firebase-tools 9.17.0 → 9.21.0

package/lib/emulator/auth/server.js

@@ -17,6 +17,7 @@ const lodash_1 = require("lodash");
 const handlers_1 = require("./handlers");
 const bodyParser = require("body-parser");
 const url_1 = require("url");
+const jsonwebtoken_1 = require("jsonwebtoken");
 const apiSpec = apiSpec_1.default;
 const API_SPEC_PATH = "/emulator/openapi.json";
 const AUTH_HEADER_PREFIX = "bearer ";
@@ -70,6 +71,10 @@ async function createApp(defaultProjectId, projectStateForId = new Map()) {
     const app = express();
     app.set("json spaces", 2);
     app.use(cors({ origin: true }));
+    app.delete("*", (req, _, next) => {
+        delete req.headers["content-type"];
+        next();
+    });
     app.get("/", (req, res) => {
         return res.json({
             authEmulator: {
@@ -83,7 +88,7 @@ async function createApp(defaultProjectId, projectStateForId = new Map()) {
         res.json(specWithEmulatorServer(req.protocol, req.headers.host));
     });
     registerLegacyRoutes(app);
-    handlers_1.registerHandlers(app, (apiKey) => getProjectStateById(getProjectIdByApiKey(apiKey)));
+    handlers_1.registerHandlers(app, (apiKey, tenantId) => getProjectStateById(getProjectIdByApiKey(apiKey), tenantId));
     const apiKeyAuthenticator = (ctx, info) => {
         if (info.in !== "query") {
             throw new Error('apiKey must be defined as in: "query" in API spec.');
@@ -169,6 +174,9 @@ async function createApp(defaultProjectId, projectStateForId = new Map()) {
             "google-fieldmask"() {
                 return true;
             },
+            "google-duration"() {
+                return true;
+            },
             uint64() {
                 return true;
             },
@@ -234,13 +242,16 @@ async function createApp(defaultProjectId, projectStateForId = new Map()) {
         apiKey;
         return defaultProjectId;
     }
-    function getProjectStateById(projectId) {
-        let state = projectStateForId.get(projectId);
-        if (!state) {
-            state = new state_1.ProjectState(projectId);
-            projectStateForId.set(projectId, state);
+    function getProjectStateById(projectId, tenantId) {
+        let agentState = projectStateForId.get(projectId);
+        if (!agentState) {
+            agentState = new state_1.AgentProjectState(projectId);
+            projectStateForId.set(projectId, agentState);
         }
-        return state;
+        if (!tenantId) {
+            return agentState;
+        }
+        return agentState.getTenantProject(tenantId);
     }
 }
 exports.createApp = createApp;
@@ -328,7 +339,7 @@ function toExegesisController(ops, getProjectStateById) {
     }
     function toExegesisOperation(operation) {
         return (ctx) => {
-            var _a, _b, _c, _d;
+            var _a, _b, _c, _d, _e, _f, _g;
             let targetProjectId = ctx.params.path.targetProjectId || ((_a = ctx.requestBody) === null || _a === void 0 ? void 0 : _a.targetProjectId);
             if (targetProjectId) {
                 if ((_b = ctx.api.operationObject.security) === null || _b === void 0 ? void 0 : _b.some((sec) => sec.Oauth2)) {
@@ -338,10 +349,20 @@ function toExegesisController(ops, getProjectStateById) {
             else {
                 targetProjectId = ctx.user;
             }
-            if (ctx.params.path.tenantId || ((_d = ctx.requestBody) === null || _d === void 0 ? void 0 : _d.tenantId)) {
-                throw new errors_2.NotImplementedError("Multi-tenancy is unimplemented.");
+            let targetTenantId = undefined;
+            if (ctx.params.path.tenantId && ((_d = ctx.requestBody) === null || _d === void 0 ? void 0 : _d.tenantId)) {
+                errors_2.assert(ctx.params.path.tenantId === ctx.requestBody.tenantId, "TENANT_ID_MISMATCH");
+            }
+            targetTenantId = ctx.params.path.tenantId || ((_e = ctx.requestBody) === null || _e === void 0 ? void 0 : _e.tenantId);
+            if ((_f = ctx.requestBody) === null || _f === void 0 ? void 0 : _f.idToken) {
+                const idToken = (_g = ctx.requestBody) === null || _g === void 0 ? void 0 : _g.idToken;
+                const decoded = jsonwebtoken_1.decode(idToken, { complete: true });
+                if ((decoded === null || decoded === void 0 ? void 0 : decoded.payload.firebase.tenant) && targetTenantId) {
+                    errors_2.assert((decoded === null || decoded === void 0 ? void 0 : decoded.payload.firebase.tenant) === targetTenantId, "TENANT_ID_MISMATCH");
+                }
+                targetTenantId = targetTenantId || (decoded === null || decoded === void 0 ? void 0 : decoded.payload.firebase.tenant);
             }
-            return operation(getProjectStateById(targetProjectId), ctx.requestBody, ctx);
+            return operation(getProjectStateById(targetProjectId, targetTenantId), ctx.requestBody, ctx);
         };
     }
 }

