Skip to content

Add support for App Check replay protection in callable functions#7296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
May 15, 2023
Merged

Add support for App Check replay protection in callable functions #7296

merged 7 commits into from
May 15, 2023

Conversation

avolkovi
Copy link
Contributor

@avolkoviavolkovi commented May 12, 2023
edited
Loading

Hey there! So you want to contribute to a Firebase SDK?
Before you file this pull request, please read these guidelines:

Discussion

  • Read the contribution guidelines (CONTRIBUTING.md).
  • If this has been discussed in an issue, make sure to link to the issue here.
    If not, go file an issue about this before creating a pull request to discuss.

Testing

  • Make sure all existing tests in the repository pass after your change.
  • If you fixed a bug or added a feature, add a new test to cover your code.

API Changes

internal API proposal: go/fac-1-use-callable-sdk

@avolkoviavolkovi requested review from hsubox76, a team and dwyfrequency as code ownersMay 12, 2023 16:47
@changeset-bot
Copy link

changeset-botbot commented May 12, 2023
edited
Loading

🦋 Changeset detected

Latest commit: 2ca507c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
NameType
@firebase/app-check-interop-typesMinor
@firebase/app-checkMinor
@firebase/functionsMinor
@firebase/app-check-compatPatch
firebasePatch
@firebase/functions-compatPatch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@avolkoviavolkoviforce-pushed the avolkovi-fac-functions branch from b765a5d to f0119d6CompareMay 12, 2023 16:50
hsubox76
hsubox76 reviewed May 12, 2023
View reviewed changes
Copy link
Contributor

@hsubox76hsubox76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LG, one suggestion to streamline the test.

For the PR process:

  • This will need a changeset (yarn changeset will automatically help you add the packages (should be patch for app-check and minor for functions) but you'll also need to add 'firebase': minor manually beneath those.
  • This will make a docs change, you'll need to run yarn docgen devsite and check in chagnes to the docs-devsite dir and have them reviewed by the appropriate tech writer for App Check which I think is @kevinthecheung
@google-oss-bot
Copy link
Contributor

google-oss-bot commented May 12, 2023
edited
Loading

Size Report 1

Affected Products

  • @firebase/app-check

    TypeBase (a9da1b7)Merge (84629f5)Diff
    browser26.2 kB26.2 kB+54 B (+0.2%)
    esm531.4 kB31.5 kB+69 B (+0.2%)
    main32.6 kB32.7 kB+69 B (+0.2%)
    module26.2 kB26.2 kB+54 B (+0.2%)

  • @firebase/functions

    TypeBase (a9da1b7)Merge (84629f5)Diff
    browser9.55 kB9.72 kB+170 B (+1.8%)
    esm511.8 kB12.1 kB+256 B (+2.2%)
    main12.6 kB12.9 kB+256 B (+2.0%)
    module9.55 kB9.72 kB+170 B (+1.8%)

  • bundle

    TypeBase (a9da1b7)Merge (84629f5)Diff
    app-check (CustomProvider)36.3 kB36.6 kB+254 B (+0.7%)
    app-check (ReCaptchaEnterpriseProvider)38.8 kB39.1 kB+254 B (+0.7%)
    app-check (ReCaptchaV3Provider)38.8 kB39.1 kB+254 B (+0.7%)
    functions (call)31.1 kB31.2 kB+72 B (+0.2%)

  • firebase

    TypeBase (a9da1b7)Merge (84629f5)Diff
    firebase-app-check-compat.js23.1 kB23.3 kB+246 B (+1.1%)
    firebase-app-check.js22.1 kB22.1 kB+34 B (+0.2%)
    firebase-compat.js773 kB773 kB+321 B (+0.0%)
    firebase-functions-compat.js8.12 kB8.19 kB+72 B (+0.9%)
    firebase-functions.js11.0 kB11.0 kB+72 B (+0.7%)

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/1DHis6URo1.html
@google-oss-bot
Copy link
Contributor

google-oss-bot commented May 12, 2023
edited
Loading

Size Analysis Report 1

Affected Products

  • @firebase/app-check

    • CustomProvider

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size7.51 kB7.65 kB+142 B (+1.9%)
      size-with-ext-deps25.2 kB25.4 kB+146 B (+0.6%)

      Dependency

      TypeBase (a9da1b7)Merge (84629f5)Diff
      functions

      20 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getStateReference getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners registerAppCheck removeTokenListener sleep write writeTokenToIndexedDB writeTokenToStorage

      21 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getLimitedUseToken$1 getStateReference getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners registerAppCheck removeTokenListener sleep write writeTokenToIndexedDB writeTokenToStorage

