@firebase/app-check 0.6.4 → 0.6.5-canary.0a27d2fbf

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @firebase/app-check
 
+## 0.6.5
+
+### Patch Changes
+
+- [`8c44d5863`](https://github.com/firebase/firebase-js-sdk/commit/8c44d586355ffd2d58b6841730ebdac89229954c) [#7203](https://github.com/firebase/firebase-js-sdk/pull/7203) - Catch all ReCAPTCHA errors and, if caught, prevent App Check from making a request to the exchange endpoint.
+
 ## 0.6.4
 
 ### Patch Changes

package/dist/app-check-public.d.ts

@@ -102,6 +102,23 @@ export declare interface CustomProviderOptions {
     getToken: () => Promise<AppCheckToken>;
 }
 
+/**
+ * Requests a Firebase App Check token. This method should be used
+ * only if you need to authorize requests to a non-Firebase backend.
+ *
+ * Returns limited-use tokens that are intended for use with your
+ * non-Firebase backend endpoints that are protected with
+ * <a href="https://firebase.google.com/docs/app-check/custom-resource-backend#replay-protection">
+ * Replay Protection</a>. This method
+ * does not affect the token generation behavior of the
+ * #getAppCheckToken() method.
+ *
+ * @param appCheckInstance - The App Check service instance.
+ * @returns The limited use token.
+ * @public
+ */
+export declare function getLimitedUseToken(appCheckInstance: AppCheck): Promise<AppCheckTokenResult>;
+
 /**
  * Get the current App Check token. Attaches to the most recent
  * in-flight request if one is present. Returns null if no token

package/dist/app-check.d.ts

@@ -124,6 +124,23 @@ export declare interface CustomProviderOptions {
     getToken: () => Promise<AppCheckToken>;
 }
 
+/**
+ * Requests a Firebase App Check token. This method should be used
+ * only if you need to authorize requests to a non-Firebase backend.
+ *
+ * Returns limited-use tokens that are intended for use with your
+ * non-Firebase backend endpoints that are protected with
+ * <a href="https://firebase.google.com/docs/app-check/custom-resource-backend#replay-protection">
+ * Replay Protection</a>. This method
+ * does not affect the token generation behavior of the
+ * #getAppCheckToken() method.
+ *
+ * @param appCheckInstance - The App Check service instance.
+ * @returns The limited use token.
+ * @public
+ */
+export declare function getLimitedUseToken(appCheckInstance: AppCheck): Promise<AppCheckTokenResult>;
+
 /**
  * Get the current App Check token. Attaches to the most recent
  * in-flight request if one is present. Returns null if no token

package/dist/esm/index.esm.js

@@ -915,6 +915,35 @@ function getToken$2(appCheck, forceRefresh) {
         });
     });
 }
+/**
+ * Internal API for limited use tokens. Skips all FAC state and simply calls
+ * the underlying provider.
+ */
+function getLimitedUseToken$1(appCheck) {
+    return __awaiter(this, void 0, void 0, function () {
+        var app, provider, debugToken, token, token;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    app = appCheck.app;
+                    ensureActivated(app);
+                    provider = getStateReference(app).provider;
+                    if (!isDebugMode()) return [3 /*break*/, 3];
+                    return [4 /*yield*/, getDebugToken()];
+                case 1:
+                    debugToken = _a.sent();
+                    return [4 /*yield*/, exchangeToken(getExchangeDebugTokenRequest(app, debugToken), appCheck.heartbeatServiceProvider)];
+                case 2:
+                    token = (_a.sent()).token;
+                    return [2 /*return*/, { token: token }];
+                case 3: return [4 /*yield*/, provider.getToken()];
+                case 4:
+                    token = (_a.sent()).token;
+                    return [2 /*return*/, { token: token }];
+            }
+        });
+    });
+}
 function addTokenListener(appCheck, type, listener, onError) {
     var app = appCheck.app;
     var state = getStateReference(app);
@@ -1120,7 +1149,7 @@ function internalFactory(appCheck) {
 }
 
 var name = "@firebase/app-check";
-var version = "0.6.4";
+var version = "0.6.5-canary.0a27d2fbf";
 
