Merge master into release

Author: google-oss-bot

.changeset/quiet-cycles-complain.md

@@ -0,0 +1,5 @@
+---
+'@firebase/webchannel-wrapper': patch
+---
+
+Fix the new `experimentalLongPollingOptions.timeoutSeconds` setting, which was released in v9.22.0 but didn't work.

.changeset/rude-adults-rest.md

@@ -0,0 +1,7 @@
+---
+'@firebase/app-check-interop-types': minor
+'@firebase/app-check': minor
+'@firebase/functions': minor
+---
+
+Add support for App Check replay protection in callable functions

common/api-review/functions.api.md

@@ -43,6 +43,7 @@ export function httpsCallableFromURL<RequestData = unknown, ResponseData = unkno
 
 // @public
 export interface HttpsCallableOptions {
+    limitedUseAppCheckTokens?: boolean;
     timeout?: number;
 }
 

config/functions/index.js

@@ -76,6 +76,15 @@ exports.instanceIdTest = functions.https.onRequest((request, response) => {
   });
 });
 
+exports.appCheckTest = functions.https.onRequest((request, response) => {
+  cors(request, response, () => {
+    const token = request.get('X-Firebase-AppCheck');
+    assert.equal(token !== undefined, true);
+    assert.deepEqual(request.body, { data: {} });
+    response.send({ data: { token } });
+  });
+});
+
 exports.nullTest = functions.https.onRequest((request, response) => {
   cors(request, response, () => {
     assert.deepEqual(request.body, { data: null });

docs-devsite/firestore_.firestoresettings.md

@@ -23,7 +23,7 @@ export declare interface FirestoreSettings
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [cacheSizeBytes](./firestore_.firestoresettings.md#firestoresettingscachesizebytes) | number | NOTE: This field will be deprecated in a future major release. Use <code>cache</code> field instead to specify cache size, and other cache configurations.<!-- -->An approximate cache size threshold for the on-disk data. If the cache grows beyond this size, Firestore will start removing data that hasn't been recently used. The size is not a guarantee that the cache will stay below that size, only that if the cache exceeds the given size, cleanup will be attempted.<!-- -->The default value is 40 MB. The threshold must be set to at least 1 MB, and can be set to <code>CACHE_SIZE_UNLIMITED</code> to disable garbage collection. |
-|  [experimentalAutoDetectLongPolling](./firestore_.firestoresettings.md#firestoresettingsexperimentalautodetectlongpolling) | boolean | Configures the SDK's underlying transport (WebChannel) to automatically detect if long-polling should be used. This is very similar to <code>experimentalForceLongPolling</code>, but only uses long-polling if required.<!-- -->After having had a default value of <code>false</code> since its inception in 2019, the default value of this setting was changed in mid-2023 to <code>true</code>. That is, auto-detection of long polling is now enabled by default. To disable it, set this setting to <code>false</code>, and please open a GitHub issue to share the problems that motivated you disabling long-polling auto-detection. |
+|  [experimentalAutoDetectLongPolling](./firestore_.firestoresettings.md#firestoresettingsexperimentalautodetectlongpolling) | boolean | Configures the SDK's underlying transport (WebChannel) to automatically detect if long-polling should be used. This is very similar to <code>experimentalForceLongPolling</code>, but only uses long-polling if required.<!-- -->After having had a default value of <code>false</code> since its inception in 2019, the default value of this setting was changed in May 2023 to <code>true</code> in v9.22.0 of the Firebase JavaScript SDK. That is, auto-detection of long polling is now enabled by default. To disable it, set this setting to <code>false</code>, and please open a GitHub issue to share the problems that motivated you disabling long-polling auto-detection. |
 |  [experimentalForceLongPolling](./firestore_.firestoresettings.md#firestoresettingsexperimentalforcelongpolling) | boolean | Forces the SDK’s underlying network transport (WebChannel) to use long-polling. Each response from the backend will be closed immediately after the backend sends data (by default responses are kept open in case the backend has more data to send). This avoids incompatibility issues with certain proxies, antivirus software, etc. that incorrectly buffer traffic indefinitely. Use of this option will cause some performance degradation though.<!-- -->This setting cannot be used with <code>experimentalAutoDetectLongPolling</code> and may be removed in a future release. If you find yourself using it to work around a specific network reliability issue, please tell us about it in https://github.com/firebase/firebase-js-sdk/issues/1674. |
 |  [experimentalLongPollingOptions](./firestore_.firestoresettings.md#firestoresettingsexperimentallongpollingoptions) | [ExperimentalLongPollingOptions](./firestore_.experimentallongpollingoptions.md#experimentallongpollingoptions_interface) | Options that configure the SDK’s underlying network transport (WebChannel) when long-polling is used.<!-- -->These options are only used if <code>experimentalForceLongPolling</code> is true or if <code>experimentalAutoDetectLongPolling</code> is true and the auto-detection determined that long-polling was needed. Otherwise, these options have no effect. |
 |  [host](./firestore_.firestoresettings.md#firestoresettingshost) | string | The hostname to connect to. |
@@ -49,7 +49,7 @@ cacheSizeBytes?: number;
 
