Rebase and add recaptcha enterprise

hsubox76 · hsubox76 · commit 7ca267ebb0fa · 2021-11-10T10:10:47.000-08:00
diff --git a/packages/app-check/src/providers.test.ts b/packages/app-check/src/providers.test.ts
@@ -17,7 +17,7 @@
 
 import '../test/setup';
 import { getFakeGreCAPTCHA, getFullApp } from '../test/util';
-import { ReCaptchaV3Provider } from './providers';
+import { ReCaptchaEnterpriseProvider, ReCaptchaV3Provider } from './providers';
 import * as client from './client';
 import * as reCAPTCHA from './recaptcha';
 import * as util from './util';
@@ -113,3 +113,90 @@ describe('ReCaptchaV3Provider', () => {
     expect(token.token).to.equal('fake-exchange-token');
   });
 });
+
+describe('ReCaptchaEnterpriseProvider', () => {
+  let app: FirebaseApp;
+  let clock = useFakeTimers();
+  beforeEach(() => {
+    clock = useFakeTimers();
+    app = getFullApp();
+    stub(util, 'getRecaptcha').returns(getFakeGreCAPTCHA());
+    stub(reCAPTCHA, 'getToken').returns(
+      Promise.resolve('fake-recaptcha-token')
+    );
+  });
+
+  afterEach(() => {
+    clock.restore();
+    clearState();
+    return deleteApp(app);
+  });
+  it('getToken() gets a token from the exchange endpoint', async () => {
+    const app = getFullApp();
+    const provider = new ReCaptchaEnterpriseProvider('fake-site-key');
+    stub(client, 'exchangeToken').resolves({
+      token: 'fake-exchange-token',
+      issuedAtTimeMillis: 0,
+      expireTimeMillis: 10
+    });
+    provider.initialize(app);
+    const token = await provider.getToken();
+    expect(token.token).to.equal('fake-exchange-token');
+  });
+  it('getToken() throttles 1d on 403', async () => {
+    const app = getFullApp();
+    const provider = new ReCaptchaEnterpriseProvider('fake-site-key');
+    stub(client, 'exchangeToken').rejects(
+      new FirebaseError(AppCheckError.FETCH_STATUS_ERROR, 'some-message', {
+        httpStatus: 403
+      })
+    );
+    provider.initialize(app);
+    await expect(provider.getToken()).to.be.rejectedWith('1d');
+    // Wait 10s and try again to see if wait time string decreases.
+    clock.tick(10000);
+    await expect(provider.getToken()).to.be.rejectedWith('23h');
+  });
+  it('getToken() throttles exponentially on 503', async () => {
+    const app = getFullApp();
+    const provider = new ReCaptchaEnterpriseProvider('fake-site-key');
+    let exchangeTokenStub = stub(client, 'exchangeToken').rejects(
+      new FirebaseError(AppCheckError.FETCH_STATUS_ERROR, 'some-message', {
+        httpStatus: 503
+      })
+    );
+    provider.initialize(app);
+    await expect(provider.getToken()).to.be.rejectedWith('503');
+    expect(exchangeTokenStub).to.be.called;
+    exchangeTokenStub.resetHistory();
+    // Try again immediately, should be rejected.
+    await expect(provider.getToken()).to.be.rejectedWith('503');
+    expect(exchangeTokenStub).not.to.be.called;
+    exchangeTokenStub.resetHistory();
+    // Times below are max range of each random exponential wait,
+    // the possible range is 2^(backoff_count) plus or minus 50%
+    // Wait for 1.5 seconds to pass, should call exchange endpoint again
+    // (and be rejected again)
+    clock.tick(1500);
+    await expect(provider.getToken()).to.be.rejectedWith('503');
+    expect(exchangeTokenStub).to.be.called;
+    exchangeTokenStub.resetHistory();
+    // Wait for 3 seconds to pass, should call exchange endpoint again
+    // (and be rejected again)
+    clock.tick(3000);
+    await expect(provider.getToken()).to.be.rejectedWith('503');
+    expect(exchangeTokenStub).to.be.called;
+    // Wait for 6 seconds to pass, should call exchange endpoint again
+    // (and succeed)
+    clock.tick(6000);
+    exchangeTokenStub.restore();
+    exchangeTokenStub = stub(client, 'exchangeToken').resolves({
+      token: 'fake-exchange-token',
+      issuedAtTimeMillis: 0,
+      expireTimeMillis: 10
+    });
+    const token = await provider.getToken();
+    expect(token.token).to.equal('fake-exchange-token');
