Add Node debug token support

[hsubox76]

Add ability for App Check to use debug token in Node by using globalThis.

In app-check/src/util.ts, self is also used in self.grecaptcha and I left that alone because Node can't use grecaptcha anyway.

See question about headers.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7cbf046

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[hsubox76]

Added this comment to place a discussion about this section. The next 5 lines were added in https://github.com/FirebasePrivate/firebase-js-sdk/pull/239/files#diff-ddbaa9e762a6010e5a0aa0c8048d48deea15594f14caa3d51e68b283f36e489fR171

I was wondering if I could get some more info about why only the Authorization header is sent if it's admin node, and only the AppCheck header is sent if it's client node? @schmidt-sebastian ?

To help answer the questions raised in the discussion started here: #4833 (comment)

[jsdt]

On node, we want to send the Authorization header if the user has admin credentials. I probably wrote this without knowing that there is a node client SDK. Assuming the node client SDK can use admin creds, this should be checking if the authToken looks like an admin credential.

For more context, if a client has admin credentials, we skip any appcheck-related checks on the server side, which is why we send admin creds in the header (and no appcheck token). If the client has any other type of credentials, they will eventually be sent after the connection is established, but they won't effect whether the initial request to establish a connection is allowed (only the appcheck header matters there).

[hsubox76]

Thanks. As far as I know, the Node client SDK should never have admin creds so looks like we'll always want to send the AppCheck token.

(Which would probably only be the dummy token or the debug token because Node can't do reCAPTCHA. Or possibly a token from a custom provider.)

[google-oss-bot]

Size Analysis Report

Affected Products

Diffs between base commit (919413c) and head commit (ff74ad4) are too large (479,509 characters) to display.

Please check below links to see details from the original test log.

Test Logs

• Head (ff74ad4): https://github.com/firebase/firebase-js-sdk/actions/runs/797832555

[google-oss-bot]

Binary Size Report

Affected SDKs

• @firebase/database

  Type	Base (919413c)	Head (ff74ad4)	Diff
  browser	295 kB	296 kB	+535 B (+0.2%)
  esm2017	264 kB	265 kB	+526 B (+0.2%)
  main	298 kB	298 kB	+520 B (+0.2%)
  module	295 kB	296 kB	+535 B (+0.2%)

• @firebase/database-compat

  Type	Base (919413c)	Head (ff74ad4)	Diff
  browser	86.3 kB	86.3 kB	+19 B (+0.0%)
  main	102 kB	102 kB	+48 B (+0.0%)
  module	86.3 kB	86.3 kB	+19 B (+0.0%)

• @firebase/database-exp

  Type	Base (919413c)	Head (ff74ad4)	Diff
  browser	245 kB	246 kB	+507 B (+0.2%)
  main	277 kB	278 kB	+472 B (+0.2%)
  module	245 kB	246 kB	+507 B (+0.2%)

• @firebase/util

  Type	Base (919413c)	Head (ff74ad4)	Diff
  browser	20.2 kB	21.2 kB	+981 B (+4.9%)
  esm2017	19.0 kB	20.0 kB	+991 B (+5.2%)
  main	24.6 kB	25.8 kB	+1.17 kB (+4.8%)
  module	20.2 kB	21.2 kB	+981 B (+4.9%)

• firebase

  Type	Base (919413c)	Head (ff74ad4)	Diff
  firebase-database.js	186 kB	187 kB	+883 B (+0.5%)
  firebase.js	873 kB	874 kB	+886 B (+0.1%)

Test Logs

• Base (919413cd): https://github.com/firebase/firebase-js-sdk/actions/runs/790799128
• Head (ff74ad4b): https://github.com/firebase/firebase-js-sdk/actions/runs/797832555

[Feiyang1]

LGTM. Can we add what is discussed here to the comment?

[hsubox76]

LGTM. Can we add what is discussed here to the comment?

Yes, added.