refactor: HTTP clients and add AppRegistry tests (#108)

* refactor(dart): apply DRY pattern to HTTP clients for consistent client/projectId handling

Add `_run` helper method to MessagingHttpClient, SecurityRulesHttpClient, and AppCheckHttpClient that accepts both client and projectId as callback parameters. This eliminates redundant `await app.client` calls and centralizes client/projectId retrieval logic.

* refactor: update exception constructors to use FirebaseServiceType for consistency

* test: add AppRegistry tests for singleton behavior and environment options

* refactor: update pubspec.yaml for workspace resolution and dependency management

Author: demolaf

packages/dart_firebase_admin/coverage.lcov

@@ -1,13 +1,9 @@
 name: dart_firebase_admin_example
 publish_to: none
+resolution: workspace
 
 environment:
   sdk: '>=3.9.0 <4.0.0'
 
 dependencies:
-  dart_firebase_admin:
-    path: ../
-
-dependency_overrides:
-  googleapis_auth_utils:
-    path: ../../googleapis_auth_utils
+  dart_firebase_admin: any

packages/dart_firebase_admin/example/pubspec.yaml

@@ -1,6 +1,7 @@
 import 'dart:async';
 
 import 'package:googleapis/firebaseappcheck/v1.dart' as appcheck1;
+import 'package:googleapis_auth/auth_io.dart' as googleapis_auth;
 import 'package:googleapis_auth_utils/googleapis_auth_utils.dart';
 import 'package:googleapis_beta/firebaseappcheck/v1beta.dart' as appcheck1_beta;
 import 'package:meta/meta.dart';

packages/dart_firebase_admin/lib/src/app_check/app_check.dart

@@ -44,7 +44,7 @@ enum AppCheckErrorCode {
 /// [message] - The error message.
 class FirebaseAppCheckException extends FirebaseAdminException {
   FirebaseAppCheckException(AppCheckErrorCode code, [String? _message])
-    : super('app-check', code.code, _message);
+    : super(FirebaseServiceType.appCheck.name, code.code, _message);
 
   factory FirebaseAppCheckException.fromJwtException(JwtException error) {
     if (error.code == JwtErrorCode.tokenExpired) {

packages/dart_firebase_admin/lib/src/app_check/app_check_exception.dart

@@ -20,34 +20,36 @@ class AppCheckHttpClient {
     return 'projects/$projectId';
   }
 
-  /// Executes an App Check v1 API operation with automatic projectId injection.
-  Future<R> v1<R>(
-    Future<R> Function(appcheck1.FirebaseappcheckApi client, String projectId)
-    fn,
+  Future<R> _run<R>(
+    Future<R> Function(googleapis_auth.AuthClient client, String projectId) fn,
   ) async {
     final client = await app.client;
     final projectId = await client.getProjectId(
       projectIdOverride: app.options.projectId,
       environment: Zone.current[envSymbol] as Map<String, String>?,
     );
-    return fn(appcheck1.FirebaseappcheckApi(client), projectId);
+    return fn(client, projectId);
   }
 
+  /// Executes an App Check v1 API operation with automatic projectId injection.
+  Future<R> v1<R>(
+    Future<R> Function(appcheck1.FirebaseappcheckApi client, String projectId)
+    fn,
+  ) => _run(
+    (client, projectId) => fn(appcheck1.FirebaseappcheckApi(client), projectId),
+  );
+
   /// Executes an App Check v1Beta API operation with automatic projectId injection.
   Future<R> v1Beta<R>(
     Future<R> Function(
       appcheck1_beta.FirebaseappcheckApi client,
       String projectId,
     )
     fn,
-  ) async {
-    final client = await app.client;
-    final projectId = await client.getProjectId(
-      projectIdOverride: app.options.projectId,
-      environment: Zone.current[envSymbol] as Map<String, String>?,
-    );
-    return fn(appcheck1_beta.FirebaseappcheckApi(client), projectId);
-  }
+  ) => _run(
+    (client, projectId) =>
+        fn(appcheck1_beta.FirebaseappcheckApi(client), projectId),
+  );
 