 /**
  * @license
@@ -1239,7 +1268,15 @@ function getToken$1(app) {
 function renderInvisibleWidget(app, siteKey, grecaptcha, container) {
     var widgetId = grecaptcha.render(container, {
         sitekey: siteKey,
-        size: 'invisible'
+        size: 'invisible',
+        // Success callback - set state
+        callback: function () {
+            getStateReference(app).reCAPTCHAState.succeeded = true;
+        },
+        // Failure callback - set state
+        'error-callback': function () {
+            getStateReference(app).reCAPTCHAState.succeeded = false;
+        }
     });
     var state = getStateReference(app);
     state.reCAPTCHAState = __assign(__assign({}, state.reCAPTCHAState), { // state.reCAPTCHAState is set in the initialize()
@@ -1298,11 +1335,11 @@ var ReCaptchaV3Provider = /** @class */ (function () {
      * @internal
      */
     ReCaptchaV3Provider.prototype.getToken = function () {
-        var _a, _b;
+        var _a, _b, _c;
         return __awaiter(this, void 0, void 0, function () {
             var attestedClaimsToken, result, e_1;
-            return __generator(this, function (_c) {
-                switch (_c.label) {
+            return __generator(this, function (_d) {
+                switch (_d.label) {
                     case 0:
                         throwIfThrottled(this._throttleData);
                         return [4 /*yield*/, getToken$1(this._app).catch(function (_e) {
@@ -1310,18 +1347,22 @@ var ReCaptchaV3Provider = /** @class */ (function () {
                                 throw ERROR_FACTORY.create("recaptcha-error" /* AppCheckError.RECAPTCHA_ERROR */);
                             })];
                     case 1:
-                        attestedClaimsToken = _c.sent();
-                        _c.label = 2;
+                        attestedClaimsToken = _d.sent();
+                        // Check if a failure state was set by the recaptcha "error-callback".
+                        if (!((_a = getStateReference(this._app).reCAPTCHAState) === null || _a === void 0 ? void 0 : _a.succeeded)) {
+                            throw ERROR_FACTORY.create("recaptcha-error" /* AppCheckError.RECAPTCHA_ERROR */);
+                        }
+                        _d.label = 2;
                     case 2:
-                        _c.trys.push([2, 4, , 5]);
+                        _d.trys.push([2, 4, , 5]);
                         return [4 /*yield*/, exchangeToken(getExchangeRecaptchaV3TokenRequest(this._app, attestedClaimsToken), this._heartbeatServiceProvider)];
                     case 3:
-                        result = _c.sent();
+                        result = _d.sent();
                         return [3 /*break*/, 5];
                     case 4:
-                        e_1 = _c.sent();
-                        if ((_a = e_1.code) === null || _a === void 0 ? void 0 : _a.includes("fetch-status-error" /* AppCheckError.FETCH_STATUS_ERROR */)) {
-                            this._throttleData = setBackoff(Number((_b = e_1.customData) === null || _b === void 0 ? void 0 : _b.httpStatus), this._throttleData);
+                        e_1 = _d.sent();
+                        if ((_b = e_1.code) === null || _b === void 0 ? void 0 : _b.includes("fetch-status-error" /* AppCheckError.FETCH_STATUS_ERROR */)) {
+                            this._throttleData = setBackoff(Number((_c = e_1.customData) === null || _c === void 0 ? void 0 : _c.httpStatus), this._throttleData);
                             throw ERROR_FACTORY.create("throttled" /* AppCheckError.THROTTLED */, {
                                 time: getDurationString(this._throttleData.allowRequestsAfter - Date.now()),
                                 httpStatus: this._throttleData.httpStatus
@@ -1385,11 +1426,11 @@ var ReCaptchaEnterpriseProvider = /** @class */ (function () {
      * @internal
      */
     ReCaptchaEnterpriseProvider.prototype.getToken = function () {
-        var _a, _b;
+        var _a, _b, _c;
         return __awaiter(this, void 0, void 0, function () {
             var attestedClaimsToken, result, e_2;