package/lib/emulator/auth/state.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ProjectState = exports.SIGNIN_METHOD_EMAIL_LINK = exports.PROVIDER_CUSTOM = exports.PROVIDER_ANONYMOUS = exports.PROVIDER_PHONE = exports.PROVIDER_PASSWORD = void 0;
+exports.UsageMode = exports.TenantProjectState = exports.AgentProjectState = exports.ProjectState = exports.SIGNIN_METHOD_EMAIL_LINK = exports.PROVIDER_GAME_CENTER = exports.PROVIDER_CUSTOM = exports.PROVIDER_ANONYMOUS = exports.PROVIDER_PHONE = exports.PROVIDER_PASSWORD = void 0;
 const utils_1 = require("./utils");
 const cloudFunctions_1 = require("./cloudFunctions");
 const errors_1 = require("./errors");
@@ -8,6 +8,7 @@ exports.PROVIDER_PASSWORD = "password";
 exports.PROVIDER_PHONE = "phone";
 exports.PROVIDER_ANONYMOUS = "anonymous";
 exports.PROVIDER_CUSTOM = "custom";
+exports.PROVIDER_GAME_CENTER = "gc.apple.com";
 exports.SIGNIN_METHOD_EMAIL_LINK = "emailLink";
 class ProjectState {
     constructor(projectId) {
@@ -23,8 +24,6 @@ class ProjectState {
         this.oobs = new Map();
         this.verificationCodes = new Map();
         this.temporaryProofs = new Map();
-        this.oneAccountPerEmail = true;
-        this.authCloudFunction = new cloudFunctions_1.AuthCloudFunction(projectId);
     }
     get projectNumber() {
         return "12345";
@@ -281,10 +280,16 @@ class ProjectState {
     getUserByLocalId(localId) {
         return this.users.get(localId);
     }
-    createRefreshTokenFor(userInfo, provider, extraClaims = {}) {
+    createRefreshTokenFor(userInfo, provider, { extraClaims = {}, secondFactor, } = {}) {
         const localId = userInfo.localId;
         const refreshToken = utils_1.randomBase64UrlStr(204);
-        this.refreshTokens.set(refreshToken, { localId, provider, extraClaims });
+        this.refreshTokens.set(refreshToken, {
+            localId,
+            provider,
+            extraClaims,
+            secondFactor,
+            tenantId: userInfo.tenantId,
+        });
         let refreshTokens = this.refreshTokensForLocalId.get(localId);
         if (!refreshTokens) {
             refreshTokens = new Set();
@@ -302,6 +307,7 @@ class ProjectState {
             user: this.getUserByLocalIdAssertingExists(record.localId),
             provider: record.provider,
             extraClaims: record.extraClaims,
+            secondFactor: record.secondFactor,
         };
     }
     createOob(email, requestType, generateLink) {
@@ -413,6 +419,195 @@ class ProjectState {
     }
 }
 exports.ProjectState = ProjectState;
+class AgentProjectState extends ProjectState {
+    constructor(projectId) {
+        super(projectId);
+        this._oneAccountPerEmail = true;
+        this._usageMode = UsageMode.DEFAULT;
+        this.tenantProjectForTenantId = new Map();
+        this._authCloudFunction = new cloudFunctions_1.AuthCloudFunction(this.projectId);
+    }
+    get authCloudFunction() {
+        return this._authCloudFunction;
+    }
+    get oneAccountPerEmail() {
+        return this._oneAccountPerEmail;
+    }
+    set oneAccountPerEmail(oneAccountPerEmail) {
+        this._oneAccountPerEmail = oneAccountPerEmail;
+    }
+    get usageMode() {
+        return this._usageMode;
+    }
+    set usageMode(usageMode) {
+        this._usageMode = usageMode;
+    }
+    get allowPasswordSignup() {
+        return true;
+    }
+    get disableAuth() {
+        return false;
+    }
+    get mfaConfig() {
+        return { state: "ENABLED", enabledProviders: ["PHONE_SMS"] };
+    }
+    get enableAnonymousUser() {
+        return true;
+    }
+    get enableEmailLinkSignin() {
+        return true;
+    }
+    getTenantProject(tenantId) {
+        if (!this.tenantProjectForTenantId.has(tenantId)) {
+            this.createTenantWithTenantId(tenantId, {
+                tenantId,
+                allowPasswordSignup: true,
+                disableAuth: false,
+                mfaConfig: {
+                    state: "ENABLED",
+                    enabledProviders: ["PHONE_SMS"],
+                },
+                enableAnonymousUser: true,
+                enableEmailLinkSignin: true,
+            });
+        }
+        return this.tenantProjectForTenantId.get(tenantId);
+    }
+    listTenants(startToken) {
+        const tenantProjects = [];
+        for (const tenantProject of this.tenantProjectForTenantId.values()) {
+            if (!startToken || tenantProject.tenantId > startToken) {
+                tenantProjects.push(tenantProject);
+            }
+        }
+        tenantProjects.sort((a, b) => {
+            if (a.tenantId < b.tenantId) {
+                return -1;
+            }
+            else if (a.tenantId > b.tenantId) {
+                return 1;
+            }
+            return 0;
+        });
+        return tenantProjects.map((tenantProject) => tenantProject.tenantConfig);
+    }
+    createTenant(tenant) {
+        for (let i = 0; i < 10; i++) {