      + getLimitedUseToken$1

    • ReCaptchaEnterpriseProvider

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size11.2 kB11.3 kB+144 B (+1.3%)
      size-with-ext-deps28.8 kB28.9 kB+146 B (+0.5%)

      Dependency

      TypeBase (a9da1b7)Merge (84629f5)Diff
      functions

      33 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated exchangeToken factory formatDummyToken getDBPromise getDurationString getExchangeRecaptchaEnterpriseTokenRequest getRecaptcha getStateReference getToken$1 getToken$2 initTokenRefresher initializeEnterprise internalFactory isValid loadReCAPTCHAEnterpriseScript makeDiv makeDummyTokenResult notifyTokenListeners pad queueWidgetRender registerAppCheck removeTokenListener renderInvisibleWidget setBackoff sleep throwIfThrottled write writeTokenToIndexedDB writeTokenToStorage

      34 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated exchangeToken factory formatDummyToken getDBPromise getDurationString getExchangeRecaptchaEnterpriseTokenRequest getLimitedUseToken$1 getRecaptcha getStateReference getToken$1 getToken$2 initTokenRefresher initializeEnterprise internalFactory isValid loadReCAPTCHAEnterpriseScript makeDiv makeDummyTokenResult notifyTokenListeners pad queueWidgetRender registerAppCheck removeTokenListener renderInvisibleWidget setBackoff sleep throwIfThrottled write writeTokenToIndexedDB writeTokenToStorage

      + getLimitedUseToken$1

    • ReCaptchaV3Provider

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size11.2 kB11.3 kB+144 B (+1.3%)
      size-with-ext-deps28.7 kB28.9 kB+146 B (+0.5%)

      Dependency

      TypeBase (a9da1b7)Merge (84629f5)Diff
      functions

      33 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated exchangeToken factory formatDummyToken getDBPromise getDurationString getExchangeRecaptchaV3TokenRequest getRecaptcha getStateReference getToken$1 getToken$2 initTokenRefresher initializeV3 internalFactory isValid loadReCAPTCHAV3Script makeDiv makeDummyTokenResult notifyTokenListeners pad queueWidgetRender registerAppCheck removeTokenListener renderInvisibleWidget setBackoff sleep throwIfThrottled write writeTokenToIndexedDB writeTokenToStorage

      34 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated exchangeToken factory formatDummyToken getDBPromise getDurationString getExchangeRecaptchaV3TokenRequest getLimitedUseToken$1 getRecaptcha getStateReference getToken$1 getToken$2 initTokenRefresher initializeV3 internalFactory isValid loadReCAPTCHAV3Script makeDiv makeDummyTokenResult notifyTokenListeners pad queueWidgetRender registerAppCheck removeTokenListener renderInvisibleWidget setBackoff sleep throwIfThrottled write writeTokenToIndexedDB writeTokenToStorage

      + getLimitedUseToken$1

    • getLimitedUseToken

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size7.19 kB7.22 kB+28 B (+0.4%)
      size-with-ext-deps24.5 kB24.5 kB+29 B (+0.1%)

    • getToken

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size7.13 kB7.28 kB+142 B (+2.0%)
      size-with-ext-deps24.4 kB24.5 kB+146 B (+0.6%)

      Dependency

      TypeBase (a9da1b7)Merge (84629f5)Diff
      functions

      21 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getStateReference getToken getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners registerAppCheck removeTokenListener sleep write writeTokenToIndexedDB writeTokenToStorage

      22 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getLimitedUseToken$1 getStateReference getToken getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners registerAppCheck removeTokenListener sleep write writeTokenToIndexedDB writeTokenToStorage

      + getLimitedUseToken$1

    • initializeAppCheck

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size10.9 kB11.1 kB+249 B (+2.3%)
      size-with-ext-deps35.3 kB35.6 kB+254 B (+0.7%)

      Dependency

      TypeBase (a9da1b7)Merge (84629f5)Diff
      functions

      35 dependencies

      _activate addTokenListener computeKey createTokenRefresher ensureActivated exchangeToken factory formatDummyToken getDBPromise getDebugState getDebugToken getExchangeDebugTokenRequest getStateReference getToken$2 initTokenRefresher initializeAppCheck initializeDebugMode internalFactory isDebugMode isValid makeDummyTokenResult notifyTokenListeners read readDebugTokenFromIndexedDB readOrCreateDebugTokenFromStorage readTokenFromIndexedDB readTokenFromStorage registerAppCheck removeTokenListener setInitialState sleep write writeDebugTokenToIndexedDB writeTokenToIndexedDB writeTokenToStorage

