Remove usage of the NODE_ADMIN global in RTDB

packages/database/index.node.ts

@@ -51,13 +51,19 @@ const ServerValue = Database.ServerValue;
  * @param app A valid FirebaseApp-like object
  * @param url A valid Firebase databaseURL
  * @param version custom version e.g. firebase-admin version
+ * @param nodeAdmin true if the SDK is being initialized from Firebase Admin.
  */
-export function initStandalone(app: FirebaseApp, url: string, version: string) {
+export function initStandalone(
+  app: FirebaseApp,
+  url: string,
+  version: string,
+  nodeAdmin: boolean = true
+) {
   /**
    * This should allow the firebase-admin package to provide a custom version
    * to the backend
    */
-  CONSTANTS.NODE_ADMIN = true;
+  CONSTANTS.NODE_ADMIN = nodeAdmin;
   setSDKVersion(version);
 
   /**
@@ -84,7 +90,8 @@ export function initStandalone(app: FirebaseApp, url: string, version: string) {
     instance: RepoManager.getInstance().databaseFromApp(
       app,
       authProvider,
-      url
+      url,
+      nodeAdmin
     ) as types.Database,
     namespace: {
       Reference,

packages/database/src/core/PersistentConnection.ts

@@ -796,7 +796,7 @@ export class PersistentConnection extends ServerActions {
         .then(null, error => {
           self.log_('Failed to get token: ' + error);
           if (!canceled) {
-            if (CONSTANTS.NODE_ADMIN) {
+            if (this.repoInfo_.nodeAdmin) {
               // This may be a critical error for the Admin Node.js SDK, so log a warning.
               // But getToken() may also just have temporarily failed, so we still want to
               // continue retrying.
@@ -959,10 +959,12 @@ export class PersistentConnection extends ServerActions {
     const stats: { [k: string]: number } = {};
 
     let clientName = 'js';
-    if (CONSTANTS.NODE_ADMIN) {
-      clientName = 'admin_node';
-    } else if (CONSTANTS.NODE_CLIENT) {
-      clientName = 'node';
+    if (isNodeSdk()) {
+      if (this.repoInfo_.nodeAdmin) {
+        clientName = 'admin_node';
+      } else {
+        clientName = 'node';
+      }
     }
 
     stats['sdk.' + clientName + '.' + SDK_VERSION.replace(/\./g, '-')] = 1;

packages/database/src/core/RepoInfo.ts

@@ -43,7 +43,8 @@ export class RepoInfo {
     public namespace: string,
     public webSocketOnly: boolean,
     public persistenceKey: string = '',
-    public includeNamespaceInQueryParams: boolean = false
+    public includeNamespaceInQueryParams: boolean = false,
+    public nodeAdmin: boolean = false
   ) {
     this.host = host.toLowerCase();
     this.domain = this.host.substr(this.host.indexOf('.') + 1);
@@ -73,6 +74,10 @@ export class RepoInfo {
     );
   }
 
+  setNodeAdmin(nodeAdmin: boolean) {
+    this.nodeAdmin = nodeAdmin;
+  }
+
   updateHost(newHost: string) {
     if (newHost !== this.internalHost) {
       this.internalHost = newHost;

packages/database/src/core/RepoManager.ts

@@ -99,7 +99,8 @@ export class RepoManager {
   databaseFromApp(
     app: FirebaseApp,
     authProvider: Provider<FirebaseAuthInternalName>,
-    url?: string
+    url?: string,
+    nodeAdmin?: boolean
   ): Database {
     let dbUrl: string | undefined = url || app.options[DATABASE_URL_OPTION];
     if (dbUrl === undefined) {
@@ -129,8 +130,12 @@ export class RepoManager {
       isEmulator = !parsedUrl.repoInfo.secure;
     }
 
+    if (nodeAdmin) {
+      repoInfo.setNodeAdmin(nodeAdmin);
+    }
+
     const authTokenProvider =
-      CONSTANTS.NODE_ADMIN && isEmulator
+      nodeAdmin && isEmulator
         ? new EmulatorAdminTokenProvider()
         : new FirebaseAuthTokenProvider(app, authProvider);
 

packages/database/src/realtime/WebSocketConnection.ts

@@ -76,6 +76,7 @@ export class WebSocketConnection implements Transport {
   private stats_: StatsCollection;
   private everConnected_: boolean;
   private isClosed_: boolean;
+  private nodeAdmin: boolean;
 
   /**
    * @param connId identifier for this transport
@@ -99,6 +100,7 @@ export class WebSocketConnection implements Transport {
       transportSessionId,
       lastSessionId
     );
+    this.nodeAdmin = repoInfo.nodeAdmin;
   }
 
   /**
@@ -151,7 +153,7 @@ export class WebSocketConnection implements Transport {
 
     try {
       if (isNodeSdk()) {
-        const device = ENV_CONSTANTS.NODE_ADMIN ? 'AdminNode' : 'Node';
+        const device = this.nodeAdmin ? 'AdminNode' : 'Node';
         // UA Format: Firebase/<wire_protocol>/<sdk_version>/<platform>/<device>
         const options: { [k: string]: object } = {
           headers: {

packages/rules-unit-testing/test/database.test.ts

@@ -152,6 +152,44 @@ describe('Testing Module Tests', function () {
     );
   });
 
+  it('initializeAdminApp() and initializeTestApp() work together', async function () {
+    await firebase.loadDatabaseRules({
+      databaseName: 'foo',
+      rules: JSON.stringify({
+        'rules': {
+          'public': { '.read': true, '.write': true },
+          'private': { '.read': false, '.write': false }
+        }
+      })
+    });
+
+    const adminApp = firebase.initializeAdminApp({
+      projectId: 'foo',
+      databaseName: 'foo'
+    });
+
+    const testApp = firebase.initializeTestApp({
+      projectId: 'foo',
+      databaseName: 'foo'
+    });
+
+    // Admin app can write anywhere
+    await firebase.assertSucceeds(
+      adminApp.database().ref().child('/public/doc').set({ hello: 'admin' })
+    );
+    await firebase.assertSucceeds(
+      adminApp.database().ref().child('/private/doc').set({ hello: 'admin' })
+    );
+
+    // Test app can only write to public, not to private
+    await firebase.assertSucceeds(
+      testApp.database().ref().child('/public/doc').set({ hello: 'test' })
+    );
+    await firebase.assertFails(
+      testApp.database().ref().child('/private/doc').set({ hello: 'test' })
+    );
+  });
+
   it('loadDatabaseRules() throws if no databaseName or rules', async function () {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     await expect((firebase as any).loadDatabaseRules.bind(null, {})).to.throw(