firebase-tools 10.7.0 → 10.8.0

package/lib/deploy/functions/release/planner.js

@@ -48,20 +48,25 @@ function calculateUpdate(want, have) {
     return update;
 }
 exports.calculateUpdate = calculateUpdate;
-function createDeploymentPlan(want, have, filters, deleteAll) {
+function createDeploymentPlan(args) {
+    let { wantBackend, haveBackend, codebase, filters, deleteAll } = args;
     let deployment = {};
-    want = backend.matchingBackend(want, (endpoint) => {
+    wantBackend = backend.matchingBackend(wantBackend, (endpoint) => {
         return (0, functionsDeployHelper_1.endpointMatchesAnyFilter)(endpoint, filters);
     });
-    have = backend.matchingBackend(have, (endpoint) => {
-        return (0, functionsDeployHelper_1.endpointMatchesAnyFilter)(endpoint, filters);
+    const wantedEndpoint = backend.hasEndpoint(wantBackend);
+    haveBackend = backend.matchingBackend(haveBackend, (endpoint) => {
+        return wantedEndpoint(endpoint) || (0, functionsDeployHelper_1.endpointMatchesAnyFilter)(endpoint, filters);
     });
-    const regions = new Set([...Object.keys(want.endpoints), ...Object.keys(have.endpoints)]);
+    const regions = new Set([
+        ...Object.keys(wantBackend.endpoints),
+        ...Object.keys(haveBackend.endpoints),
+    ]);
     for (const region of regions) {
-        const changesets = calculateChangesets(want.endpoints[region] || {}, have.endpoints[region] || {}, (e) => `${e.region}-${e.availableMemoryMb || "default"}`, deleteAll);
+        const changesets = calculateChangesets(wantBackend.endpoints[region] || {}, haveBackend.endpoints[region] || {}, (e) => `${codebase}-${e.region}-${e.availableMemoryMb || "default"}`, deleteAll);
         deployment = Object.assign(Object.assign({}, deployment), changesets);
     }
-    if (upgradedToGCFv2WithoutSettingConcurrency(want, have)) {
+    if (upgradedToGCFv2WithoutSettingConcurrency(wantBackend, haveBackend)) {
         utils.logLabeledBullet("functions", "You are updating one or more functions to Google Cloud Functions v2, " +
             "which introduces support for concurrent execution. New functions " +
             "default to 80 concurrent executions, but existing functions keep the " +

package/lib/deploy/functions/runtimes/discovery/v1alpha1.js

@@ -187,7 +187,19 @@ function parseEndpoints(manifest, id, project, defaultRegion, runtime) {
             region,
             project,
             runtime, entryPoint: ep.entryPoint }, triggered);
-        (0, proto_1.copyIfPresent)(parsed, ep, "availableMemoryMb", "maxInstances", "minInstances", "concurrency", "serviceAccountEmail", "timeoutSeconds", "vpc", "labels", "ingressSettings", "environmentVariables");
+        (0, proto_1.copyIfPresent)(parsed, ep, "availableMemoryMb", "maxInstances", "minInstances", "concurrency", "serviceAccountEmail", "timeoutSeconds", "vpc", "labels", "ingressSettings", "environmentVariables", "cpu");
+        (0, proto_1.renameIfPresent)(parsed, ep, "secretEnvironmentVariables", "secretEnvironmentVariables", (senvs) => {
+            if (senvs && senvs.length > 0) {
+                ep.secretEnvironmentVariables = [];
+                for (const { key, secret } of senvs) {
+                    ep.secretEnvironmentVariables.push({
+                        key,
+                        secret: secret || key,
+                        projectId: project,
+                    });
+                }
+            }
+        });
         allParsed.push(parsed);
     }
     return allParsed;

package/lib/deploy/functions/runtimes/golang/index.js

@@ -105,6 +105,9 @@ class Delegate {
             return p;
         });
     }
+    async discoverBuild(configValues, envs) {
+        return { requiredAPIs: [], endpoints: {}, params: [] };
+    }
     async discoverSpec(configValues, envs) {
         let discovered = await discovery.detectFromYaml(this.sourceDir, this.projectId, this.runtime);
         if (!discovered) {