+            const tenantId = utils_1.randomId(28);
+            const createdTenant = this.createTenantWithTenantId(tenantId, tenant);
+            if (createdTenant) {
+                return createdTenant;
+            }
+        }
+        throw new Error("Could not generate a random unique tenantId after 10 tries");
+    }
+    createTenantWithTenantId(tenantId, tenant) {
+        if (this.tenantProjectForTenantId.has(tenantId)) {
+            return undefined;
+        }
+        tenant.name = `projects/${this.projectId}/tenants/${tenantId}`;
+        tenant.tenantId = tenantId;
+        this.tenantProjectForTenantId.set(tenantId, new TenantProjectState(this.projectId, tenantId, tenant, this));
+        return tenant;
+    }
+    deleteTenant(tenantId) {
+        this.tenantProjectForTenantId.delete(tenantId);
+    }
+}
+exports.AgentProjectState = AgentProjectState;
+class TenantProjectState extends ProjectState {
+    constructor(projectId, tenantId, _tenantConfig, parentProject) {
+        super(projectId);
+        this.tenantId = tenantId;
+        this._tenantConfig = _tenantConfig;
+        this.parentProject = parentProject;
+    }
+    get oneAccountPerEmail() {
+        return this.parentProject.oneAccountPerEmail;
+    }
+    get authCloudFunction() {
+        return this.parentProject.authCloudFunction;
+    }
+    get usageMode() {
+        return this.parentProject.usageMode;
+    }
+    get tenantConfig() {
+        return this._tenantConfig;
+    }
+    get allowPasswordSignup() {
+        return this._tenantConfig.allowPasswordSignup;
+    }
+    get disableAuth() {
+        return this._tenantConfig.disableAuth;
+    }
+    get mfaConfig() {
+        return this._tenantConfig.mfaConfig;
+    }
+    get enableAnonymousUser() {
+        return this._tenantConfig.enableAnonymousUser;
+    }
+    get enableEmailLinkSignin() {
+        return this._tenantConfig.enableEmailLinkSignin;
+    }
+    delete() {
+        this.parentProject.deleteTenant(this.tenantId);
+    }
+    updateTenant(update, updateMask) {
+        var _a, _b, _c, _d, _e;
+        if (!updateMask) {
+            const mfaConfig = (_a = update.mfaConfig) !== null && _a !== void 0 ? _a : {};
+            if (!("state" in mfaConfig)) {
+                mfaConfig.state = "DISABLED";
+            }
+            if (!("enabledProviders" in mfaConfig)) {
+                mfaConfig.enabledProviders = [];
+            }
+            this._tenantConfig = {
+                tenantId: this.tenantId,
+                name: this.tenantConfig.name,
+                allowPasswordSignup: (_b = update.allowPasswordSignup) !== null && _b !== void 0 ? _b : false,
+                disableAuth: (_c = update.disableAuth) !== null && _c !== void 0 ? _c : false,
+                mfaConfig: mfaConfig,
+                enableAnonymousUser: (_d = update.enableAnonymousUser) !== null && _d !== void 0 ? _d : false,
+                enableEmailLinkSignin: (_e = update.enableEmailLinkSignin) !== null && _e !== void 0 ? _e : false,
+                displayName: update.displayName,
+            };
+            return this.tenantConfig;
+        }
+        const paths = updateMask.split(",");
+        for (const path of paths) {
+            const fields = path.split(".");
+            let updateField = update;
+            let existingField = this._tenantConfig;
+            let field;
+            for (let i = 0; i < fields.length - 1; i++) {
+                field = fields[i];
+                if (updateField[field] == null) {
+                    console.warn(`Unable to find field '${field}' in update '${updateField}`);
+                    break;
+                }
+                if (Array.isArray(updateField[field]) ||
+                    Object(updateField[field]) !== updateField[field]) {
+                    console.warn(`Field '${field}' is singular and cannot have sub-fields`);
+                    break;
+                }
+                if (!existingField[field]) {
+                    existingField[field] = {};
+                }
+                updateField = updateField[field];
+                existingField = existingField[field];
+            }
+            field = fields[fields.length - 1];
+            if (updateField[field] == null) {
+                console.warn(`Unable to find field '${field}' in update '${JSON.stringify(updateField)}`);
+                continue;
+            }
+            existingField[field] = updateField[field];
+        }
+        return this.tenantConfig;
+    }
+}
+exports.TenantProjectState = TenantProjectState;
 function getProviderEmailsForUser(user) {
     var _a;
     const emails = new Set();
@@ -423,3 +618,8 @@ function getProviderEmailsForUser(user) {
     });
     return emails;
 }
+var UsageMode;
+(function (UsageMode) {
+    UsageMode["DEFAULT"] = "DEFAULT";
+    UsageMode["PASSTHROUGH"] = "PASSTHROUGH";
+})(UsageMode = exports.UsageMode || (exports.UsageMode = {}));

