth, user, User } from '@angular/fire/auth';
import { CanMatchFn, Route, Router, UrlSegment } from '@angular/router';
import { Observable, of, pipe, UnaryFunction } from 'rxjs';
import { map, switchMap, take } from 'rxjs/operators';

/** Utility type to allow for adding an additional property to the CanMatchFn type */
type ExtendFn<BaseFnT, AddPT extends any[]> = BaseFnT extends (...a: infer P) => infer R
  ? (...a: [...P, ...AddPT]) => R
  : never

export type AuthPipe = UnaryFunction<Observable<User | null>, Observable<boolean | string | any[]>>;
export const authCanMatchGuard: ExtendFn<CanMatchFn, [authPipe: AuthPipe]> = (route, segments, authPipe?) => {
  const auth = inject(Auth)
  const user$ = user(auth)
  const router = inject(Router)

  const authPipeFactory = authPipe
    ? authPipe
    : loggedIn

  return user$
    .pipe(
      take(1),
      authPipeFactory,
      map(can => {
        if (typeof can === 'boolean') {
          return can;
        } else if (Array.isArray(can)) {
          return router.createUrlTree(can)
        } else {
          return router.parseUrl(can)
        }
      })
    )
}

/** canMatch helper to be used with spread operator to make route definitions more concise.
 * @example
 * const redirectUnauthorizedToLogin = redirectUnauthorizedTo(['login'])
 * ...
 * export const routes: Routes = [
 *  {
 *    ...authCanMatch(redirectUnauthorizedToLogin)
 *    path: 'authProtectedRoute'
 *  },
 */
export const authCanMatch = (authPipe: AuthPipe) =>
  ({ canMatch: [(route: Route, segments: UrlSegment[]) => authCanMatchGuard(route, segments, authPipe)] })

/** Predefined auth guard helper pipes. So friendly & helpful 😍 */
export const loggedIn: AuthPipe = map(user => !!user)
export const isNotAnonymous: AuthPipe = map(user => !!user && !user.isAnonymous)
export const idTokenResult = switchMap((user: User | null) => user ? user.getIdTokenResult() : of(null))
export const emailVerified: AuthPipe = map(user => !!user && user.emailVerified)
export const customClaims = pipe(idTokenResult, map(idTokenResult => idTokenResult ? idTokenResult.claims : []))
export const hasCustomClaim: (claim: string) => AuthPipe =
  // eslint-disable-next-line no-prototype-builtins
  (claim) => pipe(customClaims, map(claims => claims.hasOwnProperty(claim)))
export const redirectUnauthorizedTo: (redirect: string | any[]) => AuthPipe =
  (redirect) => pipe(loggedIn, map(loggedIn => loggedIn || redirect))
export const redirectLoggedInTo: (redirect: string | any[]) => AuthPipe =
  (redirect) => pipe(loggedIn, map(loggedIn => loggedIn && redirect || true))

[google-oss-bot]

This issue does not seem to follow the issue template. Make sure you provide all the required information.