fix(storage): Fix getDownloadURL permission error when connected to emulator

[amalej]

Hey there! So you want to contribute to a Firebase SDK?
Before you file this pull request, please read these guidelines:

Discussion

• Read the contribution guidelines (CONTRIBUTING.md).
• If this has been discussed in an issue, make sure to link to the issue here.
  If not, go file an issue about this before creating a pull request to discuss.

Testing

• Make sure all existing tests in the repository pass after your change.
• If you fixed a bug or added a feature, add a new test to cover your code.

API Changes

• At this time we cannot accept changes that affect the public API. If you'd like to help
  us make Firebase APIs better, please propose your change in an issue so that we
  can discuss it together.

---

fixes #2344

sets Authorization header as Bearer owner which bypasses emulator permissions. Similar to other API calls like

firebase-admin-node/src/auth/auth-api-request.ts

Lines 229 to 239 in 255851b

	class AuthHttpClient extends AuthorizedHttpClient {
	protected getToken(): Promise<string> {
	if (useEmulator()) {
	return Promise.resolve('owner');
	}
	return super.getToken();
	}
	}

[gemini-code-assist]

Summary of Changes

Hello @amalej, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a specific issue where getDownloadURL calls would fail due to permission errors when interacting with the Firebase Storage emulator. By programmatically adding a Bearer owner authorization header to these requests when an emulator is detected, the changes ensure that the download URL retrieval process functions seamlessly in local development and testing environments, aligning with how other Firebase services handle emulator interactions.

Highlights

• Emulator Compatibility: The pull request addresses a permission error encountered when using getDownloadURL with the Firebase Storage emulator by introducing an Authorization header.
• Authorization Header: An Authorization: 'Bearer owner' header is now conditionally added to requests made to the storage emulator, allowing them to bypass permission checks.
• getFirebaseMetadata Update: The getFirebaseMetadata utility function has been updated to accept and forward an optional headers object, enabling custom headers for API calls.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly fixes a permission error when using getDownloadURL with the Storage emulator by adding the Authorization: 'Bearer owner' header. The changes are logical and address the issue described.

I have one suggestion to add a comment explaining the purpose of the 'Bearer owner' magic string to improve code maintainability.

Additionally, for future consideration, the emulator detection logic in getDownloadURL relies solely on process.env.STORAGE_EMULATOR_HOST. It might be beneficial to align this with other parts of the SDK that also check for process.env.FIREBASE_STORAGE_EMULATOR_HOST to ensure consistent behavior. This could be addressed in a follow-up.

[gemini-code-assist]

The string 'Bearer owner' is a special value used to bypass security rules in the Firebase emulator. Adding a brief comment here would improve code clarity for future maintainers who might not be familiar with this emulator-specific behavior.

Suggested change

	? { Authorization: 'Bearer owner' }
	? { Authorization: 'Bearer owner' } // Bypass emulator security rules