   /// Exchange a custom token for an App Check token (low-level API call).
   ///

packages/dart_firebase_admin/lib/src/app_check/app_check_http_client.dart

@@ -3,7 +3,11 @@ part of '../auth.dart';
 class FirebaseAuthAdminException extends FirebaseAdminException
     implements Exception {
   FirebaseAuthAdminException(this.errorCode, [String? message])
-    : super('auth', errorCode.code, message ?? errorCode.message);
+    : super(
+        FirebaseServiceType.auth.name,
+        errorCode.code,
+        message ?? errorCode.message,
+      );
 
   factory FirebaseAuthAdminException.fromServerError({
     required String serverErrorCode,

packages/dart_firebase_admin/lib/src/auth/auth_exception.dart

@@ -44,8 +44,6 @@ class AuthHttpClient {
     return app.client;
   }
 
-  // TODO handle tenants
-
   /// Builds the parent resource path for project-level operations.
   String buildParent(String projectId) {
     return 'projects/$projectId';
@@ -61,6 +59,11 @@ class AuthHttpClient {
     return 'projects/$projectId/inboundSamlConfigs/$parentId';
   }
 
+  /// Builds the resource path for a specific tenant.
+  String buildTenantParent(String projectId, String tenantId) {
+    return 'projects/$projectId/tenants/$tenantId';
+  }
+
   Future<auth1.GoogleCloudIdentitytoolkitV1GetOobCodeResponse> getOobCode(
     auth1.GoogleCloudIdentitytoolkitV1GetOobCodeRequest request,
   ) {
@@ -305,65 +308,7 @@ class AuthHttpClient {
     });
   }
 
-  Future<R> _run<R>(Future<R> Function(googleapis_auth.AuthClient client) fn) {
-    return _authGuard(() async {
-      // Use the cached client (created once based on emulator configuration)
-      final client = await _client;
-      return fn(client);
-    });
-  }
-
-  Future<R> v1<R>(
-    Future<R> Function(auth1.IdentityToolkitApi client, String projectId) fn,
-  ) async {
-    // TODO(demolaf): this can move into _run instead
-    final client = await this.client;
-    final projectId = await client.getProjectId(
-      projectIdOverride: app.options.projectId,
-      environment: Zone.current[envSymbol] as Map<String, String>?,
-    );
-    return _run(
-      (client) => fn(
-        auth1.IdentityToolkitApi(client, rootUrl: _authApiHost.toString()),
-        projectId,
-      ),
-    );
-  }
-
-  Future<R> v2<R>(
-    Future<R> Function(auth2.IdentityToolkitApi client, String projectId) fn,
-  ) async {
-    final client = await this.client;
-    final projectId = await client.getProjectId(
-      projectIdOverride: app.options.projectId,
-      environment: Zone.current[envSymbol] as Map<String, String>?,
-    );
-    return _run(
-      (client) => fn(
-        auth2.IdentityToolkitApi(client, rootUrl: _authApiHost.toString()),
-        projectId,
-      ),
-    );
-  }
-
-  Future<R> v3<R>(
-    Future<R> Function(auth3.IdentityToolkitApi client, String projectId) fn,
-  ) async {
-    final client = await this.client;
-    final projectId = await client.getProjectId(
-      projectIdOverride: app.options.projectId,
-      environment: Zone.current[envSymbol] as Map<String, String>?,
-    );
-    return _run(
-      (client) => fn(
-        auth3.IdentityToolkitApi(client, rootUrl: _authApiHost.toString()),
-        projectId,
-      ),
-    );
-  }
-
   // Tenant management methods
-
   Future<auth2.GoogleCloudIdentitytoolkitAdminV2Tenant> getTenant(
     String tenantId,
   ) {
@@ -376,7 +321,7 @@ class AuthHttpClient {
       }
 
       final response = await client.projects.tenants.get(
-        'projects/$projectId/tenants/$tenantId',
+        buildTenantParent(projectId, tenantId),
       );
 
       if (response.name == null || response.name!.isEmpty) {
@@ -394,7 +339,7 @@ class AuthHttpClient {
   listTenants({required int maxResults, String? pageToken}) {
     return v2((client, projectId) async {
       final response = await client.projects.tenants.list(
-        'projects/$projectId',
+        buildParent(projectId),
         pageSize: maxResults,
         pageToken: pageToken,
       );
@@ -413,7 +358,7 @@ class AuthHttpClient {
       }
 
       return client.projects.tenants.delete(
-        'projects/$projectId/tenants/$tenantId',
+        buildTenantParent(projectId, tenantId),
       );
     });
   }
@@ -424,7 +369,7 @@ class AuthHttpClient {
     return v2((client, projectId) async {
       final response = await client.projects.tenants.create(
         request,
-        'projects/$projectId',
+        buildParent(projectId),
       );
 
       if (response.name == null || response.name!.isEmpty) {
@@ -450,7 +395,7 @@ class AuthHttpClient {
         );
       }
 
