Skip to content

chore: make blabsy admin auth more robust #421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 13, 2025
Merged

chore: make blabsy admin auth more robust #421

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion infrastructure/eid-wallet/src-tauri/gen/android/.idea/kotlinc.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

61 changes: 55 additions & 6 deletions platforms/blabsy-w3ds-auth-api/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ import cors from "cors";
import { config } from "dotenv";
import path from "path";
import { AuthController } from "./controllers/AuthController";
import { initializeApp, cert, applicationDefault } from "firebase-admin/app";
import { initializeApp, cert, applicationDefault, getApps } from "firebase-admin/app";
import * as fs from "fs";
import { Web3Adapter } from "./web3adapter";
import { WebhookController, adapter } from "./controllers/WebhookController";

Expand All @@ -27,19 +28,67 @@ app.use(express.urlencoded({ limit: "50mb", extended: true }));
const authController = new AuthController();

// Initialize Firebase Admin SDK (only if credentials are available)
let firebaseInitialized = false;
try {
if (process.env.GOOGLE_APPLICATION_CREDENTIALS || process.env.FIREBASE_CREDENTIALS_PATH) {
initializeApp({
credential: applicationDefault(),
});
// Check if already initialized
if (getApps().length > 0) {
firebaseInitialized = true;
console.log("✅ Firebase Admin SDK already initialized");
} else if (process.env.GOOGLE_APPLICATION_CREDENTIALS || process.env.FIREBASE_CREDENTIALS_PATH) {
const credentialsPath = process.env.GOOGLE_APPLICATION_CREDENTIALS || process.env.FIREBASE_CREDENTIALS_PATH;

// Explicitly load credentials from file if path is provided
if (credentialsPath && fs.existsSync(credentialsPath)) {
try {
const serviceAccount = JSON.parse(fs.readFileSync(credentialsPath, "utf8"));
initializeApp({
credential: cert(serviceAccount),
});
firebaseInitialized = true;
console.log("✅ Firebase Admin SDK initialized with service account file");
} catch (fileError: any) {
console.error("❌ Failed to load service account file:", fileError.message);
console.error(" File path:", credentialsPath);
// Fall back to applicationDefault
try {
initializeApp({
credential: applicationDefault(),
});
firebaseInitialized = true;
console.log("✅ Firebase Admin SDK initialized with applicationDefault (fallback)");
} catch (fallbackError: any) {
console.error("❌ Failed to initialize with applicationDefault:", fallbackError.message);
}
}
} else {
// Try applicationDefault (for GCP metadata service or other default locations)
try {
initializeApp({
credential: applicationDefault(),
});
firebaseInitialized = true;
console.log("✅ Firebase Admin SDK initialized with applicationDefault");
} catch (defaultError: any) {
console.error("❌ Failed to initialize with applicationDefault:", defaultError.message);
if (credentialsPath) {
console.error(" Credentials path was set but file not found:", credentialsPath);
}
}
}
} else {
console.warn("⚠️ Firebase credentials not configured. Firebase features will be disabled.");
console.warn(" Set GOOGLE_APPLICATION_CREDENTIALS or FIREBASE_CREDENTIALS_PATH environment variable");
}
} catch (error: any) {
console.warn("⚠️ Failed to initialize Firebase Admin SDK:", error.message);
console.error("❌ Failed to initialize Firebase Admin SDK:", error.message);
console.error(" Stack:", error.stack);
console.warn("⚠️ Firebase features will be disabled.");
}

if (!firebaseInitialized) {
console.warn("⚠️ Firebase Admin SDK not initialized. Webhook and watcher features may fail.");
}
Comment on lines +88 to +90
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify impact on webhook and watcher features when Firebase is not initialized.

The warning correctly identifies potential failures in webhook and watcher features. Ensure that these features handle the uninitialized state gracefully without crashing or exposing error details to clients.