package/lib/deploy/functions/runtimes/node/index.js

@@ -84,6 +84,10 @@ class Delegate {
     }
     async discoverSpec(config, env) {
         if (previews_1.previews.functionsv2) {
+            if (!semver.valid(this.sdkVersion)) {
+                logger_1.logger.debug(`Could not parse firebase-functions version '${this.sdkVersion}' into semver. Falling back to parseTriggers.`);
+                return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
+            }
             if (semver.lt(this.sdkVersion, MIN_FUNCTIONS_SDK_VERSION)) {
                 (0, utils_1.logLabeledWarning)("functions", `You are using an old version of firebase-functions SDK (${this.sdkVersion}). ` +
                     `Please update firebase-functions SDK to >=${MIN_FUNCTIONS_SDK_VERSION}`);
@@ -106,5 +110,8 @@ class Delegate {
         }
         return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
     }
+    async discoverBuild(config, env) {
+        return parseTriggers.discoverBuild(this.projectId, this.sourceDir, this.runtime, config, env);
+    }
 }
 exports.Delegate = Delegate;

package/lib/deploy/functions/runtimes/node/parseTriggers.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addResourcesToBackend = exports.mergeRequiredAPIs = exports.discoverBackend = exports.useStrategy = void 0;
+exports.addResourcesToBackend = exports.addResourcesToBuild = exports.mergeRequiredAPIs = exports.discoverBackend = exports.discoverBuild = exports.useStrategy = void 0;
 const path = require("path");
 const _ = require("lodash");
 const child_process_1 = require("child_process");
@@ -49,6 +49,19 @@ function useStrategy(context) {
     return Promise.resolve(true);
 }
 exports.useStrategy = useStrategy;
+async function discoverBuild(projectId, sourceDir, runtime, configValues, envs) {
+    const triggerAnnotations = await parseTriggers(projectId, sourceDir, configValues, envs);
+    const want = {
+        requiredAPIs: [],
+        endpoints: {},
+        params: [],
+    };
+    for (const annotation of triggerAnnotations) {
+        addResourcesToBuild(projectId, runtime, annotation, want);
+    }
+    return want;
+}
+exports.discoverBuild = discoverBuild;
 async function discoverBackend(projectId, sourceDir, runtime, configValues, envs) {
     const triggerAnnotations = await parseTriggers(projectId, sourceDir, configValues, envs);
     const want = Object.assign(Object.assign({}, backend.empty()), { environmentVariables: envs });
@@ -74,6 +87,100 @@ function mergeRequiredAPIs(backend) {
     backend.requiredAPIs = merged;
 }
 exports.mergeRequiredAPIs = mergeRequiredAPIs;
+function addResourcesToBuild(projectId, runtime, annotation, want) {
+    var _a;
+    Object.freeze(annotation);
+    const regions = annotation.regions || [api.functionsDefaultRegion];
+    let triggered;
+    const triggerCount = +!!annotation.httpsTrigger +
+        +!!annotation.eventTrigger +
+        +!!annotation.taskQueueTrigger +
+        +!!annotation.blockingTrigger;
+    if (triggerCount !== 1) {
+        throw new error_1.FirebaseError("Unexpected annotation generated by the Firebase Functions SDK. This should never happen.");
+    }
+    if (annotation.taskQueueTrigger) {
+        want.requiredAPIs.push({
+            api: "cloudtasks.googleapis.com",
+            reason: "Needed for task queue functions.",
+        });
+        triggered = {
+            taskQueueTrigger: {},
+        };
+        proto.copyIfPresent(triggered.taskQueueTrigger, annotation.taskQueueTrigger, "invoker");
+        proto.copyIfPresent(triggered.taskQueueTrigger, annotation.taskQueueTrigger, "rateLimits");
+        if (annotation.taskQueueTrigger.retryConfig) {
+            triggered.taskQueueTrigger.retryConfig = Object.assign(annotation.taskQueueTrigger.retryConfig, {
+                maxRetryDurationSeconds: proto.secondsFromDuration(annotation.taskQueueTrigger.retryConfig.maxRetryDuration || "0"),
+            });
+        }
+    }
+    else if (annotation.httpsTrigger) {
+        if ((_a = annotation.labels) === null || _a === void 0 ? void 0 : _a["deployment-callable"]) {
+            delete annotation.labels["deployment-callable"];
+            triggered = { callableTrigger: {} };
+        }
+        else {
+            const trigger = {};
+            if (annotation.failurePolicy) {
+                logger_1.logger.warn(`Ignoring retry policy for HTTPS function ${annotation.name}`);
+            }
+            if (annotation.httpsTrigger.invoker) {
+                trigger.invoker = annotation.httpsTrigger.invoker[0];
+            }
+            triggered = { httpsTrigger: trigger };
+        }
+    }
+    else if (annotation.schedule) {
+        want.requiredAPIs.push({
+            api: "cloudscheduler.googleapis.com",
+            reason: "Needed for scheduled functions.",
+        });
+        triggered = {
+            scheduleTrigger: {
+                schedule: annotation.schedule.schedule,
+                timeZone: annotation.schedule.timeZone || "what's the default timezone?",
+                retryConfig: annotation.schedule.retryConfig || {},
+            },
+        };
+    }
+    else if (annotation.blockingTrigger) {
+        if (events.v1.AUTH_BLOCKING_EVENTS.includes(annotation.blockingTrigger.eventType)) {
+            want.requiredAPIs.push({
+                api: "identitytoolkit.googleapis.com",
+                reason: "Needed for auth blocking functions.",
+            });
+        }
+        triggered = {
+            blockingTrigger: {
+                eventType: annotation.blockingTrigger.eventType,
+            },
+        };
+    }
+    else {
+        triggered = {
+            eventTrigger: {
+                eventType: annotation.eventTrigger.eventType,
+                eventFilters: { resource: annotation.eventTrigger.resource },
+                retry: !!annotation.failurePolicy,
+            },
+        };
+    }
+    const endpointId = annotation.name;
+    const endpoint = Object.assign({ platform: annotation.platform || "gcfv1", region: regions, project: projectId, entryPoint: annotation.entryPoint, runtime: runtime, serviceAccount: annotation.serviceAccountEmail || "default" }, triggered);
+    if (annotation.vpcConnector != null) {
+        let maybeId = annotation.vpcConnector;
+        if (maybeId && !maybeId.includes("/")) {
+            maybeId = `projects/${projectId}/locations/$REGION/connectors/${maybeId}`;
+        }
+        endpoint.vpc = { connector: maybeId };
+        proto.renameIfPresent(endpoint.vpc, annotation, "egressSettings", "vpcConnectorEgressSettings");
+    }
+    proto.copyIfPresent(endpoint, annotation, "concurrency", "labels", "ingressSettings", "maxInstances", "minInstances", "availableMemoryMb");
+    proto.renameIfPresent(endpoint, annotation, "timeoutSeconds", "timeout", proto.secondsFromDuration);
+    want.endpoints[endpointId] = endpoint;
+}
+exports.addResourcesToBuild = addResourcesToBuild;
 function addResourcesToBackend(projectId, runtime, annotation, want) {
     var _a;
     Object.freeze(annotation);

