Refactor code and cleanup

Author: agbaraka

appcheck/appcheck.go

@@ -16,12 +16,9 @@
 package appcheck
 
 import (
-	"bytes"
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"net/http"
 	"strings"
 	"time"
 
@@ -36,7 +33,7 @@ var JWKSUrl = "https://firebaseappcheck.googleapis.com/v1beta/jwks"
 
 const appCheckIssuer = "https://firebaseappcheck.googleapis.com/"
 
-const tokenVerifierBaseUrl = "https://firebaseappcheck.googleapis.com"
+var verifyTokenURL = "https://firebaseappcheck.googleapis.com/v1beta/projects/%s:verifyAppCheckToken"
 
 var (
 	// ErrIncorrectAlgorithm is returned when the token is signed with a non-RSA256 algorithm.
@@ -72,9 +69,9 @@ type DecodedAppCheckToken struct {
 
 // Client is the interface for the Firebase App Check service.
 type Client struct {
-	projectID        string
-	jwks             *keyfunc.JWKS
-	tokenVerifierUrl string
+	projectID  string
+	jwks       *keyfunc.JWKS
+	httpClient *internal.HTTPClient
 }
 
 // NewClient creates a new instance of the Firebase App Check Client.
@@ -91,10 +88,15 @@ func NewClient(ctx context.Context, conf *internal.AppCheckConfig) (*Client, err
 		return nil, err
 	}
 
+	hc, _, err := internal.NewHTTPClient(ctx, conf.Opts...)
+	if err != nil {
+		return nil, err
+	}
+
 	return &Client{
-		projectID:        conf.ProjectID,
-		jwks:             jwks,
-		tokenVerifierUrl: buildTokenVerifierUrl(conf.ProjectID),
+		projectID:  conf.ProjectID,
+		jwks:       jwks,
+		httpClient: hc,
 	}, nil
 }
 
@@ -203,42 +205,36 @@ func (c *Client) VerifyToken(token string) (*DecodedAppCheckToken, error) {
 // otherwise valid App Check token with an unsupported provider will cause an error to be returned.
 //
 // If the token was already consumed prior to this call, an error is returned.
-func (c *Client) VerifyOneTimeToken(token string) (*DecodedAppCheckToken, error) {
+func (c *Client) VerifyOneTimeToken(ctx context.Context, token string) (*DecodedAppCheckToken, error) {
 	decodedAppCheckToken, err := c.VerifyToken(token)
 
 	if err != nil {
 		return nil, err
 	}
 
-	bodyReader := bytes.NewReader([]byte(fmt.Sprintf(`{"app_check_token":%s}`, token)))
-
-	resp, err := http.Post(c.tokenVerifierUrl, "application/json", bodyReader)
-
-	if err != nil {
-		return nil, err
+	req := &internal.Request{
+		Method: "POST",
+		URL:    fmt.Sprintf(verifyTokenURL, c.projectID),
+		Body: internal.NewJSONEntity(map[string]string{
+			"app_check_token": token,
+		}),
 	}
 
-	defer resp.Body.Close()
-
-	var rb struct {
+	var resp struct {
 		AlreadyConsumed bool `json:"alreadyConsumed"`
 	}
 
-	if err := json.NewDecoder(resp.Body).Decode(&rb); err != nil {
+	if _, err := c.httpClient.DoAndUnmarshal(ctx, req, &resp); err != nil {
 		return nil, err
 	}
 
-	if rb.AlreadyConsumed {
+	if resp.AlreadyConsumed {
 		return nil, ErrTokenAlreadyConsumed
 	}
 
 	return decodedAppCheckToken, nil
 }
 
-func buildTokenVerifierUrl(projectId string) string {
-	return fmt.Sprintf("%s/v1beta/projects/%s:verifyAppCheckToken", tokenVerifierBaseUrl, projectId)
-}
-
 func contains(s []string, str string) bool {
 	for _, v := range s {
 		if v == str {

appcheck/appcheck_test.go

@@ -1,11 +1,13 @@
 package appcheck
 
 import (
+	"bytes"
 	"context"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -15,6 +17,7 @@ import (
 	"firebase.google.com/go/v4/internal"
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/google/go-cmp/cmp"
+	"google.golang.org/api/option"
 )
 
 func TestVerifyOneTimeToken(t *testing.T) {
@@ -67,24 +70,32 @@ func TestVerifyOneTimeToken(t *testing.T) {
 	for _, tt := range appCheckVerifyTestsTable {
 