 Configures the SDK's underlying transport (WebChannel) to automatically detect if long-polling should be used. This is very similar to `experimentalForceLongPolling`<!-- -->, but only uses long-polling if required.
 
-After having had a default value of `false` since its inception in 2019, the default value of this setting was changed in mid-2023 to `true`<!-- -->. That is, auto-detection of long polling is now enabled by default. To disable it, set this setting to `false`<!-- -->, and please open a GitHub issue to share the problems that motivated you disabling long-polling auto-detection.
+After having had a default value of `false` since its inception in 2019, the default value of this setting was changed in May 2023 to `true` in v9.22.0 of the Firebase JavaScript SDK. That is, auto-detection of long polling is now enabled by default. To disable it, set this setting to `false`<!-- -->, and please open a GitHub issue to share the problems that motivated you disabling long-polling auto-detection.
 
 <b>Signature:</b>
 

docs-devsite/functions.httpscallableoptions.md

@@ -22,8 +22,19 @@ export interface HttpsCallableOptions
 
 |  Property | Type | Description |
 |  --- | --- | --- |
+|  [limitedUseAppCheckTokens](./functions.httpscallableoptions.md#httpscallableoptionslimiteduseappchecktokens) | boolean | If set to true, uses limited-use App Check token for callable function requests from this instance of [Functions](./functions.functions.md#functions_interface)<!-- -->. You must use limited-use tokens to call functions with replay protection enabled. By default, this is false. |
 |  [timeout](./functions.httpscallableoptions.md#httpscallableoptionstimeout) | number | Time in milliseconds after which to cancel if there is no response. Default is 70000. |
 
+## HttpsCallableOptions.limitedUseAppCheckTokens
+
+If set to true, uses limited-use App Check token for callable function requests from this instance of [Functions](./functions.functions.md#functions_interface)<!-- -->. You must use limited-use tokens to call functions with replay protection enabled. By default, this is false.
+
+<b>Signature:</b>
+
+```typescript
+limitedUseAppCheckTokens?: boolean;
+```
+
 ## HttpsCallableOptions.timeout
 
 Time in milliseconds after which to cancel if there is no response. Default is 70000.

packages/app-check-interop-types/index.d.ts

@@ -20,6 +20,10 @@ export interface FirebaseAppCheckInternal {
   // is present. Returns null if no token is present and no token requests are in-flight.
   getToken(forceRefresh?: boolean): Promise<AppCheckTokenResult>;
 
+  // Always returns a fresh limited-use token suitable for Replay Protection.
+  // The returned token must be used and consumed as soon as possible.
+  getLimitedUseToken(): Promise<AppCheckTokenResult>;
+
   // Registers a listener to changes in the token state. There can be more than one listener
   // registered at the same time for one or more FirebaseAppAttestation instances. The
   // listeners call back on the UI thread whenever the current token associated with this

packages/app-check/src/factory.ts

@@ -20,6 +20,7 @@ import { FirebaseApp, _FirebaseService } from '@firebase/app';
 import { FirebaseAppCheckInternal, ListenerType } from './types';
 import {
   getToken,
+  getLimitedUseToken,
   addTokenListener,
   removeTokenListener
 } from './internal-api';
@@ -55,6 +56,7 @@ export function internalFactory(
 ): FirebaseAppCheckInternal {
   return {
     getToken: forceRefresh => getToken(appCheck, forceRefresh),
+    getLimitedUseToken: () => getLimitedUseToken(appCheck),
     addTokenListener: listener =>
       addTokenListener(appCheck, ListenerType.INTERNAL, listener),
     removeTokenListener: listener => removeTokenListener(appCheck.app, listener)

packages/app-check/src/types.ts

@@ -24,6 +24,10 @@ export interface FirebaseAppCheckInternal {
   // is present. Returns null if no token is present and no token requests are in-flight.
   getToken(forceRefresh?: boolean): Promise<AppCheckTokenResult>;
 