package/lib/deploy/functions/services/storage.js

@@ -6,20 +6,14 @@ const logger_1 = require("../../../logger");
 const error_1 = require("../../../error");
 const location_1 = require("../../../gcp/location");
 const PUBSUB_PUBLISHER_ROLE = "roles/pubsub.publisher";
-async function obtainStorageBindings(projectNumber, existingPolicy) {
+async function obtainStorageBindings(projectNumber) {
     const storageResponse = await storage.getServiceAccount(projectNumber);
     const storageServiceAgent = `serviceAccount:${storageResponse.email_address}`;
-    let pubsubBinding = existingPolicy.bindings.find((b) => b.role === PUBSUB_PUBLISHER_ROLE);
-    if (!pubsubBinding) {
-        pubsubBinding = {
-            role: PUBSUB_PUBLISHER_ROLE,
-            members: [],
-        };
-    }
-    if (!pubsubBinding.members.find((m) => m === storageServiceAgent)) {
-        pubsubBinding.members.push(storageServiceAgent);
-    }
-    return [pubsubBinding];
+    const pubsubPublisherBinding = {
+        role: PUBSUB_PUBLISHER_ROLE,
+        members: [storageServiceAgent],
+    };
+    return [pubsubPublisherBinding];
 }
 exports.obtainStorageBindings = obtainStorageBindings;
 async function ensureStorageTriggerRegion(endpoint) {