 		t.Run(tt.label, func(t *testing.T) {
-			appCheckVerifyMockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				w.Write([]byte(tt.mockServerResponse))
-			}))
+
+			mockHttpClient := &http.Client{
+				Transport: &mockHTTPResponse{
+					Response: http.Response{
+						StatusCode: 200,
+						Body:       io.NopCloser(bytes.NewBufferString(tt.mockServerResponse)),
+					},
+					Err: nil,
+				},
+			}
 
 			client, err := NewClient(context.Background(), &internal.AppCheckConfig{
 				ProjectID: projectID,
+				Opts: []option.ClientOption{
+					option.WithHTTPClient(mockHttpClient),
+				},
 			})
 
 			if err != nil {
 				t.Fatalf("error creating new client: %v", err)
 			}
 
-			client.tokenVerifierUrl = appCheckVerifyMockServer.URL
-
-			_, err = client.VerifyOneTimeToken(token)
+			_, err = client.VerifyOneTimeToken(context.Background(), token)
 
 			if !errors.Is(err, tt.expectedError) {
-				t.Errorf("failed to verify token; Expected: %v, but got: %v", tt.expectedError, err)
+				t.Errorf("Expected error: %v, but got: %v", tt.expectedError, err)
 			}
 		})
 
@@ -361,3 +372,12 @@ func loadPrivateKey() (*rsa.PrivateKey, error) {
 	}
 	return privateKey, nil
 }
+
+type mockHTTPResponse struct {
+	Response http.Response
+	Err      error
+}
+
+func (m *mockHTTPResponse) RoundTrip(*http.Request) (*http.Response, error) {
+	return &m.Response, m.Err
+}

firebase.go

@@ -135,6 +135,7 @@ func (a *App) Messaging(ctx context.Context) (*messaging.Client, error) {
 func (a *App) AppCheck(ctx context.Context) (*appcheck.Client, error) {
 	conf := &internal.AppCheckConfig{
 		ProjectID: a.projectID,
+		Opts:      a.opts,
 	}
 	return appcheck.NewClient(ctx, conf)
 }

go.mod

@@ -1,64 +1,64 @@
 module firebase.google.com/go/v4
 
-go 1.23.0
+go 1.24.0
 
 require (
-	cloud.google.com/go/firestore v1.18.0
-	cloud.google.com/go/storage v1.53.0
+	cloud.google.com/go/firestore v1.20.0
+	cloud.google.com/go/storage v1.56.0
 	github.com/MicahParks/keyfunc v1.9.0
 	github.com/golang-jwt/jwt/v4 v4.5.2
 	github.com/google/go-cmp v0.7.0
 	golang.org/x/oauth2 v0.30.0
-	google.golang.org/api v0.231.0
+	google.golang.org/api v0.247.0
 	google.golang.org/appengine/v2 v2.0.6
 )
 
 require (
-	cel.dev/expr v0.23.1 // indirect
-	cloud.google.com/go v0.121.0 // indirect
-	cloud.google.com/go/auth v0.16.1 // indirect
+	cel.dev/expr v0.24.0 // indirect
+	cloud.google.com/go v0.121.6 // indirect
+	cloud.google.com/go/auth v0.16.4 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
-	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/compute/metadata v0.8.0 // indirect
 	cloud.google.com/go/iam v1.5.2 // indirect
 	cloud.google.com/go/longrunning v0.6.7 // indirect
 	cloud.google.com/go/monitoring v1.24.2 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect
 	github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
-	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
 	github.com/zeebo/errs v1.4.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
-	go.opentelemetry.io/otel v1.35.0 // indirect
-	go.opentelemetry.io/otel/metric v1.35.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.35.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
-	go.opentelemetry.io/otel/trace v1.35.0 // indirect
-	golang.org/x/crypto v0.40.0 // indirect
-	golang.org/x/net v0.42.0 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
+	go.opentelemetry.io/otel v1.36.0 // indirect
+	go.opentelemetry.io/otel/metric v1.36.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.36.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
+	go.opentelemetry.io/otel/trace v1.36.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/text v0.27.0 // indirect
-	golang.org/x/time v0.11.0 // indirect
-	google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 // indirect
-	google.golang.org/grpc v1.72.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/time v0.12.0 // indirect
+	google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect
+	google.golang.org/grpc v1.74.2 // indirect
+	google.golang.org/protobuf v1.36.7 // indirect
 )