chore(openiap): apply security improvement pass#156
Conversation
Update the GraphQL API schema for the cross-platform purchase and verification work before committing generated outputs and implementations.
Update codegen metadata and regenerated platform type outputs after the schema changes.
Update Apple package implementation, wrappers, examples, and release scripts for the shared API changes.
Update Google package implementation, examples, build scripts, and release helpers for the shared API changes.
Update framework SDK implementations, examples, tests, and build scripts for the shared purchase API changes.
Tighten Kit API validation, request handling, Convex sync behavior, and dashboard handling with focused test coverage.
Update documentation pages, version references, generated llms files, and docs deployment helpers.
Refresh internal guidance, release notes policy, docs consistency details, and compiled assistant context.
Add MCP response redaction and tests around Kit client output handling.
Refresh CI and release workflows, version sync tooling, deployment scripts, and related root automation.
|
Important Review skippedToo many files! This PR contains 286 files, which is 136 over the limit of 150. To get a review, narrow the scope: ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (14)
📒 Files selected for processing (286)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
hyochan
added
cross-platform
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request performs a comprehensive synchronization and refactoring across all OpenIAP framework libraries (Expo, Flutter, Godot, KMP, and MAUI). Key changes include centralizing version management by reading directly from openiap-versions.json and native build files, implementing sensitive data redaction in logs, and updating documentation links to align with the new openiap.dev structure. The PR also updates core dependencies to Kotlin 2.2.0 and AGP 8.13.2 while refactoring Android build logic for better maintainability. Feedback for the flutter_inapp_purchase Android implementation suggests avoiding aggressive connection termination in onDetachedFromActivity to prevent background update issues. Additionally, the reviewer notes that repurposing existing alternative billing methods for specific programs breaks consistency across packages and recommends using non-deprecated native methods.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request synchronizes dependency versions and documentation links across the monorepo, refactors build scripts for better maintainability, and removes legacy Amazon IAP support from the Flutter library. It also introduces a GV Cloud Workspace Policy and enhances the Expo and MAUI libraries with improved logging, error handling, and support for advanced purchase features. Feedback was provided to address potential precision loss in currency formatting within the Onside module, ensure robust error messages in the KMP library by restoring a null fallback, and correct string serialization in the MAUI iOS bridge to avoid issues with literal quotes.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request standardizes all OpenIAP framework libraries by centralizing dependency versions and aligning documentation links. It includes significant cleanups, such as removing legacy Amazon IAP support in Flutter and the independent Expo example in React Native, and introduces a new GV Cloud Workspace Policy. Review feedback identifies critical security risks introduced by removing token truncation in example UIs and logs. Additionally, the reviewer noted potential crashes in Android error handling for Flutter and KMP due to unsafe type assumptions, and a possible null pointer exception in KMP's purchase logic following the removal of a type fallback.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements a comprehensive standardization of version management and cross-platform behavior across the OpenIAP monorepo, affecting the Expo, Flutter, Godot, KMP, and .NET MAUI libraries. Key changes include centralizing Android SDK and dependency versions, improving internal logging mechanisms, and updating all documentation to point to the unified openiap.dev site. Review feedback identifies a critical missing cast in the KMP iOS implementation that would cause a build failure and suggests making regex-based version parsing more robust. Furthermore, security concerns were raised regarding the exposure of full purchase tokens in example app logs, recommending the restoration of truncation or redaction for sensitive data.
|
/gemini review |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Code Review
This pull request synchronizes and modernizes the OpenIAP ecosystem across Expo, Flutter, Godot, KMP, and MAUI. Key changes include centralizing Android SDK versions, updating documentation links to openiap.dev, standardizing logging with sensitive data masking, and adding support for advanced iOS subscription features in Flutter and KMP. Native bridges were also improved for better robustness. Feedback recommends ensuring main-thread execution for Flutter method channel calls and suggests mapping null values to NSNull in the KMP iOS bridge to maintain key presence for native consumers.
|
/gemini review |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Code Review
This pull request executes a broad synchronization of dependency versions and documentation across all OpenIAP libraries, centralizing Android SDK management and updating references to the official documentation. Key technical updates include the adoption of payload-based purchase requests on iOS to support advanced offer fields and the removal of redundant example projects. Review feedback highlights a high-severity security regression in the Flutter library where sensitive token masking was removed, a critical bug in the KMP library's Objective-C bridge regarding recursive collection conversion, and a potential logic failure in the Android plugin due to the removal of product type inference.
|
/gemini review |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Code Review
This pull request implements a comprehensive update across the OpenIAP monorepo, focusing on dependency upgrades, documentation refinement, and architectural standardization. Key improvements include centralized Android SDK version management for the Expo, Flutter, and KMP libraries, the removal of legacy Amazon IAP support from the Flutter plugin, and enhanced iOS bridge logic to support advanced subscription features. The PR also introduces a new GV Cloud Workspace Policy and improves logging security by redacting sensitive data in example apps. Review feedback identifies opportunities to better align with the repository's naming conventions by removing redundant "Android" suffixes from native function calls in the Android implementations. Additionally, it is recommended to represent null values as "NSNull.Null" in the MAUI iOS bridge to ensure consistency across SDKs.