package/lib/deploy/functions/validate.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.secretsAreValid = exports.functionIdsAreValid = exports.functionsDirectoryExists = exports.endpointsAreValid = void 0;
+exports.secretsAreValid = exports.functionIdsAreValid = exports.functionsDirectoryExists = exports.endpointsAreUnique = exports.endpointsAreValid = void 0;
 const path = require("path");
 const clc = require("cli-color");
 const error_1 = require("../../error");
@@ -29,16 +29,66 @@ function endpointsAreValid(wantBackend) {
         if ((endpoint.concurrency || 1) === 1) {
             return false;
         }
-        const mem = endpoint.availableMemoryMb || backend.DEFAULT_MEMORY;
-        return mem < backend.MIN_MEMORY_FOR_CONCURRENCY;
+        return endpoint.cpu < backend.MIN_CPU_FOR_CONCURRENCY;
     })
         .map((endpoint) => endpoint.id);
     if (tooSmallForConcurrency.length) {
-        const msg = `Cannot set concurency on the functions ${tooSmallForConcurrency.join(",")} because they have fewer than 2GB memory`;
+        const msg = "The following functions are configured to allow concurrent " +
+            "execution and less than one full CPU. This is not supported: " +
+            tooSmallForConcurrency.join(",");
+        throw new error_1.FirebaseError(msg);
+    }
+    const gcfV1WithCPU = endpoints
+        .filter((endpoint) => endpoint.platform === "gcfv1" && typeof endpoint["cpu"] !== "undefined")
+        .map((endpoint) => endpoint.id);
+    if (gcfV1WithCPU.length) {
+        const msg = `Cannot set CPU on the functions ${gcfV1WithCPU.join(",")} because they are GCF gen 1`;
+        throw new error_1.FirebaseError(msg);
+    }
+    const invalidCPU = endpoints
+        .filter((endpoint) => {
+        if (typeof endpoint.cpu === "undefined") {
+            return false;
+        }
+        if (endpoint.cpu === "gcf_gen1") {
+            return false;
+        }
+        const cpu = endpoint.cpu;
+        if (cpu < 1) {
+            return false;
+        }
+        return ![1, 2, 4, 6, 8].includes(cpu);
+    })
+        .map((endpoint) => endpoint.id);
+    if (invalidCPU.length) {
+        const msg = `The following functions have invalid CPU settings ${invalidCPU.join(",")}. Valid CPU options are (0, 1], 2, 4, 6, 8, or "gcf_gen1"`;
         throw new error_1.FirebaseError(msg);
     }
 }
 exports.endpointsAreValid = endpointsAreValid;
+function endpointsAreUnique(backends) {
+    const endpointToCodebases = {};
+    for (const [codebase, b] of Object.entries(backends)) {
+        for (const endpoint of backend.allEndpoints(b)) {
+            const key = backend.functionName(endpoint);
+            const cs = endpointToCodebases[key] || new Set();
+            cs.add(codebase);
+            endpointToCodebases[key] = cs;
+        }
+    }
+    const conflicts = {};
+    for (const [fn, codebases] of Object.entries(endpointToCodebases)) {
+        if (codebases.size > 1) {
+            conflicts[fn] = Array.from(codebases);
+        }
+    }
+    if (Object.keys(conflicts).length === 0) {
+        return;
+    }
+    const msgs = Object.entries(conflicts).map(([fn, codebases]) => `${fn}: ${codebases.join(",")}`);
+    throw new error_1.FirebaseError("More than one codebase claims following functions:\n\t" + `${msgs.join("\n\t")}`);
+}
+exports.endpointsAreUnique = endpointsAreUnique;
 function functionsDirectoryExists(sourceDir, projectDir) {
     if (!fsutils.dirExistsSync(sourceDir)) {
         const sourceDirName = path.relative(projectDir, sourceDir);
@@ -63,7 +113,7 @@ function functionIdsAreValid(functions) {
         return fn.platform === "gcfv2" && !v2FunctionName.test(fn.id);
     });
     if (invalidV2Ids.length !== 0) {
-        const msg = `${invalidV2Ids.map((f) => f.id).join(", ")} v2 function name(s) can only contin lower ` +
+        const msg = `${invalidV2Ids.map((f) => f.id).join(", ")} v2 function name(s) can only contain lower ` +
             `case letters, numbers, hyphens, and not exceed 62 characters in length`;
         throw new error_1.FirebaseError(msg);
     }
@@ -77,13 +127,13 @@ async function secretsAreValid(projectId, wantBackend) {
     await validateSecretVersions(projectId, endpoints);
 }
 exports.secretsAreValid = secretsAreValid;
+const secretsSupportedPlatforms = ["gcfv1", "gcfv2"];
 function validatePlatformTargets(endpoints) {
-    const supportedPlatforms = ["gcfv1"];
-    const unsupported = endpoints.filter((e) => !supportedPlatforms.includes(e.platform));
+    const unsupported = endpoints.filter((e) => !secretsSupportedPlatforms.includes(e.platform));
     if (unsupported.length > 0) {
         const errs = unsupported.map((e) => `${e.id}[platform=${e.platform}]`);
         throw new error_1.FirebaseError(`Tried to set secret environment variables on ${errs.join(", ")}. ` +
-            `Only ${supportedPlatforms.join(", ")} support secret environments.`);
+            `Only ${secretsSupportedPlatforms.join(", ")} support secret environments.`);
     }
 }
 async function validateSecretVersions(projectId, endpoints) {