-      final name = 'projects/$projectId/tenants/$tenantId';
+      final name = buildTenantParent(projectId, tenantId);
       final updateMask = request.toJson().keys.join(',');
 
       final response = await client.projects.tenants.patch(
@@ -469,6 +414,47 @@ class AuthHttpClient {
       return response;
     });
   }
+
+  Future<R> _run<R>(
+    Future<R> Function(googleapis_auth.AuthClient client, String projectId) fn,
+  ) {
+    return _authGuard(() async {
+      // Use the cached client (created once based on emulator configuration)
+      final client = await _client;
+      final projectId = await client.getProjectId(
+        projectIdOverride: app.options.projectId,
+        environment: Zone.current[envSymbol] as Map<String, String>?,
+      );
+      return fn(client, projectId);
+    });
+  }
+
+  Future<R> v1<R>(
+    Future<R> Function(auth1.IdentityToolkitApi client, String projectId) fn,
+  ) => _run(
+    (client, projectId) => fn(
+      auth1.IdentityToolkitApi(client, rootUrl: _authApiHost.toString()),
+      projectId,
+    ),
+  );
+
+  Future<R> v2<R>(
+    Future<R> Function(auth2.IdentityToolkitApi client, String projectId) fn,
+  ) => _run(
+    (client, projectId) => fn(
+      auth2.IdentityToolkitApi(client, rootUrl: _authApiHost.toString()),
+      projectId,
+    ),
+  );
+
+  Future<R> v3<R>(
+    Future<R> Function(auth3.IdentityToolkitApi client, String projectId) fn,
+  ) => _run(
+    (client, projectId) => fn(
+      auth3.IdentityToolkitApi(client, rootUrl: _authApiHost.toString()),
+      projectId,
+    ),
+  );
 }
 
 /// Tenant-aware HTTP client that builds tenant-specific resource paths.

packages/dart_firebase_admin/lib/src/auth/auth_http_client.dart

@@ -119,7 +119,11 @@ Never _handleException(Object exception, StackTrace stackTrace) {
 class FirebaseFirestoreAdminException extends FirebaseAdminException
     implements Exception {
   FirebaseFirestoreAdminException(this.errorCode, [String? message])
-    : super('firestore', errorCode.code, message ?? errorCode.message);
+    : super(
+        FirebaseServiceType.firestore.name,
+        errorCode.code,
+        message ?? errorCode.message,
+      );
 
   @internal
   factory FirebaseFirestoreAdminException.fromServerError({

packages/dart_firebase_admin/lib/src/google_cloud_firestore/firestore_exception.dart

@@ -50,11 +50,16 @@ class FirestoreHttpClient {
   }
 
   Future<R> _run<R>(
-    Future<R> Function(googleapis_auth.AuthClient client) fn,
+    Future<R> Function(googleapis_auth.AuthClient client, String projectId) fn,
   ) async {
     // Use the cached client (created once based on emulator configuration)
     final client = await _client;
-    return _firestoreGuard(() => fn(client));
+    final projectId = await client.getProjectId(
+      projectIdOverride: app.options.projectId,
+      environment: Zone.current[envSymbol] as Map<String, String>?,
+    );
+    _cachedProjectId = projectId;
+    return _firestoreGuard(() => fn(client, projectId));
   }
 
   /// Executes a Firestore v1 API operation with automatic projectId injection.
@@ -63,18 +68,10 @@ class FirestoreHttpClient {
   /// all subsequent operations. This matches the Auth service pattern.
   Future<R> v1<R>(
     Future<R> Function(firestore1.FirestoreApi client, String projectId) fn,
-  ) async {
-    final client = await _client;
-    final projectId = await client.getProjectId(
-      projectIdOverride: app.options.projectId,
-      environment: Zone.current[envSymbol] as Map<String, String>?,
-    );
-    _cachedProjectId = projectId;
-    return _run(
-      (client) => fn(
-        firestore1.FirestoreApi(client, rootUrl: _firestoreApiHost.toString()),
-        projectId,
-      ),
-    );
-  }
+  ) => _run(
+    (client, projectId) => fn(
+      firestore1.FirestoreApi(client, rootUrl: _firestoreApiHost.toString()),
+      projectId,
+    ),
+  );
 }

packages/dart_firebase_admin/lib/src/google_cloud_firestore/firestore_http_client.dart

@@ -56,7 +56,11 @@ const messagingServerToClientCode = {
 class FirebaseMessagingAdminException extends FirebaseAdminException
     implements Exception {
   FirebaseMessagingAdminException(this.errorCode, [String? message])
-    : super('messaging', errorCode.code, message ?? errorCode.message);
+    : super(
+        FirebaseServiceType.messaging.name,
+        errorCode.code,
+        message ?? errorCode.message,
+      );
 
   @internal
   factory FirebaseMessagingAdminException.fromServerError({