@altcha/firebase-app-check
Advanced tools
This repository provides a custom App Check provider implementation for Firebase using ALTCHA. ALTCHA is a privacy-focused proof-of-work-based system that helps secure websites and APIs from spam and unwanted content.
Install the ALTCHA App Check Provider.
During the installation, configure your unique secret HMAC Key (a sufficiently long random string). You may adjust other configuration options, though the default values are usually sufficient.
Copy the URLs of the two deployed functions—you'll need to configure these in the CustomProvider.
Run the following command to add the ALTCHA provider to your project:
npm install @altcha/firebase-app-check
Create a new CustomProvider for App Check:
import { AltchaProviderOptions } from '@altcha/firebase-app-check';
const firebaseConfig = {
// your usual Firebase config
appId: '...'
};
const app = initializeApp(firebaseConfig);
const altchaProviderOptions = new AltchaProviderOptions({
appId: firebaseConfig.appId,
createAltchaChallengeUrl: 'https://.../ext-altcha-app-check-provider-createAltchaChallenge',
createAppCheckTokenUrl: 'https://.../ext-altcha-app-check-provider-createAppCheckToken',
});
const provider = new CustomProvider(altchaProviderOptions);
initializeAppCheck(app, { provider });
Replace createAltchaChallengeUrl and createAppCheckTokenUrl with URLs of the functions deployed by the extension (step 1).
If the createAppCheckToken function fails with the error Permission 'iam.serviceAccounts.signBlob' denied..., you need to grant a new role to the extension's service account:
gcloud projects add-iam-policy-binding PROJECT_ID --member=serviceAccount:ext-altcha-app-check-provider@PROJECT_ID.iam.gserviceaccount.com --role='roles/iam.serviceAccountTokenCreator'
Replace PROJECT_ID with your actual project ID from the Firebase console.
Note: Adding the role via the Google Console UI may not work. It's recommended to use the gcloud CLI to apply this role.
MIT
FAQs
Firebase App Check provider.
The npm package @altcha/firebase-app-check receives a total of 21 weekly downloads. As such, @altcha/firebase-app-check popularity was classified as not popular.
We found that @altcha/firebase-app-check demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.