feat(app-check): implement AppCheck module

Author: mikehardy

docs/analytics/screen-tracking.md

@@ -2,7 +2,7 @@
 title: Screen Tracking
 description: Setup Firebase Analytics to track your in-app screen flow.
 previous: /analytics/usage
-next: /
+next: /app-check/usage
 ---
 
 Standard React Native applications run inside a single `Activity`/`ViewController`, meaning any screen changes won't be

docs/app-check/usage/usage.md

@@ -0,0 +1,78 @@
+---
+title: AppCheck
+description: Installation and getting started with AppCheck.
+icon: //static.invertase.io/assets/social/firebase-logo.png
+next: /auth/usage
+previous: /analytics/screen-tracking
+---
+
+# Installation
+
+This module requires that the `@react-native-firebase/app` module is already setup and installed. To install the "app"
+module, view the [Getting Started](/) documentation.
+
+```bash
+# Install & setup the app module
+yarn add @react-native-firebase/app
+
+# Install the app-check module
+yarn add @react-native-firebase/app-check
+
+# If you're developing your app using iOS, run this command
+cd ios/ && pod install
+```
+
+AppCheck requires you set the minimum iOS Deployment version in `ios/Podfile` to `11.0` or greater.
+
+# What does it do
+
+App Check works alongside other Firebase services to help protect your backend resources from abuse, such as billing fraud or phishing. With App Check, devices running your app will use an app or device attestation provider that attests to one or both of the following:
+
+- Requests originate from your authentic app
+- Requests originate from an authentic, untampered device
+
+This attestation is attached to every request your app makes to your Firebase backend resources.
+
+<Youtube id="Fjj4fmr2t04" />
+
+This App Check module has built-in support for using the following services as attestation providers:
+
+- DeviceCheck on iOS
+- SafetyNet on Android
+
+App Check currently works with the following Firebase products:
+
+- Realtime Database
+- Cloud Storage
+- Cloud Functions (callable functions)
+
+The [official Firebase AppCheck documentation](https://firebase.google.com/docs/app-check) has more information, including about the iOS AppAttest provider, and testing/ CI integration, it is worth a read.
+
+# Usage
+
+## Activate
+
+On iOS if you include the AppCheck package, it is activated by default. The only configuration possible is the token auto refresh. When you call activate, the provider (DeviceCheck by default) stays the same but the token auto refresh setting will be changed based on the argument provided.
+
+On Android, AppCheck is not activated until you call the activate method. The provider is not configurable here either but if your app is "debuggable", then the Debug app check provider will be installed, otherwise the SafetyNet provider will be installed.
+
+You must call activate prior to calling any firebase back-end services for AppCheck to function.
+
+## Automatic Data Collection
+
+AppCheck has an "tokenAutoRefreshEnabled" setting. This may cause AppCheck to attempt a remote AppCheck token fetch prior to user consent. In certain scenarios, like those that exist in GDPR-compliant apps running for the first time, this may be unwanted.
+
+If unset, the "tokenAutoRefreshEnabled" setting will defer to the app's "automatic data collection" setting, which may be set in the Info.plist or AndroidManifest.xml
+
+## Using AppCheck tokens for non-firebase services
+
+The [official documentation](https://firebase.google.com/docs/app-check/web/custom-resource) shows how to use `getToken` to access the current AppCheck token and then verify it in external services.
+
+## Testing Environments / CI
+
+AppCheck may be used in CI environments by following the upstream documentation to configure a debug token shared with your app in the CI environment.
+
+In certain react-native testing scenarios it may be difficult to access the shared secret, but the react-native-firebase testing app for e2e testing does successfully fetch AppCheck tokens via:
+
+- including the AppCheck debug test helper in the test app, along with a change to `DetoxTest` for Android
+- by setting an environment variable and initializing the debug provider before firebase configre in `AppDelegate.m` for iOS.

docs/app/usage.md

@@ -21,6 +21,7 @@ for manually initializing secondary Firebase app instances.
 
