Apple app attest and google play integrity

[niteshbalusu11]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @niteshbalusu11, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a comprehensive app integrity verification system for both Apple and Google platforms. The primary goal is to prevent malicious activity by ensuring that requests originate from legitimate app instances. The system integrates attestation checks into the user registration process, collecting and verifying device integrity data without blocking users, instead logging failures for later analysis.

Highlights

• App Integrity Implementation: Introduced comprehensive app integrity verification for both Apple App Attest and Google Play Integrity to prevent malicious activity and ensure requests originate from legitimate app instances.
• Client-Side Attestation Logic: Added new client-side hooks and integrated the attestation process into the user registration flow, utilizing react-native-secure-enclave-operations for platform-specific attestation.
• Server-Side Attestation Verification: Implemented new Rust modules on the server to verify attestations from both iOS and Android, including JWT creation, token decoding, and environment detection.
• Database Schema and Configuration Updates: Added a new device_attestations table to store attestation results and introduced new server configuration variables for Apple and Google attestation parameters.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces app integrity checks using Apple App Attest and Google Play Integrity, which is a significant security enhancement. The implementation is comprehensive, covering client-side logic, server-side verification, database storage, and configuration. The code is well-structured into separate modules for iOS and Android attestation. My main feedback points are about some code duplication in the registration route that can be refactored, a hardcoded value that should be configurable for better security, and a suggestion to improve a function signature for better maintainability. I've also noted a minor issue in the documentation file. Overall, this is a solid implementation of a critical security feature.