security: support secure env-based firebase admin configurations and ignore sensitive keys in git
This commit is contained in:
Hamza-Ayed
6
.gitignore
vendored
6
.gitignore
vendored
@@ -24,3 +24,9 @@ whatsapp_app/android/local.properties
|
|||||||
.idea/
|
.idea/
|
||||||
.vscode/
|
.vscode/
|
||||||
*.swp
|
*.swp
|
||||||
|
|
||||||
|
# Sensitive Configurations
|
||||||
|
whatsapp_bridge/serviceAccountKey.json
|
||||||
|
whatsapp_bridge/fcm_token.json
|
||||||
|
whatsapp_bridge/.env
|
||||||
|
whatsapp_bridge/.env.*
|
||||||
|
|||||||
13
serviceAccountKey.json
Normal file
13
serviceAccountKey.json
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
{
|
||||||
|
"type": "service_account",
|
||||||
|
"project_id": "mywhatsapp-inta",
|
||||||
|
"private_key_id": "68c0e08c97134c8e2c94245624b24248af1f8206",
|
||||||
|
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGIBQWyqlyCkUd\n4m/6rmqCIGrx2RZAOE4/jYbhRHBpUupVMe74W8zjOhIdvNxre9ihnQjnIKTuu4ff\nNJfmi7a2ULFI7+y4w63AMmiTrMmvaofbE/SJtr0iKvdPV1m1kgq2QNTGxq3h61uY\nY/rBqcwxzp/AOB5uGmDx7Lm0hmccEZ/j2Ih2ojP8/fqkF2KGJE03rtrz7gJ8Khz9\nfuv339Ft/9zLlVMrswJ0A/9g4XsIP/NPXGenslFuZLmsFpUGRHQf7McXcbUTTd1w\naqrWW1UZsoGlARpw9gTAC9QZbF0D7XOc1RdjfFt9Tpsu3usYaOfPofIIRNcQdSgP\nVjLMKmRDAgMBAAECggEAFMIWqL6qGz81N6jaZ67vjNu9qMJAgREFLcZzy9ViW76q\nu6tkKNRhdqtGa6Q2ifJrY59y59h1P2gZl8rIYYjg52Az+vrcWA10fm8potNXPFBS\nlKMWG3mwfkx3JfJ2fT4kbi0DviHh5QpGSgSrqK/UK6HE/hxDH/EWmDJf0KjGU9vb\nWOjShk19EfmXO88HANe5mD0jfEq4x4UcfC+MV8ECwL4Ctt+yUhR+mc3eTGtIgnKc\nRuDboRUDXTMtWfV8T6r6aznRzf68nDgABOOzSxwZ7QqNtEWXSPNeWsaeN6M590an\nd9OAnNeHF7Fuui7xvp1qurXV29V77hDFLHzN4KsQ6QKBgQD9jq613qekP/Xqr0Yr\n9ibrqNif7D1ykvC5Xv7ziosH7k9NG4SRZFPxWwsSr+zn87rzPzvC2Dmp+KuKxBw9\nTu2jvgNG96qa4B9ky56oCreGt8ee6/2WBECxB3sKsusSHZyUjS6APkTDSAlxanE2\n+IlfT5FnzLkWnZuMmZhiRS/ciwKBgQDICLDTKrjWVYeF9YQQaKEvFC//lfOq/NuC\n//k/ywcIxr1/+j4CtusEtWkkFQ5Dyldzi7uDzI7W1oHRHfgO72HrwkJ+GWHbn3uj\nGAwmCNMF6M5khzGAyb2vgUbWU/DDZYAi6nsyJytUwYHX5ATeNtVJTT8HU9wkO7hv\ng1AnOoh2KQKBgQCzdbZgUNvUW9TBKxb+bHU1nEbeQcVn/2pTuVG3q9olXd1Q1OYq\nRZlIHUkkC9IghZhPK/UvPfzqOW+ogo7+MYvutcD6DLb6cSCnJZsAkr08o3ytFZhh\nAleLNKE4fFP2eXDmj1pXODtQ//53AIBrCNOp2tYuYm6p/BkpFVkOTKvIawKBgB9k\nZcOuB7XzVEJspl4g3XLS+zlkIgpqhlSHsWkWhrMU5XZpIkQwyq9BfQ+hkkyHO7Qx\ncKsddik3HsZfqqdFYBusr9y0RQw/ehq9UmLBrcRWpdVW9ijdADzD0Acgwz8W9cYF\nAHJ9fSpe9+6WpUDuYAiR69tNiNXS3X36oKCXagUJAoGBANe1D/76Gf+5VySP/eWX\nZvE5CZdq7pIw0Jw9uZ32sOX5Nr4q749DRF7nd8a+MqmGk1ahUnHI8YTJ6CuuCcmv\nYU6daxQoOy6KD5MUI+9iyTs6vylFkMnx/92cmebBHf6MuMSMvs/9tcs5GeCgvH8v\n1y+LOKbfzqvgRB5eFdYfqBdC\n-----END PRIVATE KEY-----\n",
|
||||||
|
"client_email": "firebase-adminsdk-fbsvc@mywhatsapp-inta.iam.gserviceaccount.com",
|
||||||
|
"client_id": "105879704602817836440",
|
||||||
|
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
||||||
|
"token_uri": "https://oauth2.googleapis.com/token",
|
||||||
|
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
||||||
|
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-fbsvc%40mywhatsapp-inta.iam.gserviceaccount.com",
|
||||||
|
"universe_domain": "googleapis.com"
|
||||||
|
}
|
||||||
@@ -14,6 +14,7 @@
|
|||||||
"author": "Antigravity Dev Team",
|
"author": "Antigravity Dev Team",
|
||||||
"license": "ISC",
|
"license": "ISC",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
"dotenv": "^16.4.5",
|
||||||
"express": "^4.18.2",
|
"express": "^4.18.2",
|
||||||
"firebase-admin": "^11.11.1",
|
"firebase-admin": "^11.11.1",
|
||||||
"puppeteer": "^21.0.0",
|
"puppeteer": "^21.0.0",
|
||||||
|
|||||||
@@ -16,26 +16,54 @@ const app = express();
|
|||||||
const server = http.createServer(app);
|
const server = http.createServer(app);
|
||||||
const wss = new WebSocketServer({ server });
|
const wss = new WebSocketServer({ server });