 Currently, the native Firebase SDKs only provide functionality for creating secondary apps on the following services:
 
+- [AppCheck](/app-check/usage).
 - [Authentication](/auth/usage).
 - [Realtime Database](/database/usage).
 - [Cloud Firestore](/firestore/usage).

docs/auth/usage/index.md

@@ -3,7 +3,7 @@ title: Authentication
 description: Installation and getting started with Authentication.
 icon: //static.invertase.io/assets/firebase/authentication.svg
 next: /auth/social-auth
-previous: /analytics/screen-tracking
+previous: /app-check/usage
 ---
 
 # Installation

docs/sidebar.yaml

@@ -23,6 +23,10 @@
     - - Building an Analytics Funnel
       - 'https://blog.theodo.com/2018/01/building-google-analytics-funnel-firebase-react-native'
   - '//static.invertase.io/assets/firebase/analytics.svg'
+- - AppCheck
+  - - - Usage
+      - '/app-check/usage'
+  - '//static.invertase.io/assets/social/firebase-logo.png'
 - - Authentication
   - - - Usage
       - '/auth/usage'

package.json

@@ -34,11 +34,11 @@
     "tests:android:test:jacoco-report": "cd tests/android && ./gradlew jacocoAndroidTestReport",
     "tests:ios:build": "cd tests && ./node_modules/.bin/detox build --configuration ios.sim.debug",
     "tests:ios:build-release": "cd tests && ./node_modules/.bin/detox build --configuration ios.sim.release",
-    "tests:ios:test": "cd tests && ./node_modules/.bin/detox test --configuration ios.sim.debug --loglevel warn",
-    "tests:ios:test:debug": "cd tests && ./node_modules/.bin/detox test --configuration ios.sim.debug --loglevel warn --inspect",
-    "tests:ios:test-reuse": "cd tests && ./node_modules/.bin/detox test --configuration ios.sim.debug --reuse --loglevel warn",
-    "tests:ios:test-cover": "cd tests && ./node_modules/.bin/nyc ./node_modules/.bin/detox test --configuration ios.sim.debug --loglevel warn",
-    "tests:ios:test-cover-reuse": "cd tests && node_modules/.bin/nyc ./node_modules/.bin/detox test --configuration ios.sim.debug --reuse --loglevel warn",
+    "tests:ios:test": "cd tests && SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF ./node_modules/.bin/detox test --configuration ios.sim.debug --loglevel warn",
+    "tests:ios:test:debug": "cd tests && SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF ./node_modules/.bin/detox test --configuration ios.sim.debug --loglevel warn --inspect",
+    "tests:ios:test-reuse": "cd tests && SIMCTL_CHILD_FIRAAppCheckDebugToken=\"698956B2-187B-49C6-9E25-C3F3530EEBAF\" ./node_modules/.bin/detox test --configuration ios.sim.debug --reuse --loglevel warn",
+    "tests:ios:test-cover": "cd tests && SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF ./node_modules/.bin/nyc ./node_modules/.bin/detox test --configuration ios.sim.debug --loglevel warn",
+    "tests:ios:test-cover-reuse": "cd tests && SIMCTL_CHILD_FIRAAppCheckDebugToken=698956B2-187B-49C6-9E25-C3F3530EEBAF node_modules/.bin/nyc ./node_modules/.bin/detox test --configuration ios.sim.debug --reuse --loglevel warn",
     "tests:ios:pod:install": "cd tests && cd ios && rm -rf ReactNativeFirebaseDemo.xcworkspace && rm -f Podfile.lock && pod install --repo-update && cd ..",
     "format:markdown": "prettier --write \"docs/**/*.md\""
   },