|
/gemini review |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Code Review
This pull request implements a major refactor across the OpenIAP monorepo to centralize version management, standardize documentation links, and streamline build processes for Expo, Flutter, Godot, KMP, and MAUI. Key updates include the removal of legacy Amazon IAP support from the Flutter library, the migration of the React Native Expo example to the standalone expo-iap package, and the introduction of a mandatory GV Cloud Workspace Policy. Reviewer feedback consistently identifies a security regression across multiple example applications where sensitive identifiers like purchaseToken and externalTransactionToken are now displayed in full in the UI and logs rather than being truncated.
| 0, | ||
| 20, | ||
| )}...\n\n⚠️ Important:\n1. Report token to Google Play within 24 hours\n2. Process payment on your external site`, | ||
| }\nToken: ${details.externalTransactionToken}\n\n⚠️ Important:\n1. Report token to Google Play within 24 hours\n2. Process payment on your external site`, |
There was a problem hiding this comment.
Displaying the full externalTransactionToken in the UI is a security risk. It's better to display a truncated version, as was done previously, or not display it at all in a real application.
| }\nToken: ${details.externalTransactionToken}\n\n⚠️ Important:\n1. Report token to Google Play within 24 hours\n2. Process payment on your external site`, | |
| }\nToken: ${details.externalTransactionToken.substring(0, 20)}...\n\n⚠️ Important:\n1. Report token to Google Play within 24 hours\n2. Process payment on your external site`, |
| <Text style={styles.value}> | ||
| {selectedSubscription.purchaseToken} | ||
| </Text> | ||
| <Text style={styles.value}>{selectedSubscription.purchaseToken}</Text> |
There was a problem hiding this comment.
Displaying the full purchaseToken in the UI is a security risk. Please consider masking it or showing only a portion of it.
| <Text style={styles.value}>{selectedSubscription.purchaseToken}</Text> | |
| <Text style={styles.value}>{selectedSubscription.purchaseToken ? `${selectedSubscription.purchaseToken.substring(0, 10)}...` : 'N/A'}</Text> |
| User selected alternative billing | ||
| Products: ${details.products.join(', ')} | ||
| Token: ${details.externalTransactionToken.substring(0, 20)}... | ||
| Token: ${details.externalTransactionToken} |
There was a problem hiding this comment.
Displaying the full externalTransactionToken in the UI is a security risk. It's better to display a truncated version, as was done previously.
| Token: ${details.externalTransactionToken} | |
| Token: ${details.externalTransactionToken.substring(0, 20)}... |
| Purchase Token: $truncatedToken... | ||
| Date: ${purchase.transactionDate} | ||
| Receipt: $receiptStatus | ||
| Purchase Token: $tokenStatus |
There was a problem hiding this comment.
Displaying the full purchaseToken in the UI is a security risk. Please consider masking it or showing only a portion of it.
| Purchase Token: $tokenStatus | |
| Purchase Token: ${tokenStatus.length > 10 ? '${tokenStatus.substring(0, 10)}...' : tokenStatus} |
| const SizedBox(height: 4), | ||
| Text( | ||
| 'Token: ${subscription.purchaseToken!.substring(0, subscription.purchaseToken!.length > 20 ? 20 : subscription.purchaseToken!.length)}...', | ||
| 'Token: ${subscription.purchaseToken}', |
There was a problem hiding this comment.
Displaying the full purchaseToken in the UI is a security risk. Please consider masking it or showing only a portion of it.
| 'Token: ${subscription.purchaseToken}', | |
| 'Token: ${_currentActiveSubscription!.purchaseToken!.substring(0, 10)}...', |
| offer.offerToken.length > 30 | ||
| ? '${offer.offerToken.substring(0, 30)}...' | ||
| : offer.offerToken, | ||
| offer.offerToken, |
There was a problem hiding this comment.
Displaying the full offerToken in the UI is a security risk. Please consider masking it or showing only a portion of it, as was done previously.
| offer.offerToken, | |
| offer.offerToken.length > 30 | |
| ? '${offer.offerToken.substring(0, 30)}...' | |
| : offer.offerToken, |
| if not offer_token.is_empty(): | ||
| props.request.google.offer_token = offer_token | ||
| print("[IAPManager] Using offer token: %s" % offer_token.substr(0, 20) + "...") | ||
| print("[IAPManager] Using offer token: %s" % offer_token) |
There was a problem hiding this comment.
Displaying the full offer_token in the logs is a security risk. It's better to display a truncated version, as was done previously.
print("[IAPManager] Using offer token: %s" % offer_token.substr(0, 20) + "...")
Summary
Test plan