- Client SDK initialized in
apps/web/src/lib/firebase.js (Auth + Firestore).
- Hosting/Functions configured in
firebase.json.
- Functions use Admin SDK (
firebase-admin) and v2 onRequest/Firestore triggers.
Hosting and SSR
- Rewrites:
/api/** → Express function api- all other routes → SSR function
nextapp (serves Next.js bundle from apps/functions)
Emulators & Local Dev
- Functions:
pnpm --filter functions serve
- Web:
pnpm --filter web dev
Security
- HTTP endpoints validate
x-api-key header against process.env.API_KEY.
- Middleware uses
firebase-token cookie for route gating.