+  });
+});
+
diff --git a/packages/app-check/src/providers.ts b/packages/app-check/src/providers.ts
@@ -64,15 +64,7 @@ export class ReCaptchaV3Provider implements AppCheckProvider {
    */
   async getToken(): Promise<AppCheckTokenInternal> {
     throwIfThrottled(this._throttleData);
-
-    if (!this._app || !this._platformLoggerProvider) {
-      // This should only occur if user has not called initializeAppCheck().
-      // We don't have an appName to provide if so.
-      // This should already be caught in the top level `getToken()` function.
-      throw ERROR_FACTORY.create(AppCheckError.USE_BEFORE_ACTIVATION, {
-        appName: ''
-      });
-    }
+  
     // Top-level `getToken()` has already checked that App Check is initialized
     // and therefore this._app and this._platformLoggerProvider are available.
     const attestedClaimsToken = await getReCAPTCHAToken(this._app!).catch(
@@ -84,16 +76,15 @@ export class ReCaptchaV3Provider implements AppCheckProvider {
     let result;
     try {
       result = await exchangeToken(
-        getExchangeRecaptchaV3TokenRequest(this._app, attestedClaimsToken),
-        this._platformLoggerProvider
+        getExchangeRecaptchaV3TokenRequest(this._app!, attestedClaimsToken),
+        this._platformLoggerProvider!
       );
     } catch (e) {
       if ((e as FirebaseError).code === AppCheckError.FETCH_STATUS_ERROR) {
         this._throttleData = setBackoff(
           Number((e as FirebaseError).customData?.httpStatus),
           this._throttleData
         );
-        console.log('next interval', this._throttleData.allowRequestsAfter - Date.now());
         throw ERROR_FACTORY.create(AppCheckError.THROTTLED, {
           time: getDurationString(
             this._throttleData.allowRequestsAfter - Date.now()
@@ -141,6 +132,11 @@ export class ReCaptchaV3Provider implements AppCheckProvider {
 export class ReCaptchaEnterpriseProvider implements AppCheckProvider {
   private _app?: FirebaseApp;
   private _platformLoggerProvider?: Provider<'platform-logger'>;
+  /**
+   * Throttle requests on certain error codes to prevent too many retries
+   * in a short time.
+   */
+  private _throttleData: ThrottleData | null = null;
   /**
    * Create a ReCaptchaEnterpriseProvider instance.
    * @param siteKey - reCAPTCHA Enterprise score-based site key.
@@ -152,6 +148,7 @@ export class ReCaptchaEnterpriseProvider implements AppCheckProvider {
    * @internal
    */
   async getToken(): Promise<AppCheckTokenInternal> {
+    throwIfThrottled(this._throttleData);
     // Top-level `getToken()` has already checked that App Check is initialized
     // and therefore this._app and this._platformLoggerProvider are available.
     const attestedClaimsToken = await getReCAPTCHAToken(this._app!).catch(
@@ -160,13 +157,31 @@ export class ReCaptchaEnterpriseProvider implements AppCheckProvider {
         throw ERROR_FACTORY.create(AppCheckError.RECAPTCHA_ERROR);
       }
     );
-    return exchangeToken(
-      getExchangeRecaptchaEnterpriseTokenRequest(
-        this._app!,
-        attestedClaimsToken
-      ),
-      this._platformLoggerProvider!
-    );
+    let result;
+    try {
+      result = await exchangeToken(
+        getExchangeRecaptchaEnterpriseTokenRequest(this._app!, attestedClaimsToken),
+        this._platformLoggerProvider!
+      );
+    } catch (e) {
+      if ((e as FirebaseError).code === AppCheckError.FETCH_STATUS_ERROR) {
+        this._throttleData = setBackoff(
+          Number((e as FirebaseError).customData?.httpStatus),
+          this._throttleData
+        );
+        throw ERROR_FACTORY.create(AppCheckError.THROTTLED, {
+          time: getDurationString(
+            this._throttleData.allowRequestsAfter - Date.now()
+          ),
+          httpStatus: this._throttleData.httpStatus
+        });
+      } else {
+        throw e;
+      }
+    }
+    // If successful, clear throttle data.
+    this._throttleData = null;
+    return result;
   }
 
   /**
