Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(app-check): Replay Protection #7424

Merged
merged 8 commits into from
Nov 28, 2023
Merged

feat(app-check): Replay Protection #7424

merged 8 commits into from
Nov 28, 2023

Conversation

apetta
Copy link
Contributor

@apetta apetta commented Oct 26, 2023

Description

This PR adds the Replay Protection feature for App Check, where it provides a consumable token for single-use server calls.

Related issues

#7394

Release Summary

  • Introduces Replay Protection feature for App Check
  • getLimitedUseToken Provides single-use tokens for enhanced security on the server.

Checklist

  • I read the Contributor Guide and followed the process outlined there for submitting PRs.
    • Yes
  • My change supports the following platforms;
    • Android
    • iOS
  • My change includes tests;
    • e2e tests added or updated in packages/\*\*/e2e
    • jest tests added or updated in packages/\*\*/__tests__
  • I have updated TypeScript types that are affected by my change.
  • This is a breaking change;
    • Yes
    • No

Test Plan

Tested in a private repo with the emulator.

@vercel
Copy link

vercel bot commented Oct 26, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
react-native-firebase ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 27, 2023 8:20pm
react-native-firebase-next ❌ Failed (Inspect) Nov 27, 2023 8:20pm

@CLAassistant
Copy link

CLAassistant commented Oct 26, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

mikehardy
mikehardy requested changes Nov 2, 2023
View reviewed changes
Copy link
Collaborator

@mikehardy mikehardy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!
I think there should be entries in the index.d.ts files so that they are available in typescript?
Also, I think it should be possible to add an entry for this in the e2e test suite for app-check, that way we can see in CI that the methods really are working + not crashing (also, they will help you determine locally that they are working before pushing to the PR branch - best practice is to add an e2e test and put .only on it so when you run the suite locally it is super fast to run it + iterate on code changes

@apetta
Copy link
Contributor Author

apetta commented Nov 18, 2023

Thanks!

I remember I couldn't get the project installed locally last time I tried, so I had to skip the tests. Will try and look at this again soon

@mikehardy mikehardy added the Workflow: Waiting for User Response Blocked waiting for user response. label Nov 18, 2023
apetta and others added 3 commits November 27, 2023 11:43
@apetta @mikehardy
adding getLimitedUseToken function
fcce428
@apetta @mikehardy
feat(app-check): Replay Protection
83ad674
@mikehardy
chore(app-check): delete unused file
3389958 
this was a vestige of original implementation plan for
the iOS custom app check provider, unused in the end
@mikehardy mikehardy mentioned this pull request Nov 27, 2023
Closed
@mikehardy
Copy link
Collaborator

When I took this one and attempted to add tests to it, it hung on iOS - need to investigate why but I suspect it has something to do with not being able to proxy to the currently configured provider from our custom provider, and calling the API directly on the FIRAppCheck.

It appears this new API isn't implemented on the Provider interfaces unlike getToken, for some reason, and I've got an API shape question out upstream to see if I can understand it better firebase/firebase-ios-sdk#11284 (comment)

@mikehardy
Copy link
Collaborator

worked through my iOS question with more investigation, made iOS implementation proxy to current delegate
added e2e test and it works locally now for iOS and android (which delegates to current provider w/out proxy)
added typescript API definition,
formatted,
rebased to main,
re-pushed

should be good to go assuming CI goes ✅

@mikehardy mikehardy force-pushed the feature/app-check-replay-protection branch from 8381e85 to 21e872d Compare November 27, 2023 20:16
@apetta
Copy link
Contributor Author

apetta commented Nov 27, 2023

Thank you so much!!

@mikehardy
Copy link
Collaborator

I pushed those changes at the same time github suffered an outage. Just closing / reopening to kick off the CI jobs that should have run

@mikehardy mikehardy closed this Nov 28, 2023
@mikehardy mikehardy reopened this Nov 28, 2023
@mikehardy mikehardy added Workflow: Pending Merge Waiting on CI or similar and removed Workflow: Waiting for User Response Blocked waiting for user response. labels Nov 28, 2023
@mikehardy mikehardy merged commit c6cd505 into invertase:main Nov 28, 2023
12 of 14 checks passed
@mikehardy mikehardy removed the Workflow: Pending Merge Waiting on CI or similar label Nov 28, 2023
@mikehardy mikehardy mentioned this pull request Apr 3, 2024
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikehardy mikehardy mikehardy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@apetta @CLAassistant @mikehardy