fix: remove AppCheck (#241)

* fix: remove AppCheck * fix: remove appcheck from env template --------- Co-authored-by: Brandon Rodriguez <[email protected]>
mbta · Nov 15, 2024 · 7c98ccd · 7c98ccd
1 parent 9ef11c9
commit 7c98ccd
Show file tree

Hide file tree

Showing 13 changed files with 4 additions and 564 deletions.
diff --git a/.envrc.template b/.envrc.template
@@ -18,12 +18,6 @@ export ALGOLIA_READ_URL=
 export SENTRY_DSN=
 export SENTRY_ENV=local
 
-# Configuration for [AppCheck](https://firebase.google.com/docs/app-check/custom-resource-backend)
-# Used for verifying the authorization of clients
-export APP_CHECK_ISSUER=
-export APP_CHECK_PROJECT=
-export APP_CHECK_APP_IDS=
-
 # Configuration for [Mapbox](https://docs.mapbox.com/help/glossary/access-token/)
 # deprecated: export MAPBOX_PUBLIC_TOKEN=
 export MAPBOX_PRIMARY_TOKEN=

diff --git a/config/config.exs b/config/config.exs
@@ -10,9 +10,6 @@ import Config
 config :mobile_app_backend,
   generators: [timestamp_type: :utc_datetime]
 
-config :mobile_app_backend, MobileAppBackend.AppCheck,
-  jwks_url: "https://firebaseappcheck.googleapis.com/v1/jwks"
-
 config :mobile_app_backend, predictions_broadcast_interval_ms: 5_000
 config :mobile_app_backend, vehicles_broadcast_interval_ms: 500
 

diff --git a/config/runtime.exs b/config/runtime.exs
@@ -12,15 +12,6 @@ config :sentry,
   enable_source_code_context: true,
   root_source_code_path: File.cwd!()
 
-config :mobile_app_backend, MobileAppBackend.AppCheck,
-  issuer: System.get_env("APP_CHECK_ISSUER"),
-  project: System.get_env("APP_CHECK_PROJECT"),
-  subjects:
-    "APP_CHECK_APP_IDS"
-    |> System.get_env("")
-    |> String.trim()
-    |> String.split(",")
-
 case System.get_env("MAPBOX_PRIMARY_TOKEN") do
   primary_token when is_binary(primary_token) and primary_token != "" ->
     config :mobile_app_backend, MobileAppBackend.ClientConfig,

diff --git a/lib/mobile_app_backend/app_check/jwks_api.ex b/lib/mobile_app_backend/app_check/jwks_api.ex
diff --git a/lib/mobile_app_backend/app_check/token.ex b/lib/mobile_app_backend/app_check/token.ex
diff --git a/lib/mobile_app_backend_web/plugs/app_check.ex b/lib/mobile_app_backend_web/plugs/app_check.ex
diff --git a/lib/mobile_app_backend_web/router.ex b/lib/mobile_app_backend_web/router.ex
@@ -15,10 +15,6 @@ defmodule MobileAppBackendWeb.Router do
     plug(MobileAppBackendWeb.Plugs.Etag)
   end
 
-  pipeline :app_check do
-    plug(MobileAppBackendWeb.Plugs.AppCheck)
-  end
-
   scope "/", MobileAppBackendWeb do
     pipe_through :browser
 
@@ -30,7 +26,7 @@ defmodule MobileAppBackendWeb.Router do
   end
 
   scope "/api/protected", MobileAppBackendWeb do
-    pipe_through([:api, :app_check])
+    pipe_through([:api])
     get("/config", ClientConfigController, :config)
   end
 

diff --git a/test/mobile_app_backend/app_check/jwks_api_test.exs b/test/mobile_app_backend/app_check/jwks_api_test.exs
diff --git a/test/mobile_app_backend_web/controllers/client_config_controller_test.exs b/test/mobile_app_backend_web/controllers/client_config_controller_test.exs
@@ -15,50 +15,12 @@ defmodule MobileAppBackendWeb.ClientControllerTest do
 
       MapboxTokenRotator |> Process.whereis() |> Process.exit(:refresh_config)
 
-      reassign_env(:mobile_app_backend, MobileAppBackend.AppCheck.JwksApi, JwksApiMock)
-
-      reassign_env(
-        :mobile_app_backend,
-        MobileAppBackend.AppCheck.Token,
-        MobileAppBackend.AppCheck.TokenMock
-      )
-
-      # Correspond to valid claims in MobileAppBackend.AppCheck.TokenMock
-      reassign_env(:mobile_app_backend, MobileAppBackend.AppCheck,
-        issuer: "valid_issuer",
-        project: "valid_project",
-        subjects: ["valid_subject", "other_valid_subject"]
-      )
-
-      JwksApiMock
-      |> expect(:read_jwks, 1, fn ->
-        {:ok,
-         [
-           %{
-             "kty" => "RSA",
-             "use" => "sig",
-             "alg" => "RS256",
-             "kid" => "target_kid",
-             "n" => "n_value",
-             "e" => "e_value"
-           }
-         ]}
-      end)
-
       :ok
     end
 
-    @tag :firebase_valid_token
-    test "when valid token, returns config", %{conn: conn} do
+    test "returns config", %{conn: conn} do
       conn = get(conn, "/api/protected/config")
       %{"mapbox_public_token" => "fake_mapbox_token"} = json_response(conn, 200)
     end
-
-    @tag :firebase_invalid_token
-    @tag :capture_log
-    test "when invalid token, returns 401 error", %{conn: conn} do
-      conn = get(conn, "/api/protected/config")
-      %{"error" => "invalid_token"} = json_response(conn, 401)
-    end
   end
 end