+  // Get a Limited use Firebase App Check token. This method should be used
+  // only if you need to authorize requests to a non-Firebase backend. Returns null if no token is present and no token requests are in-flight.
+  getLimitedUseToken(): Promise<AppCheckTokenResult>;
+
   // Registers a listener to changes in the token state. There can be more than one listener
   // registered at the same time for one or more FirebaseAppAttestation instances. The
   // listeners call back on the UI thread whenever the current token associated with this

packages/firestore/src/api/settings.ts

@@ -90,10 +90,11 @@ export interface FirestoreSettings extends LiteSettings {
    * `experimentalForceLongPolling`, but only uses long-polling if required.
    *
    * After having had a default value of `false` since its inception in 2019,
-   * the default value of this setting was changed in mid-2023 to `true`. That
-   * is, auto-detection of long polling is now enabled by default. To disable
-   * it, set this setting to `false`, and please open a GitHub issue to share
-   * the problems that motivated you disabling long-polling auto-detection.
+   * the default value of this setting was changed in May 2023 to `true` in
+   * v9.22.0 of the Firebase JavaScript SDK. That is, auto-detection of long
+   * polling is now enabled by default. To disable it, set this setting to
+   * `false`, and please open a GitHub issue to share the problems that
+   * motivated you disabling long-polling auto-detection.
    */
   experimentalAutoDetectLongPolling?: boolean;
 

packages/functions/src/callable.test.ts

@@ -32,6 +32,10 @@ import {
   FirebaseAuthInternal,
   FirebaseAuthInternalName
 } from '@firebase/auth-interop-types';
+import {
+  FirebaseAppCheckInternal,
+  AppCheckInternalComponentName
+} from '@firebase/app-check-interop-types';
 import { makeFakeApp, createTestService } from '../test/utils';
 import { httpsCallable } from './service';
 import { FUNCTIONS_TYPE } from './constants';
@@ -108,7 +112,7 @@ describe('Firebase Functions > Call', () => {
     expect(result.data).to.equal(76);
   });
 
-  it('token', async () => {
+  it('auth token', async () => {
     // mock auth-internal service
     const authMock: FirebaseAuthInternal = {
       getToken: async () => ({ accessToken: 'token' })
@@ -133,6 +137,74 @@ describe('Firebase Functions > Call', () => {
     stub.restore();
   });
 
+  it('app check token', async () => {
+    const appCheckMock: FirebaseAppCheckInternal = {
+      getToken: async () => ({ token: 'app-check-token' })
+    } as unknown as FirebaseAppCheckInternal;
+    const appCheckProvider = new Provider<AppCheckInternalComponentName>(
+      'app-check-internal',
+      new ComponentContainer('test')
+    );
+    appCheckProvider.setComponent(
+      new Component(
+        'app-check-internal',
+        () => appCheckMock,
+        ComponentType.PRIVATE
+      )
+    );
+    const functions = createTestService(
+      app,
+      region,
+      undefined,
+      undefined,
+      appCheckProvider
+    );
+
+    // Stub out the internals to get an app check token.
+    const stub = sinon.stub(appCheckMock, 'getToken').callThrough();
+    const func = httpsCallable(functions, 'appCheckTest');
+    const result = await func({});
+    expect(result.data).to.deep.equal({ token: 'app-check-token' });
+
+    expect(stub.callCount).to.equal(1);
+    stub.restore();
+  });
+
+  it('app check limited use token', async () => {
+    const appCheckMock: FirebaseAppCheckInternal = {
+      getLimitedUseToken: async () => ({ token: 'app-check-single-use-token' })
+    } as unknown as FirebaseAppCheckInternal;
+    const appCheckProvider = new Provider<AppCheckInternalComponentName>(
+      'app-check-internal',
+      new ComponentContainer('test')
+    );
+    appCheckProvider.setComponent(
+      new Component(
+        'app-check-internal',
+        () => appCheckMock,
+        ComponentType.PRIVATE
+      )
+    );
+    const functions = createTestService(
+      app,
+      region,
+      undefined,
+      undefined,
+      appCheckProvider
+    );
+
+    // Stub out the internals to get an app check token.
+    const stub = sinon.stub(appCheckMock, 'getLimitedUseToken').callThrough();
+    const func = httpsCallable(functions, 'appCheckTest', {
+      limitedUseAppCheckTokens: true
+    });
+    const result = await func({});
+    expect(result.data).to.deep.equal({ token: 'app-check-single-use-token' });
+
+    expect(stub.callCount).to.equal(1);
+    stub.restore();
+  });
+
   it('instance id', async () => {
     // Should effectively skip this test in environments where messaging doesn't work.
     // (Node, IE)