package/lib/deploy/hosting/convertConfig.js

@@ -40,10 +40,12 @@ async function convertConfig(context, payload, config, finalize) {
         return out;
     }
     const endpointBeingDeployed = (serviceId, region = "us-central1") => {
-        var _a, _b, _c;
-        const endpoint = (_c = (_b = (_a = payload.functions) === null || _a === void 0 ? void 0 : _a.wantBackend) === null || _b === void 0 ? void 0 : _b.endpoints[region]) === null || _c === void 0 ? void 0 : _c[serviceId];
-        if (endpoint && (0, backend_1.isHttpsTriggered)(endpoint) && endpoint.platform === "gcfv2")
-            return endpoint;
+        var _a;
+        for (const { wantBackend } of Object.values(payload.functions || {})) {
+            const endpoint = (_a = wantBackend === null || wantBackend === void 0 ? void 0 : wantBackend.endpoints[region]) === null || _a === void 0 ? void 0 : _a[serviceId];
+            if (endpoint && (0, backend_1.isHttpsTriggered)(endpoint) && endpoint.platform === "gcfv2")
+                return endpoint;
+        }
         return undefined;
     };
     const matchingEndpoint = async (serviceId, region = "us-central1") => {

package/lib/emulator/auth/cloudFunctions.js

@@ -62,8 +62,12 @@ class AuthCloudFunction {
             phoneNumber: user.phoneNumber,
             disabled: user.disabled,
             metadata: {
-                creationTime: user.createdAt,
-                lastSignInTime: user.lastLoginAt,
+                creationTime: user.createdAt
+                    ? new Date(parseInt(user.createdAt, 10)).toISOString()
+                    : undefined,
+                lastSignInTime: user.lastLoginAt
+                    ? new Date(parseInt(user.lastLoginAt, 10)).toISOString()
+                    : undefined,
             },
             customClaims: JSON.parse(user.customAttributes || "{}"),
             providerData: user.providerUserInfo,

package/lib/emulator/auth/operations.js

@@ -1210,7 +1210,6 @@ function grantToken(state, reqBody) {
     (0, errors_1.assert)(reqBody.grantType === "refresh_token", "INVALID_GRANT_TYPE");
     (0, errors_1.assert)(reqBody.refreshToken, "MISSING_REFRESH_TOKEN");
     const refreshTokenRecord = state.validateRefreshToken(reqBody.refreshToken);
-    (0, errors_1.assert)(refreshTokenRecord, "INVALID_REFRESH_TOKEN");
     (0, errors_1.assert)(!refreshTokenRecord.user.disabled, "USER_DISABLED");
     const tokens = issueTokens(state, refreshTokenRecord.user, refreshTokenRecord.provider, {
         extraClaims: refreshTokenRecord.extraClaims,

