Skip to content

AppCheck integration with Firestore #3027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 13, 2021
Merged

AppCheck integration with Firestore #3027

merged 5 commits into from
Oct 13, 2021

Conversation

ehsannas
Copy link
Contributor

@ehsannas ehsannas commented Oct 5, 2021

No description provided.

@google-cla google-cla bot added the cla: yes Override cla label Oct 5, 2021
@google-oss-bot
Copy link
Contributor

google-oss-bot commented Oct 5, 2021
edited
Loading

Coverage Report

Affected SDKs

  • firebase-firestore

    SDK overall coverage changed from 43.55% (0f2e98a) to 43.63% (20463279) by +0.08%.

    Filename Base (0f2e98a) Head (20463279) Diff
    FirebaseAppCheckTokenProvider.java ? 93.75% ?
    FirebaseFirestore.java 37.87% 38.60% +0.73%
    FirestoreCallCredentials.java 19.23% 18.60% -0.63%
    FirestoreChannel.java 14.29% 14.91% +0.63%
    FirestoreClient.java 29.01% 30.37% +1.36%
    PatchMutation.java 98.39% 100.00% +1.61%
    SetMutation.java 94.29% 97.14% +2.86%

Test Logs

Notes

HTML coverage reports can be produced locally with ./gradlew <product>:checkCoverage.
Report files are located at <product-build-dir>/reports/jacoco/.

Head commit (20463279) is created by Prow via merging commits: 0f2e98a 7c942dc.

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Oct 5, 2021
edited
Loading

Binary Size Report

Affected SDKs

  • firebase-firestore

    Type Base (0f2e98a) Head (20463279) Diff
    aar 1.20 MB 1.21 MB +3.86 kB (+0.3%)
    apk (aggressive) 443 kB 443 kB +44 B (+0.0%)
    apk (release) 3.24 MB 3.25 MB +7.74 kB (+0.2%)

Test Logs

Notes

Head commit (20463279) is created by Prow via merging commits: 0f2e98a 7c942dc.

@ehsannas ehsannas mentioned this pull request Oct 5, 2021
Closed
@ehsannas
Copy link
Contributor Author

ehsannas commented Oct 5, 2021

@google-oss-bot /retest

@ehsannas
Copy link
Contributor Author

ehsannas commented Oct 5, 2021

/retest

@ehsannas ehsannas force-pushed the ehsann/firestore-appcheck-3 branch from 1bf108a to fbc0307 Compare October 10, 2021 04:41
@ehsannas ehsannas force-pushed the ehsann/firestore-appcheck-3 branch from 8e97db4 to ab128a5 Compare October 11, 2021 15:39
@ehsannas ehsannas force-pushed the ehsann/firestore-appcheck-3 branch from ab128a5 to 19b7e93 Compare October 11, 2021 15:48
schmidt-sebastian
schmidt-sebastian reviewed Oct 11, 2021
View reviewed changes
...irestore/src/main/java/com/google/firebase/firestore/auth/FirebaseAppCheckTokenProvider.java Outdated
/** Creates a new FirebaseAppCheckTokenProvider. */
@SuppressLint("ProviderAssignment") // TODO: Remove this @SuppressLint once b/181014061 is fixed.
public FirebaseAppCheckTokenProvider(
Provider<InternalAppCheckTokenProvider> appCheckTokenProvider) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you still want to use Deferred here to match auth. The one simplification we can make is that when getToken is called we can synchronously check whether the AppCheckProvider is already available.

@schmidt-sebastian
Copy link
Contributor

/test smoke-tests

schmidt-sebastian
schmidt-sebastian reviewed Oct 12, 2021
View reviewed changes
...irestore/src/main/java/com/google/firebase/firestore/auth/FirebaseAppCheckTokenProvider.java
@SuppressLint("ProviderAssignment") // TODO: Remove this @SuppressLint once b/181014061 is fixed.
public FirebaseAppCheckTokenProvider(
Deferred<InternalAppCheckTokenProvider> deferredAppCheckTokenProvider) {
deferredAppCheckTokenProvider.whenAvailable(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vkryachko Can you double check this initialization and the getToken() call?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll land this PR and address any concerns in a follow up PR. I'd appreciate your feedback.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall lgtm. one thing to check is whether calling addAppCheckTokenListener could actually end up calling the tokenListener and whether the tokenListener could be expensive, the reason I bring this up is because whenAvailable() runs on the UI thread so we should be careful executing anything expensive inside whenAvailable

@ehsannas ehsannas merged commit ff414cb into master Oct 13, 2021
@ehsannas ehsannas deleted the ehsann/firestore-appcheck-3 branch October 13, 2021 02:04
vkryachko
vkryachko reviewed Oct 13, 2021
View reviewed changes
firebase-firestore/src/main/java/com/google/firebase/firestore/FirebaseFirestore.java
@@ -85,7 +88,8 @@
// databaseId itself that needs locking; it just saves us creating a separate lock object.
private final DatabaseId databaseId;
private final String persistenceKey;
private final CredentialsProvider credentialsProvider;
private final CredentialsProvider<User> authProvider;
private final CredentialsProvider<String> appCheckProvider;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional nit: I like the type-safety of CredentialsProvider, where as CredentialsProvider<String> can be any string not related to app check. Consider making it a CredentialsProvider<AppCheckToken> for increase type-safety

@firebase firebase locked and limited conversation to collaborators Nov 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vkryachko vkryachko vkryachko left review comments

@schmidt-sebastian schmidt-sebastian schmidt-sebastian approved these changes

Assignees

@ehsannas ehsannas

Labels
cla: yes Override cla size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ehsannas @google-oss-bot @schmidt-sebastian @vkryachko