      36 dependencies

      _activate addTokenListener computeKey createTokenRefresher ensureActivated exchangeToken factory formatDummyToken getDBPromise getDebugState getDebugToken getExchangeDebugTokenRequest getLimitedUseToken$1 getStateReference getToken$2 initTokenRefresher initializeAppCheck initializeDebugMode internalFactory isDebugMode isValid makeDummyTokenResult notifyTokenListeners read readDebugTokenFromIndexedDB readOrCreateDebugTokenFromStorage readTokenFromIndexedDB readTokenFromStorage registerAppCheck removeTokenListener setInitialState sleep write writeDebugTokenToIndexedDB writeTokenToIndexedDB writeTokenToStorage

      + getLimitedUseToken$1

    • onTokenChanged

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size7.23 kB7.37 kB+142 B (+2.0%)
      size-with-ext-deps24.5 kB24.6 kB+146 B (+0.6%)

      Dependency

      TypeBase (a9da1b7)Merge (84629f5)Diff
      functions

      21 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getStateReference getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners onTokenChanged registerAppCheck removeTokenListener sleep write writeTokenToIndexedDB writeTokenToStorage

      22 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getLimitedUseToken$1 getStateReference getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners onTokenChanged registerAppCheck removeTokenListener sleep write writeTokenToIndexedDB writeTokenToStorage

      + getLimitedUseToken$1

    • setTokenAutoRefreshEnabled

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size7.22 kB7.37 kB+142 B (+2.0%)
      size-with-ext-deps24.5 kB24.6 kB+146 B (+0.6%)

      Dependency

      TypeBase (a9da1b7)Merge (84629f5)Diff
      functions

      21 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getStateReference getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners registerAppCheck removeTokenListener setTokenAutoRefreshEnabled sleep write writeTokenToIndexedDB writeTokenToStorage

      22 dependencies

      addTokenListener computeKey createTokenRefresher ensureActivated factory formatDummyToken getDBPromise getLimitedUseToken$1 getStateReference getToken$2 initTokenRefresher internalFactory isValid makeDummyTokenResult notifyTokenListeners registerAppCheck removeTokenListener setTokenAutoRefreshEnabled sleep write writeTokenToIndexedDB writeTokenToStorage

      + getLimitedUseToken$1

  • @firebase/functions

    • connectFunctionsEmulator

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size2.42 kB2.46 kB+46 B (+1.9%)
      size-with-ext-deps19.5 kB19.5 kB+46 B (+0.2%)

    • getFunctions

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size2.60 kB2.65 kB+46 B (+1.8%)
      size-with-ext-deps27.3 kB27.3 kB+46 B (+0.2%)

    • httpsCallable

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size6.02 kB6.09 kB+72 B (+1.2%)
      size-with-ext-deps23.1 kB23.2 kB+72 B (+0.3%)

    • httpsCallableFromURL

      Size

      TypeBase (a9da1b7)Merge (84629f5)Diff
      size5.97 kB6.04 kB+72 B (+1.2%)
      size-with-ext-deps23.0 kB23.1 kB+72 B (+0.3%)

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/qGq1PCQLa3.html
@avolkoviavolkovi requested a review from hsubox76May 12, 2023 17:49
hsubox76
hsubox76 approved these changes May 15, 2023
View reviewed changes
Copy link
Contributor

@hsubox76hsubox76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG - make sure you get tech writer review before merging.
Also can you add a description? Can just be a link to the design doc/API proposal, it's fine if it's internal, you can just say (internal doc)

kevinthecheung
kevinthecheung approved these changes May 15, 2023
View reviewed changes
@avolkovi@kevinthecheung
Doc feedback
178e420
Co-authored-by: Kevin Cheung <kevinthecheung@users.noreply.github.com>
@avolkoviavolkoviforce-pushed the avolkovi-fac-functions branch from fb6e91b to 178e420CompareMay 15, 2023 22:11
weixifan
weixifan reviewed May 15, 2023
View reviewed changes
weixifan
weixifan approved these changes May 15, 2023
View reviewed changes
@avolkoviavolkovi merged commit e12e7f5 into masterMay 15, 2023
@avolkoviavolkovi deleted the avolkovi-fac-functions branch May 15, 2023 23:25
@google-oss-botgoogle-oss-bot mentioned this pull request May 23, 2023
Merged
@firebasefirebase locked and limited conversation to collaborators Jun 15, 2023
Sign up for freeto subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
6 participants
@avolkovi@google-oss-bot@hsubox76@kevinthecheung@weixifan@ssbushi
close