package/lib/emulator/auth/server.js

@@ -342,7 +342,7 @@ function toExegesisController(ops, getProjectStateById) {
     }
     function toExegesisOperation(operation) {
         return (ctx) => {
-            var _a, _b, _c, _d, _e, _f, _g;
+            var _a, _b, _c, _d, _e, _f, _g, _h;
             let targetProjectId = ctx.params.path.targetProjectId || ((_a = ctx.requestBody) === null || _a === void 0 ? void 0 : _a.targetProjectId);
             if (targetProjectId) {
                 if ((_b = ctx.api.operationObject.security) === null || _b === void 0 ? void 0 : _b.some((sec) => sec.Oauth2)) {
@@ -365,6 +365,13 @@ function toExegesisController(ops, getProjectStateById) {
                 }
                 targetTenantId = targetTenantId || (decoded === null || decoded === void 0 ? void 0 : decoded.payload.firebase.tenant);
             }
+            if ((_h = ctx.requestBody) === null || _h === void 0 ? void 0 : _h.refreshToken) {
+                const refreshTokenRecord = (0, state_1.decodeRefreshToken)(ctx.requestBody.refreshToken);
+                if (refreshTokenRecord.tenantId && targetTenantId) {
+                    (0, errors_2.assert)(refreshTokenRecord.tenantId === targetTenantId, "TENANT_ID_MISMATCH: ((Refresh token tenant ID does not match target tenant ID.))");
+                }
+                targetTenantId = targetTenantId || refreshTokenRecord.tenantId;
+            }
             return operation(getProjectStateById(targetProjectId, targetTenantId), ctx.requestBody, ctx);
         };
     }

package/lib/emulator/auth/state.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.BlockingFunctionEvents = exports.UsageMode = exports.TenantProjectState = exports.AgentProjectState = exports.ProjectState = exports.SIGNIN_METHOD_EMAIL_LINK = exports.PROVIDER_GAME_CENTER = exports.PROVIDER_CUSTOM = exports.PROVIDER_ANONYMOUS = exports.PROVIDER_PHONE = exports.PROVIDER_PASSWORD = void 0;
+exports.decodeRefreshToken = exports.encodeRefreshToken = exports.BlockingFunctionEvents = exports.UsageMode = exports.TenantProjectState = exports.AgentProjectState = exports.ProjectState = exports.SIGNIN_METHOD_EMAIL_LINK = exports.PROVIDER_GAME_CENTER = exports.PROVIDER_CUSTOM = exports.PROVIDER_ANONYMOUS = exports.PROVIDER_PHONE = exports.PROVIDER_PASSWORD = void 0;
 const utils_1 = require("./utils");
 const cloudFunctions_1 = require("./cloudFunctions");
 const errors_1 = require("./errors");
@@ -19,8 +19,6 @@ class ProjectState {
         this.localIdForPhoneNumber = new Map();
         this.localIdsForProviderEmail = new Map();
         this.userIdForProviderRawId = new Map();
-        this.refreshTokens = new Map();
-        this.refreshTokensForLocalId = new Map();
         this.oobs = new Map();
         this.verificationCodes = new Map();
         this.temporaryProofs = new Map();
@@ -73,13 +71,6 @@ class ProjectState {
     deleteUser(user) {
         this.users.delete(user.localId);
         this.removeUserFromIndex(user);
-        const refreshTokens = this.refreshTokensForLocalId.get(user.localId);
-        if (refreshTokens) {
-            this.refreshTokensForLocalId.delete(user.localId);
-            for (const refreshToken of refreshTokens) {
-                this.refreshTokens.delete(refreshToken);
-            }
-        }
         this.authCloudFunction.dispatch("delete", user);
     }
     updateUserByLocalId(localId, fields, options = {}) {
@@ -282,26 +273,23 @@ class ProjectState {
     }
     createRefreshTokenFor(userInfo, provider, { extraClaims = {}, secondFactor, } = {}) {
         const localId = userInfo.localId;
-        const refreshToken = (0, utils_1.randomBase64UrlStr)(204);
-        this.refreshTokens.set(refreshToken, {
+        const refreshTokenRecord = {
+            _AuthEmulatorRefreshToken: "DO NOT MODIFY",
             localId,
             provider,
             extraClaims,
+            projectId: this.projectId,
             secondFactor,
             tenantId: userInfo.tenantId,
-        });
-        let refreshTokens = this.refreshTokensForLocalId.get(localId);
-        if (!refreshTokens) {
-            refreshTokens = new Set();
-            this.refreshTokensForLocalId.set(localId, refreshTokens);
-        }
-        refreshTokens.add(refreshToken);
+        };
+        const refreshToken = encodeRefreshToken(refreshTokenRecord);
         return refreshToken;
     }
     validateRefreshToken(refreshToken) {
-        const record = this.refreshTokens.get(refreshToken);
-        if (!record) {
-            return undefined;
+        const record = decodeRefreshToken(refreshToken);
+        (0, errors_1.assert)(record.projectId === this.projectId, "INVALID_REFRESH_TOKEN");
+        if (this instanceof TenantProjectState) {
+            (0, errors_1.assert)(record.tenantId === this.tenantId, "TENANT_ID_MISMATCH");
         }
         return {
             user: this.getUserByLocalIdAssertingExists(record.localId),
@@ -356,8 +344,6 @@ class ProjectState {
         this.localIdForPhoneNumber.clear();
         this.localIdsForProviderEmail.clear();
         this.userIdForProviderRawId.clear();
-        this.refreshTokens.clear();
-        this.refreshTokensForLocalId.clear();
     }
     getUserCount() {
         return this.users.size;
@@ -617,6 +603,23 @@ var BlockingFunctionEvents;
     BlockingFunctionEvents["BEFORE_CREATE"] = "beforeCreate";
     BlockingFunctionEvents["BEFORE_SIGN_IN"] = "beforeSignIn";
 })(BlockingFunctionEvents = exports.BlockingFunctionEvents || (exports.BlockingFunctionEvents = {}));
+function encodeRefreshToken(refreshTokenRecord) {
+    return Buffer.from(JSON.stringify(refreshTokenRecord), "utf8").toString("base64");
+}
+exports.encodeRefreshToken = encodeRefreshToken;
+function decodeRefreshToken(refreshTokenString) {
+    let refreshTokenRecord;
+    try {
+        const json = Buffer.from(refreshTokenString, "base64").toString("utf8");
+        refreshTokenRecord = JSON.parse(json);
+    }
+    catch (_a) {
+        throw new errors_1.BadRequestError("INVALID_REFRESH_TOKEN");
+    }
+    (0, errors_1.assert)(refreshTokenRecord._AuthEmulatorRefreshToken, "INVALID_REFRESH_TOKEN");
+    return refreshTokenRecord;
+}
+exports.decodeRefreshToken = decodeRefreshToken;
 function getProviderEmailsForUser(user) {
     var _a;
     const emails = new Set();