packages/app-check/.npmignore

@@ -0,0 +1,65 @@
+# Built application files
+android/*/build/
+
+# Crashlytics configuations
+android/com_crashlytics_export_strings.xml
+
+# Local configuration file (sdk path, etc)
+android/local.properties
+
+# Gradle generated files
+android/.gradle/
+
+# Signing files
+android/.signing/
+
+# User-specific configurations
+android/.idea/gradle.xml
+android/.idea/libraries/
+android/.idea/workspace.xml
+android/.idea/tasks.xml
+android/.idea/.name
+android/.idea/compiler.xml
+android/.idea/copyright/profiles_settings.xml
+android/.idea/encodings.xml
+android/.idea/misc.xml
+android/.idea/modules.xml
+android/.idea/scopes/scope_settings.xml
+android/.idea/vcs.xml
+android/*.iml
+
+# Xcode
+*.pbxuser
+*.mode1v3
+*.mode2v3
+*.perspectivev3
+*.xcuserstate
+ios/Pods
+ios/build
+*project.xcworkspace*
+*xcuserdata*
+
+# OS-specific files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.dbandroid/gradle
+android/gradlew
+android/build
+android/gradlew.bat
+android/gradle/
+
+.idea
+coverage
+yarn.lock
+e2e/
+.github
+.vscode
+.nyc_output
+android/.settings
+*.coverage.json
+.circleci
+.eslintignore

packages/app-check/LICENSE

@@ -0,0 +1,32 @@
+Apache-2.0 License
+------------------
+
+Copyright (c) 2016-present Invertase Limited <[email protected]> & Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this library except in compliance with the License.
+
+You may obtain a copy of the Apache-2.0 License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+Creative Commons Attribution 3.0 License
+----------------------------------------
+
+Copyright (c) 2016-present Invertase Limited <[email protected]> & Contributors
+
+Documentation and other instructional materials provided for this project
+(including on a separate documentation repository or it's documentation website) are
+licensed under the Creative Commons Attribution 3.0 License. Code samples/blocks
+contained therein are licensed under the Apache License, Version 2.0 (the "License"), as above.
+
+You may obtain a copy of the Creative Commons Attribution 3.0 License at
+
+    https://creativecommons.org/licenses/by/3.0/

packages/app-check/README.md

@@ -0,0 +1,55 @@
+<p align="center">
+  <a href="https://rnfirebase.io">
+    <img width="160px" src="https://i.imgur.com/JIyBtKW.png"><br/>
+  </a>
+  <h2 align="center">React Native Firebase - AppCheck</h2>
+</p>
+
+<p align="center">
+  <a href="https://api.rnfirebase.io/coverage/app-check/detail"><img src="https://api.rnfirebase.io/coverage/app-check/badge?style=flat-square" alt="Coverage"></a>
+  <a href="https://www.npmjs.com/package/@react-native-firebase/app-check"><img src="https://img.shields.io/npm/dm/@react-native-firebase/app-check.svg?style=flat-square" alt="NPM downloads"></a>
+  <a href="https://www.npmjs.com/package/@react-native-firebase/app-check"><img src="https://img.shields.io/npm/v/@react-native-firebase/app-check.svg?style=flat-square" alt="NPM version"></a>
+  <a href="/LICENSE"><img src="https://img.shields.io/npm/l/react-native-firebase.svg?style=flat-square" alt="License"></a>
+  <a href="https://lerna.js.org/"><img src="https://img.shields.io/badge/maintained%20with-lerna-cc00ff.svg?style=flat-square" alt="Maintained with Lerna"></a>
+</p>
+
+<p align="center">
+  <a href="https://invertase.link/discord"><img src="https://img.shields.io/discord/295953187817521152.svg?style=flat-square&colorA=7289da&label=Chat%20on%20Discord" alt="Chat on Discord"></a>
+  <a href="https://twitter.com/rnfirebase"><img src="https://img.shields.io/twitter/follow/rnfirebase.svg?style=flat-square&colorA=1da1f2&colorB=&label=Follow%20on%20Twitter" alt="Follow on Twitter"></a>
+  <a href="https://www.facebook.com/groups/rnfirebase"><img src="https://img.shields.io/badge/Follow%20on%20Facebook-4172B8?logo=facebook&style=flat-square&logoColor=fff" alt="Follow on Facebook"></a>
+</p>
+
+---
+
+AppCheck description.
+
+[> Learn More](https://firebase.google.com/products/app-check/)
+
+## Installation
+
+Requires `@react-native-firebase/app` to be installed.
+
+```bash
+yarn add @react-native-firebase/app-check
+```
+
+## Documentation
+
+- [Guides](#TODO)
+- [Installation](#TODO)
+- [Reference](#TODO)
+
+## License
+
+- See [LICENSE](/LICENSE)
+
+---
+
+<p>
+  <img align="left" width="75px" src="https://static.invertase.io/assets/invertase-logo-small.png">
+  <p align="left">
+    Built and maintained with 💛 by <a href="https://invertase.io">Invertase</a>.
+  </p>
+</p>
+
+---