package/lib/emulator/auth/widget_ui.js

@@ -488,7 +488,7 @@ exports.WIDGET_UI = `
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>Auth Emulator IDP Login Widget</title>
-<link href="https://unpkg.com/material-components-web@latest/dist/material-components-web.min.css" rel="stylesheet">
+<link href="https://unpkg.com/material-components-web@10/dist/material-components-web.min.css" rel="stylesheet">
 <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
 <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500&display=swap" rel="stylesheet">
 <style>${STYLE}</style>
@@ -601,6 +601,6 @@ exports.WIDGET_UI = `
     </div>
   </div>
 </div>
-<script src="https://unpkg.com/material-components-web@latest/dist/material-components-web.min.js"></script>
+<script src="https://unpkg.com/material-components-web@10/dist/material-components-web.min.js"></script>
 <script>${SCRIPT}</script>
 `;

package/lib/emulator/download.js

@@ -1,23 +1,21 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.downloadEmulator = void 0;
-const url_1 = require("url");
 const crypto = require("crypto");
 const fs = require("fs-extra");
 const path = require("path");
-const ProgressBar = require("progress");
 const tmp = require("tmp");
 const unzipper = require("unzipper");
-const apiv2_1 = require("../apiv2");
 const emulatorLogger_1 = require("./emulatorLogger");
 const error_1 = require("../error");
 const downloadableEmulators = require("./downloadableEmulators");
+const downloadUtils = require("../downloadUtils");
 tmp.setGracefulCleanup();
 async function downloadEmulator(name) {
     const emulator = downloadableEmulators.getDownloadDetails(name);
     emulatorLogger_1.EmulatorLogger.forEmulator(name).logLabeled("BULLET", name, `downloading ${path.basename(emulator.downloadPath)}...`);
     fs.ensureDirSync(emulator.opts.cacheDir);
-    const tmpfile = await downloadToTmp(emulator.opts.remoteUrl);
+    const tmpfile = await downloadUtils.downloadToTmp(emulator.opts.remoteUrl);
     if (!emulator.opts.skipChecksumAndSize) {
         await validateSize(tmpfile, emulator.opts.expectedSize);
         await validateChecksum(tmpfile, emulator.opts.expectedChecksum);
@@ -58,33 +56,6 @@ function removeOldFiles(name, emulator, removeAllVersions = false) {
         }
     }
 }
-async function downloadToTmp(remoteUrl) {
-    const u = new url_1.URL(remoteUrl);
-    const c = new apiv2_1.Client({ urlPrefix: u.origin, auth: false });
-    const tmpfile = tmp.fileSync();
-    const writeStream = fs.createWriteStream(tmpfile.name);
-    const res = await c.request({
-        method: "GET",
-        path: u.pathname,
-        queryParams: u.searchParams,
-        responseType: "stream",
-        resolveOnHTTPError: true,
-    });
-    if (res.status !== 200) {
-        throw new error_1.FirebaseError(`download failed, status ${res.status}`, { exit: 1 });
-    }