package/lib/emulator/controller.js

@@ -268,16 +268,19 @@ async function startAll(options, showUI = true) {
     const emulatableBackends = [];
     const projectDir = (options.extDevDir || options.config.projectDir);
     if (shouldStart(options, types_1.Emulators.FUNCTIONS)) {
-        const functionsCfg = (0, projectConfig_1.normalizeAndValidate)(options.config.src.functions)[0];
+        const functionsCfg = (0, projectConfig_1.normalizeAndValidate)(options.config.src.functions);
         utils.assertIsStringOrUndefined(options.extDevDir);
-        const functionsDir = path.join(projectDir, functionsCfg.source);
-        emulatableBackends.push({
-            functionsDir,
-            env: Object.assign({}, options.extDevEnv),
-            secretEnv: [],
-            predefinedTriggers: options.extDevTriggers,
-            nodeMajorVersion: (0, functionsEmulatorUtils_1.parseRuntimeVersion)(options.extDevNodeVersion || functionsCfg.runtime),
-        });
+        for (const cfg of functionsCfg) {
+            const functionsDir = path.join(projectDir, cfg.source);
+            emulatableBackends.push({
+                functionsDir,
+                codebase: cfg.codebase,
+                env: Object.assign({}, options.extDevEnv),
+                secretEnv: [],
+                predefinedTriggers: options.extDevTriggers,
+                nodeMajorVersion: (0, functionsEmulatorUtils_1.parseRuntimeVersion)(options.extDevNodeVersion || cfg.runtime),
+            });
+        }
     }
     if (shouldStart(options, types_1.Emulators.EXTENSIONS) && previews_1.previews.extensionsemulator) {
         const projectNumber = constants_1.Constants.isDemoProject(projectId)