-            return __generator(this, function (_c) {
-                switch (_c.label) {
+            return __generator(this, function (_d) {
+                switch (_d.label) {
                     case 0:
                         throwIfThrottled(this._throttleData);
                         return [4 /*yield*/, getToken$1(this._app).catch(function (_e) {
@@ -1397,18 +1438,22 @@ var ReCaptchaEnterpriseProvider = /** @class */ (function () {
                                 throw ERROR_FACTORY.create("recaptcha-error" /* AppCheckError.RECAPTCHA_ERROR */);
                             })];
                     case 1:
-                        attestedClaimsToken = _c.sent();
-                        _c.label = 2;
+                        attestedClaimsToken = _d.sent();
+                        // Check if a failure state was set by the recaptcha "error-callback".
+                        if (!((_a = getStateReference(this._app).reCAPTCHAState) === null || _a === void 0 ? void 0 : _a.succeeded)) {
+                            throw ERROR_FACTORY.create("recaptcha-error" /* AppCheckError.RECAPTCHA_ERROR */);
+                        }
+                        _d.label = 2;
                     case 2:
-                        _c.trys.push([2, 4, , 5]);
+                        _d.trys.push([2, 4, , 5]);
                         return [4 /*yield*/, exchangeToken(getExchangeRecaptchaEnterpriseTokenRequest(this._app, attestedClaimsToken), this._heartbeatServiceProvider)];
                     case 3:
-                        result = _c.sent();
+                        result = _d.sent();
                         return [3 /*break*/, 5];
                     case 4:
-                        e_2 = _c.sent();
-                        if ((_a = e_2.code) === null || _a === void 0 ? void 0 : _a.includes("fetch-status-error" /* AppCheckError.FETCH_STATUS_ERROR */)) {
-                            this._throttleData = setBackoff(Number((_b = e_2.customData) === null || _b === void 0 ? void 0 : _b.httpStatus), this._throttleData);
+                        e_2 = _d.sent();
+                        if ((_b = e_2.code) === null || _b === void 0 ? void 0 : _b.includes("fetch-status-error" /* AppCheckError.FETCH_STATUS_ERROR */)) {
+                            this._throttleData = setBackoff(Number((_c = e_2.customData) === null || _c === void 0 ? void 0 : _c.httpStatus), this._throttleData);
                             throw ERROR_FACTORY.create("throttled" /* AppCheckError.THROTTLED */, {
                                 time: getDurationString(this._throttleData.allowRequestsAfter - Date.now()),
                                 httpStatus: this._throttleData.httpStatus
@@ -1701,6 +1746,24 @@ function getToken(appCheckInstance, forceRefresh) {
         });
     });
 }
+/**
+ * Requests a Firebase App Check token. This method should be used
+ * only if you need to authorize requests to a non-Firebase backend.
+ *
+ * Returns limited-use tokens that are intended for use with your
+ * non-Firebase backend endpoints that are protected with
+ * <a href="https://firebase.google.com/docs/app-check/custom-resource-backend#replay-protection">
+ * Replay Protection</a>. This method
+ * does not affect the token generation behavior of the
+ * #getAppCheckToken() method.
+ *
+ * @param appCheckInstance - The App Check service instance.
+ * @returns The limited use token.
+ * @public
+ */
+function getLimitedUseToken(appCheckInstance) {
+    return getLimitedUseToken$1(appCheckInstance);
+}
 /**
  * Wraps `addTokenListener`/`removeTokenListener` methods in an `Observer`
  * pattern for public use.
@@ -1764,5 +1827,5 @@ function registerAppCheck() {
 }
 registerAppCheck();
 
-export { CustomProvider, ReCaptchaEnterpriseProvider, ReCaptchaV3Provider, getToken, initializeAppCheck, onTokenChanged, setTokenAutoRefreshEnabled };
+export { CustomProvider, ReCaptchaEnterpriseProvider, ReCaptchaV3Provider, getLimitedUseToken, getToken, initializeAppCheck, onTokenChanged, setTokenAutoRefreshEnabled };
 //# sourceMappingURL=index.esm.js.map