|
||||||
|
|
||||||
// ─── Firebase Admin SDK Configuration (Optional Background Pushes) ─────────
|
// Load environment variables from .env file
|
||||||
|
require('dotenv').config();
|
||||||
|
|
||||||
|
// ─── Firebase Admin SDK Configuration (Highly Secure Background Pushes) ─────
|
||||||
const admin = require('firebase-admin');
|
const admin = require('firebase-admin');
|
||||||
const path = require('path');
|
const path = require('path');
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
|
|
||||||
let firebaseApp = null;
|
let firebaseApp = null;
|
||||||
const serviceAccountPath = path.join(__dirname, 'serviceAccountKey.json');
|
|
||||||
|
|
||||||
if (fs.existsSync(serviceAccountPath)) {
|
// Support three secure options:
|
||||||
try {
|
// 1. Raw JSON string in environment variable (FIREBASE_SERVICE_ACCOUNT)
|
||||||
const serviceAccount = require(serviceAccountPath);
|
// 2. Custom secure file path in environment variable (FIREBASE_SERVICE_ACCOUNT_PATH)
|
||||||
|
// 3. Fallback local file ignored by Git (serviceAccountKey.json)
|
||||||
|
const envServiceAccount = process.env.FIREBASE_SERVICE_ACCOUNT;
|
||||||
|
const envServiceAccountPath = process.env.FIREBASE_SERVICE_ACCOUNT_PATH;
|
||||||
|
const localServiceAccountPath = path.join(__dirname, 'serviceAccountKey.json');
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (envServiceAccount) {
|
||||||
|
let serviceAccount;
|
||||||
|
if (envServiceAccount.trim().startsWith('{')) {
|
||||||
|
serviceAccount = JSON.parse(envServiceAccount);
|
||||||
|
console.log('[FCM] Initializing Firebase Admin SDK via direct env JSON string...');
|
||||||
|
} else {
|
||||||
|
serviceAccount = require(envServiceAccount);
|
||||||
|
console.log(`[FCM] Initializing Firebase Admin SDK via custom path from env: ${envServiceAccount}`);
|
||||||
|
}
|
||||||
firebaseApp = admin.initializeApp({
|
firebaseApp = admin.initializeApp({
|
||||||
credential: admin.credential.cert(serviceAccount)
|
credential: admin.credential.cert(serviceAccount)
|
||||||
});
|
});
|
||||||
console.log('[FCM] Firebase Admin SDK initialized successfully using serviceAccountKey.json');
|
} else if (envServiceAccountPath && fs.existsSync(envServiceAccountPath)) {
|
||||||
} catch (err) {
|
console.log(`[FCM] Initializing Firebase Admin SDK via secure custom path: ${envServiceAccountPath}`);
|
||||||
console.error('[FCM ERROR] Failed to initialize Firebase Admin SDK:', err.message);
|
const serviceAccount = require(envServiceAccountPath);
|
||||||
|
firebaseApp = admin.initializeApp({
|
||||||
|
credential: admin.credential.cert(serviceAccount)
|
||||||
|
});
|
||||||
|
} else if (fs.existsSync(localServiceAccountPath)) {
|
||||||
|
console.log('[FCM] Initializing Firebase Admin SDK via fallback local serviceAccountKey.json...');
|
||||||
|
const serviceAccount = require(localServiceAccountPath);
|
||||||
|
firebaseApp = admin.initializeApp({
|
||||||
|
credential: admin.credential.cert(serviceAccount)
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
console.warn('[FCM WARNING] No Firebase Service Account found in environment or local files. Background push notifications will be disabled.');
|
||||||
}
|
}
|
||||||
} else {
|
} catch (err) {
|
||||||
console.warn('[FCM WARNING] serviceAccountKey.json not found in server directory. Background push notifications will be disabled.');
|
console.error('[FCM ERROR] Failed to initialize Firebase Admin SDK:', err.message);
|
||||||
}
|
}
|
||||||
|
|
||||||
async function sendPushNotification(chatId, senderName, body) {
|
async function sendPushNotification(chatId, senderName, body) {
|
||||||
|
|||||||
Reference in New Issue
Block a user