Run the following script to check how webhook and watcher features handle Firebase dependencies:

🏁 Script executed:

#!/bin/bash
# Description: Check Firebase usage in webhook and watcher features

# Search for Firebase Admin usage in WebhookController and Web3Adapter
echo "=== Checking WebhookController for Firebase usage ==="
rg -nP --type=ts -C5 'firebase|getAuth|getFirestore' platforms/blabsy-w3ds-auth-api/src/controllers/WebhookController.ts

echo -e "\n=== Checking Web3Adapter for Firebase usage ==="
rg -nP --type=ts -C5 'firebase|getAuth|getFirestore' platforms/blabsy-w3ds-auth-api/src/web3adapter.ts

echo -e "\n=== Checking for Firebase initialization guards ==="
rg -nP --type=ts 'firebaseInitialized|getApps\(\)' platforms/blabsy-w3ds-auth-api/src/

Length of output: 1578

🏁 Script executed:

#!/bin/bash
# Check how WebhookController is instantiated and error handling in index.ts

echo "=== Full context around WebhookController instantiation ==="
rg -nP --type=ts -C10 'new WebhookController|WebhookController\(' platforms/blabsy-w3ds-auth-api/src/index.ts

echo -e "\n=== Check for try-catch around initialization ==="
rg -nP --type=ts -C8 'try|catch' platforms/blabsy-w3ds-auth-api/src/index.ts | head -50

echo -e "\n=== Find watcher feature implementations ==="
rg -nP --type=ts 'watcher|watch' platforms/blabsy-w3ds-auth-api/src/ -i

echo -e "\n=== View full index.ts around warning message (lines 85-95) ==="
sed -n '85,95p' platforms/blabsy-w3ds-auth-api/src/index.ts

Length of output: 10982

🏁 Script executed:

#!/bin/bash
# Check WebhookController and FirestoreWatcher Firebase handling

echo "=== WebhookController full constructor ==="
sed -n '80,88p' platforms/blabsy-w3ds-auth-api/src/controllers/WebhookController.ts

echo -e "\n=== FirestoreWatcher getFirestore usage ==="
rg -nP --type=ts -C5 'getFirestore' platforms/blabsy-w3ds-auth-api/src/web3adapter/watchers/firestoreWatcher.ts

echo -e "\n=== Check if getFirestore throws synchronously ==="
rg -nP --type=ts -C3 'getFirestore|new FirestoreWatcher' platforms/blabsy-w3ds-auth-api/src/web3adapter/index.ts | head -30

Length of output: 2372

Add error handling for Firebase dependencies in WebhookController and Web3Adapter instantiation.

The warning at lines 88-90 is correct but incomplete. Both WebhookController (line 102) and Web3Adapter (line 93) will crash during instantiation if Firebase is not initialized, because their constructors call getFirestore() without guards:

  • WebhookController constructor (line 84): this.db = getFirestore()
  • Web3Adapter class property (line 17): private readonly db = getFirestore()
  • FirestoreWatcher constructor (line 49): this.db = getFirestore()

These instantiations lack try-catch wrappers. The app will crash with an unhandled error instead of gracefully degrading. Either wrap instantiations in try-catch blocks or add guards to prevent getFirestore() calls when Firebase is uninitialized.

🤖 Prompt for AI Agents 
platforms/blabsy-w3ds-auth-api/src/index.ts lines 88-90: the current warning
about Firebase not being initialized is insufficient because Web3Adapter
(instantiated around line 93), WebhookController (around line 102) and
FirestoreWatcher (constructor at line 49) call getFirestore() during
construction and will throw if Firebase isn't initialized; modify the file to
guard or wrap those instantiations in try-catch blocks (or check
firebaseInitialized before creating those objects) and provide safe fallbacks
(null/no-op implementations) and clear error logs so the app degrades gracefully
instead of crashing.


// Initialize Web3Adapter
const web3Adapter = new Web3Adapter();

Expand Down