chore(appcheck): use debug provider on debug builds

bmc08gt · bmc08gt · commit 35de15231691 · 2024-02-08T10:50:27.000-05:00
Signed-off-by: Brandon McAnsh &lt;git@bmcreations.dev&gt;
diff --git a/api/build.gradle.kts b/api/build.gradle.kts
@@ -65,6 +65,8 @@ dependencies {
 
     implementation(platform(Libs.firebase_bom))
     implementation(Libs.firebase_appcheck)
+    implementation(Libs.firebase_appcheck_debug)
+    implementation(Libs.firebase_appcheck_playintegrity)
 
     implementation(Libs.androidx_paging_runtime)
 
diff --git a/api/src/main/java/com/getcode/model/intents/IntentType.kt b/api/src/main/java/com/getcode/model/intents/IntentType.kt
@@ -49,12 +49,13 @@ abstract class IntentType {
         submitActionsBuilder.id = id.toIntentId()
         submitActionsBuilder.metadata = metadata()
         submitActionsBuilder.addAllActions(actionGroup.actions.map { it.action() })
-        submitActionsBuilder.signature = submitActionsBuilder.sign(owner)
 
         if (deviceToken != null) {
             submitActionsBuilder.setDeviceToken(deviceToken.toDeviceToken())
         }
 
+        submitActionsBuilder.signature = submitActionsBuilder.sign(owner)
+
         return TransactionService.SubmitIntentRequest.newBuilder()
             .setSubmitActions(submitActionsBuilder)
             .build()
diff --git a/api/src/main/java/com/getcode/network/appcheck/AppCheck.kt b/api/src/main/java/com/getcode/network/appcheck/AppCheck.kt
@@ -1,34 +1,59 @@
 package com.getcode.network.appcheck
 
 import com.codeinc.gen.common.v1.Model
+import com.getcode.api.BuildConfig
 import com.google.firebase.Firebase
 import com.google.firebase.appcheck.AppCheckToken
 import com.google.firebase.appcheck.AppCheckTokenResult
 import com.google.firebase.appcheck.appCheck
+import com.google.firebase.appcheck.debug.DebugAppCheckProviderFactory
+import com.google.firebase.appcheck.debug.internal.DebugAppCheckProvider
+import com.google.firebase.appcheck.playintegrity.PlayIntegrityAppCheckProviderFactory
 import io.reactivex.rxjava3.core.BackpressureStrategy
 import io.reactivex.rxjava3.core.Flowable
 import io.reactivex.rxjava3.core.Single
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.reactive.asFlow
 import timber.log.Timber
+import java.lang.Exception
 
 data class DeviceTokenResult(
     val token: AppCheckToken?
 )
 