-    const total = parseInt(res.response.headers.get("content-length") || "0", 10);
-    const totalMb = Math.ceil(total / 1000000);
-    const bar = new ProgressBar(`Progress: :bar (:percent of ${totalMb}MB)`, { total, head: ">" });
-    res.body.on("data", (chunk) => {
-        bar.tick(chunk.length);
-    });
-    await new Promise((resolve) => {
-        writeStream.on("finish", resolve);
-        res.body.pipe(writeStream);
-    });
-    return tmpfile.name;
-}
 function validateSize(filepath, expectedSize) {
     return new Promise((resolve, reject) => {
         const stat = fs.statSync(filepath);

package/lib/emulator/downloadableEmulators.js

@@ -50,15 +50,15 @@ exports.DownloadDetails = {
         },
     },
     ui: {
-        version: "1.6.3",
-        downloadPath: path.join(CACHE_DIR, "ui-v1.6.3.zip"),
-        unzipDir: path.join(CACHE_DIR, "ui-v1.6.3"),
-        binaryPath: path.join(CACHE_DIR, "ui-v1.6.3", "server.bundle.js"),
+        version: "1.6.4",
+        downloadPath: path.join(CACHE_DIR, "ui-v1.6.4.zip"),
+        unzipDir: path.join(CACHE_DIR, "ui-v1.6.4"),
+        binaryPath: path.join(CACHE_DIR, "ui-v1.6.4", "server.bundle.js"),
         opts: {
             cacheDir: CACHE_DIR,
-            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.3.zip",
-            expectedSize: 3757268,
-            expectedChecksum: "153090a46072545aadeb307397cc8f45",
+            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/ui-v1.6.4.zip",
+            expectedSize: 3757300,
+            expectedChecksum: "20d4ee71e4ff7527b1843b6a8636142e",
             namePrefix: "ui",
         },
     },

package/lib/emulator/emulatorLogger.js

@@ -168,9 +168,6 @@ You can probably fix this by running "npm install ${systemLog.data.name}@latest"
             case "function-runtimeconfig-json-invalid":
                 this.log("WARN", "Found .runtimeconfig.json but the JSON format is invalid.");
                 break;
-            case "function-env-load-failed":
-                this.log("WARN", "Failed to load environment variables: " + systemLog.text);
-                break;
             default:
         }
     }

package/lib/emulator/events/types.js

@@ -9,5 +9,21 @@ class EventUtils {
     static isLegacyEvent(proto) {
         return _.has(proto, "data") && _.has(proto, "resource");
     }
+    static isBinaryCloudEvent(req) {
+        return !!(req.header("ce-type") &&
+            req.header("ce-specversion") &&
+            req.header("ce-source") &&
+            req.header("ce-id"));
+    }
+    static extractBinaryCloudEventContext(req) {
+        const context = {};
+        for (const name of Object.keys(req.headers)) {
+            if (name.startsWith("ce-")) {
+                const attributeName = name.substr("ce-".length);
+                context[attributeName] = req.header(name);
+            }
+        }
+        return context;
+    }
 }
 exports.EventUtils = EventUtils;