supporting recaptcha verdict for auth blocking functions

[Xiaoshouzi-gh]

Description

Adding recaptcha support for auth blocking function beforeCreate and beforeSignIn

Code sample

V2

exports.checkrecaptcha = beforeUserSignedIn(async (event) => {
  if (event.additionalUserInfo.recaptchaScore > 0.6) {
    return {
      recaptchaPassed: true
    }
  } else {
    return {
      recaptchaPassed: false
    }
  }
});

V1

exports.recaptchaV1 = auth.user().beforeSignIn((userRecord, context) => {
  if (context.additionalUserInfo.recaptchaScore > 0.5) {
    return {
      recaptchaPassed: true,
    };
  } else {
    return {
      recaptchaPassed: false,
    };
  }
});

[Xiaoshouzi-gh]

cc @prameshj @eromney

[blidd-google]

Just a few minor things, but looks great and thanks for your work on this! Also, please add an entry to the changelog documenting the changes. Will leave this in a commented state until we get the go-ahead from the API council.

[blidd-google]

add newline after /**

[blidd-google]

Do we know exactly the shape of the data GCIP expects? If we do then we could statically type the return value here instead of using any, otherwise not really a huge deal.

[prameshj]

+1, let's avoid 'any' if possible. I guess BeforeSignInResponse is the type to use? (Or if we consolidate all fields into BlockingFunctionsResponse we could use that, in future)

[Xiaoshouzi-gh]

BeforeSignInResponse is the interface for blocking function returns for developers (e.g. developers can return displayName, emailVeried etc field when they implemented the blocking function). The requestPayload(responsePayload) here is (will be) a new different interface that follows GCIP backend proto. They are very similar but nested a bit differently. This is also the reason why the naming is kind of confusing, it is generated from the blocking function response as a request to GCIP backend.

[Xiaoshouzi-gh]

Added a new interface for this.

[prameshj]

Since all fields are optional in BeforeCreateResponse and BeforeSignInResponse, should we put them all here? I understand this will be a much larger refactor, so this change is very optional.

[prameshj]

Actually, given this is a public interface, I think we should keep it as you have it here. Maybe we can have an internal/hidden interface which consolidates all the fields, mainly as return type for generatePayloadRequest.

[Xiaoshouzi-gh]

The reason why separating this out is this new interface will be used in the beforeEmailSent trigger. And in the beforeEmailSent response, recaptchaPassed is the only field we support.

[prameshj]

makes sense.. Since the fields are all optional, technically, we could use the same Response for beforeEmailSent trigger. But what you have is cleaner.

[Xiaoshouzi-gh]

Updates from API proposal - we are going to rename recaptchaPassed to recaptchaActionOverride and add this property to both BeforeCreateResponse and BeforeSignInResponse same as Pavithra suggested here.

[prameshj]

+1, let's avoid 'any' if possible. I guess BeforeSignInResponse is the type to use? (Or if we consolidate all fields into BlockingFunctionsResponse we could use that, in future)

[prameshj]

Thanks for making the changes!

[prameshj]

"generateResponsePayload"

[prameshj]

makes sense.. Since the fields are all optional, technically, we could use the same Response for beforeEmailSent trigger. But what you have is cleaner.

[prameshj]

nit: add a comment on why this is used.

"Internal definition to include all the fields that can be sent as a response from the blocking function to the backend. This is added mainly to have a type definition for 'generateResponsePayload'".

[blidd-google]

LGTM besides one very minor nit

[blidd-google]

Am I missing something with the destructuring assignment for recaptchaActionOverride, or can we just do const { recaptchaActionOverride, ...formatedAuthResponse } = authResponse; instead?

[prameshj]

nit: "Recaptcha" typo. Also in the comment.