packages/functions/src/context.ts

@@ -119,9 +119,13 @@ export class ContextProvider {
     }
   }
 
-  async getAppCheckToken(): Promise<string | null> {
+  async getAppCheckToken(
+    limitedUseAppCheckTokens?: boolean
+  ): Promise<string | null> {
     if (this.appCheck) {
-      const result = await this.appCheck.getToken();
+      const result = limitedUseAppCheckTokens
+        ? await this.appCheck.getLimitedUseToken()
+        : await this.appCheck.getToken();
       if (result.error) {
         // Do not send the App Check header to the functions endpoint if
         // there was an error from the App Check exchange endpoint. The App
@@ -133,10 +137,10 @@ export class ContextProvider {
     return null;
   }
 
-  async getContext(): Promise<Context> {
+  async getContext(limitedUseAppCheckTokens?: boolean): Promise<Context> {
     const authToken = await this.getAuthToken();
     const messagingToken = await this.getMessagingToken();
-    const appCheckToken = await this.getAppCheckToken();
+    const appCheckToken = await this.getAppCheckToken(limitedUseAppCheckTokens);
     return { authToken, messagingToken, appCheckToken };
   }
 }

packages/functions/src/public-types.ts

@@ -47,6 +47,12 @@ export interface HttpsCallableOptions {
    * Default is 70000.
    */
   timeout?: number;
+  /**
+   * If set to true, uses limited-use App Check token for callable function requests from this
+   * instance of {@link Functions}. You must use limited-use tokens to call functions with
+   * replay protection enabled. By default, this is false.
+   */
+  limitedUseAppCheckTokens?: boolean;
 }
 
 /**

packages/functions/src/service.ts

@@ -277,7 +277,9 @@ async function callAtURL(
 
   // Add a header for the authToken.
   const headers: { [key: string]: string } = {};
-  const context = await functionsInstance.contextProvider.getContext();
+  const context = await functionsInstance.contextProvider.getContext(
+    options.limitedUseAppCheckTokens
+  );
   if (context.authToken) {
     headers['Authorization'] = 'Bearer ' + context.authToken;
   }

scripts/ci/notify-test-result.js

@@ -111,7 +111,9 @@ async function notifyTestResults() {
     req.end();
   });
 
-  return Promise.all([chatPromise, logPromise]);
+  return Promise.all([chatPromise, logPromise]).catch(e => {
+    console.error(e);
+  });
 }
 
 notifyTestResults();

scripts/release/utils/publish.ts

@@ -135,16 +135,7 @@ async function publishPackageInCI(
       }" >> ~/.npmrc`
     );
 
-    const spawnPromise = spawn('npm', args, { cwd: path });
-    const childProcess = spawnPromise.childProcess;
-    childProcess.stdout?.on('data', function (data) {
-      console.log(`[publishing ${pkg}] stdout: `, data.toString());
-    });
-    childProcess.stderr?.on('data', function (data) {
-      console.log(`[publishing ${pkg}] stderr: `, data.toString());
-    });
-    await spawnPromise;
-    return spawnPromise;
+    return spawn('npm', args, { cwd: path });
   } catch (err) {
     throw err;
   }