packages/app-check/RNFBAppcheck.podspec

@@ -0,0 +1,45 @@
+require 'json'
+package = JSON.parse(File.read(File.join(__dir__, 'package.json')))
+appPackage = JSON.parse(File.read(File.join('..', 'app', 'package.json')))
+
+coreVersionDetected = appPackage['version']
+coreVersionRequired = package['peerDependencies'][appPackage['name']]
+firebase_sdk_version = appPackage['sdkVersions']['ios']['firebase']
+if coreVersionDetected != coreVersionRequired
+  Pod::UI.warn "NPM package '#{package['name']}' depends on '#{appPackage['name']}' v#{coreVersionRequired} but found v#{coreVersionDetected}, this might cause build issues or runtime crashes."
+end
+
+Pod::Spec.new do |s|
+  s.name                = "RNFBAppCheck"
+  s.version             = package["version"]
+  s.description         = package["description"]
+  s.summary             = <<-DESC
+                            A well tested feature rich Firebase implementation for React Native, supporting iOS & Android.
+                          DESC
+  s.homepage            = "http://invertase.io/oss/react-native-firebase"
+  s.license             = package['license']
+  s.authors             = "Invertase Limited"
+  s.source              = { :git => "https://github.com/invertase/react-native-firebase.git", :tag => "v#{s.version}" }
+  s.social_media_url    = 'http://twitter.com/invertaseio'
+  s.ios.deployment_target = "11.0"
+  s.source_files        = 'ios/**/*.{h,m}'
+
+  # React Native dependencies
+  s.dependency          'React-Core'
+  s.dependency          'RNFBApp'
+
+  if defined?($FirebaseSDKVersion)
+    Pod::UI.puts "#{s.name}: Using user specified Firebase SDK version '#{$FirebaseSDKVersion}'"
+    firebase_sdk_version = $FirebaseSDKVersion
+  end
+
+  # Firebase dependencies
+  s.dependency          'Firebase/AppCheck', firebase_sdk_version
+
+  if defined?($RNFirebaseAsStaticFramework)
+    Pod::UI.puts "#{s.name}: Using overridden static_framework value of '#{$RNFirebaseAsStaticFramework}'"
+    s.static_framework = $RNFirebaseAsStaticFramework
+  else
+    s.static_framework = false
+  end
+end

packages/app-check/__tests__/appcheck.test.ts

@@ -0,0 +1,21 @@
+import { firebase } from '../lib';
+
+describe('appCheck()', function () {
+  describe('namespace', function () {
+    it('accessible from firebase.app()', function () {
+      const app = firebase.app();
+      expect(app.appCheck).toBeDefined();
+      expect(app.appCheck().app).toEqual(app);
+    });
+
+    it('supports multiple apps', async function () {
+      expect(firebase.appCheck().app.name).toEqual('[DEFAULT]');
+      expect(firebase.appCheck(firebase.app('secondaryFromNative')).app.name).toEqual(
+        'secondaryFromNative',
+      );
+      expect(firebase.app('secondaryFromNative').appCheck().app.name).toEqual(
+        'secondaryFromNative',
+      );
+    });
+  });
+});

packages/app-check/android/.editorconfig

@@ -0,0 +1,10 @@
+# editorconfig
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true