 object AppCheck {
 
+    fun register() {
+//        if (BuildConfig.DEBUG) {
+            Firebase.appCheck.installAppCheckProviderFactory(
+                DebugAppCheckProviderFactory.getInstance()
+            )
+//        } else {
+//            Firebase.appCheck.installAppCheckProviderFactory(
+//                PlayIntegrityAppCheckProviderFactory.getInstance()
+//            )
+//        }
+    }
+
+    private fun handleAppCheckError(error: Exception): Boolean {
+        val match = "code: \\d+".toRegex().find(error.message.orEmpty())
+        val errorCode = match?.value?.removePrefix("code: ")?.toInt() ?: -1
+        Timber.e("Failed to get appcheck token: errorCode=$errorCode ${error.message}")
+
+        return errorCode == 403 // bad attestation
+                || errorCode >= 500
+    }
+
     @Deprecated("Replace with Flow variant")
     fun limitedUseTokenSingle(): Single<DeviceTokenResult> {
         return Single.create { emitter ->
             Firebase.appCheck.limitedUseAppCheckToken
-                .addOnSuccessListener { emitter.onSuccess(DeviceTokenResult(it)) }
+                .addOnSuccessListener {
+                    Timber.d("attestation passed")
+                    emitter.onSuccess(DeviceTokenResult(it))
+                }
                 .addOnFailureListener { error ->
-                    val match = "code: \\d+".toRegex().find(error.message.orEmpty())
-                    val errorCode = match?.value?.removePrefix("code: ")?.toInt() ?: -1
-                    Timber.e("Failed to get appcheck token: errorCode=$errorCode ${error.message}")
-
-                    if (errorCode >= 500) {
+                    if (!handleAppCheckError(error)) {
                         emitter.onError(error)
                         return@addOnFailureListener
                     }
@@ -44,13 +69,12 @@ object AppCheck {
     ): Flowable<DeviceTokenResult> {
         return Flowable.create({ emitter ->
             Firebase.appCheck.limitedUseAppCheckToken
-                .addOnSuccessListener { emitter.onNext(DeviceTokenResult(it)) }
+                .addOnSuccessListener {
+                    Timber.d("attestation passed")
+                    emitter.onNext(DeviceTokenResult(it))
+                }
                 .addOnFailureListener { error ->
-                    val match = "code: \\d+".toRegex().find(error.message.orEmpty())
-                    val errorCode = match?.value?.removePrefix("code: ")?.toInt() ?: -1
-                    Timber.e("Failed to get appcheck token: errorCode=$errorCode ${error.message}")
-
-                    if (errorCode >= 500) {
+                    if (!handleAppCheckError(error)) {
                         emitter.onError(error)
                         return@addOnFailureListener
                     }
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
@@ -162,7 +162,6 @@ dependencies {
 
     implementation(platform(Libs.firebase_bom))
     implementation(Libs.firebase_analytics)
-    implementation(Libs.firebase_appcheck_playintegrity)
 
     implementation(Libs.hilt_nav_compose)
     implementation(Libs.lib_phone_number_port)
diff --git a/app/src/main/java/com/getcode/App.kt b/app/src/main/java/com/getcode/App.kt
@@ -4,12 +4,10 @@ import android.app.Application
 import androidx.appcompat.app.AppCompatDelegate
 import com.bugsnag.android.Bugsnag
 import com.getcode.manager.AuthManager
+import com.getcode.network.appcheck.AppCheck
 import com.getcode.utils.ErrorUtils
 import com.getcode.view.main.bill.CashBillAssets
 import com.google.firebase.Firebase
-import com.google.firebase.app
-import com.google.firebase.appcheck.appCheck
-import com.google.firebase.appcheck.playintegrity.PlayIntegrityAppCheckProviderFactory
 import com.google.firebase.initialize
 import dagger.hilt.android.HiltAndroidApp
 import io.reactivex.rxjava3.plugins.RxJavaPlugins
@@ -29,9 +27,7 @@ class App : Application() {
         CashBillAssets.load(this)
 
         Firebase.initialize(this)
-        Firebase.appCheck.installAppCheckProviderFactory(
-            PlayIntegrityAppCheckProviderFactory.getInstance()
-        )
+        AppCheck.register()
 
         AppCompatDelegate.setDefaultNightMode(AppCompatDelegate.MODE_NIGHT_YES)
 
diff --git a/buildSrc/src/main/java/Dependencies.kt b/buildSrc/src/main/java/Dependencies.kt
@@ -176,6 +176,7 @@ object Libs {
     const val firebase_bom = "com.google.firebase:firebase-bom:${Versions.firebase_bom}"
     const val firebase_analytics = "com.google.firebase:firebase-analytics-ktx"
     const val firebase_appcheck = "com.google.firebase:firebase-appcheck-ktx"
+    const val firebase_appcheck_debug = "com.google.firebase:firebase-appcheck-debug"
     const val firebase_appcheck_playintegrity = "com.google.firebase:firebase-appcheck-playintegrity"
     const val firebase_crashlytics = "com.google.firebase:firebase-crashlytics-ktx"
     const val firebase_messaging = "com.google.firebase:firebase-messaging-ktx"