package/lib/emulator/databaseEmulator.js

@@ -56,7 +56,15 @@ class DatabaseEmulator {
                 if (!c.instance) {
                     continue;
                 }
-                await this.updateRules(c.instance, c.rules);
+                try {
+                    await this.updateRules(c.instance, c.rules);
+                }
+                catch (e) {
+                    const rulesError = this.prettyPrintRulesError(c.rules, e);
+                    this.logger.logLabeled("WARN", "database", rulesError);
+                    this.logger.logLabeled("WARN", "database", "Failed to update rules");
+                    throw new error_1.FirebaseError(`Failed to load initial ${constants_1.Constants.description(this.getName())} rules:\n${rulesError}`);
+                }
             }
         }
     }
@@ -114,6 +122,7 @@ class DatabaseEmulator {
         });
     }
     async updateRules(instance, rulesPath) {
+        var _a;
         const rulesExt = path.extname(rulesPath);
         const content = rulesExt === ".bolt"
             ? parseBoltRules(rulesPath).toString()
@@ -131,12 +140,36 @@ class DatabaseEmulator {
             if (e.context && e.context.body) {
                 throw e.context.body.error;
             }
-            throw e.original;
+            throw (_a = e.original) !== null && _a !== void 0 ? _a : e;
         }
     }
     prettyPrintRulesError(filePath, error) {
+        let errStr;
+        switch (typeof error) {
+            case "string":
+                errStr = error;
+                break;
+            case "object":
+                if (error != null && "message" in error) {
+                    const message = error.message;
+                    errStr = `${message}`;
+                    if (typeof message === "string") {
+                        try {
+                            const parsed = JSON.parse(message);
+                            if (typeof parsed === "object" && parsed.error) {
+                                errStr = `${parsed.error}`;
+                            }
+                        }
+                        catch (_) {
+                        }
+                    }
+                    break;
+                }
+            default:
+                errStr = `Unknown error: ${JSON.stringify(error)}`;
+        }
         const relativePath = path.relative(process.cwd(), filePath);
-        return `${clc.cyan(relativePath)}:${error.trim()}`;
+        return `${clc.cyan(relativePath)}:${errStr.trim()}`;
     }
 }
 exports.DatabaseEmulator = DatabaseEmulator;

package/lib/emulator/downloadableEmulators.js

@@ -83,15 +83,15 @@ exports.DownloadDetails = {
                 },
             }
             : {
-                version: "1.6.5",
-                downloadPath: path.join(CACHE_DIR, "ui-v1.6.5.zip"),
-                unzipDir: path.join(CACHE_DIR, "ui-v1.6.5"),
-                binaryPath: path.join(CACHE_DIR, "ui-v1.6.5", "server.bundle.js"),
+                version: "1.6.6",
+                downloadPath: path.join(CACHE_DIR, "ui-v1.6.6.zip"),
+                unzipDir: path.join(CACHE_DIR, "ui-v1.6.6"),
+                binaryPath: path.join(CACHE_DIR, "ui-v1.6.6", "server.bundle.js"),
                 opts: {
                     cacheDir: CACHE_DIR,
-                    remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.5.zip",
-                    expectedSize: 3816994,
-                    expectedChecksum: "92dfff4b2ef8ab616e8a60cc93e0a00b",
+                    remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.6.zip",
+                    expectedSize: 3817247,
+                    expectedChecksum: "c80a3f0ae1e3f682ace0a18a9cdd2861",
                     namePrefix: "ui",
                 },
             },

package/lib/emulator/extensionsEmulator.js

@@ -152,6 +152,7 @@ class ExtensionsEmulator {
         return emulatableBackend;
     }
     autoPopulatedParams(instance) {
+        var _a;
         const projectId = this.args.projectId;
         return {
             PROJECT_ID: projectId !== null && projectId !== void 0 ? projectId : "",
@@ -159,6 +160,8 @@ class ExtensionsEmulator {
             DATABASE_INSTANCE: projectId !== null && projectId !== void 0 ? projectId : "",
             DATABASE_URL: `https://${projectId}.firebaseio.com`,
             STORAGE_BUCKET: `${projectId}.appspot.com`,
+            ALLOWED_EVENT_TYPES: instance.allowedEventTypes ? instance.allowedEventTypes.join(",") : "",
+            EVENTARC_CHANNEL: (_a = instance.eventarcChannel) !== null && _a !== void 0 ? _a : "",
         };
     }
     async checkAndWarnAPIs(instances) {