search

aws-amplify / amplify-ui

Amplify UI is a collection of accessible, themeable, performant React (and more!) components that can connect directly to the cloud.
https://ui.docs.amplify.aws
Apache License 2.0
800 stars 271 forks source link

FR(liveness): Document how to secure the `FaceLivenessDetector` component #4316

Closed gustavovalverde closed 1 year ago

gustavovalverde commented 1 year ago

On which framework/platform would you like to see this feature implemented?

React

Which UI component is this feature-request for?

Liveness

Please describe your feature-request in detail.

As of now, the documentation has this example to initialize Amplify on the client side:

import React from 'react';
import { ThemeProvider } from '@aws-amplify/ui-react';
import { Amplify } from 'aws-amplify';
import '@aws-amplify/ui-react/styles.css';
import awsexports from './aws-exports';

Amplify.configure(awsexports);

export default function App() {
  return (
    <ThemeProvider>
    </ThemeProvider>
  );
}

For this to work all the credentials used to connect to Amplify are exposed in the aws-exports.js file, like:

If someone forks our project, they can use and abuse our AWS account. And we haven't found an example on the Amplify documentation on how to avoid this.

Please describe a solution you'd like.

Documentation on how to implement this using a public repository, which is being used in production.

We love contributors! Is this something you'd be interested in working on?

reesscot commented 1 year ago

@gustavovalverde When setting up your Amplify project with Amplify CLI, the aws-exports.js files is Git ignored by default. You should not be including this file in your Git repo. Amplify Hosting will automatically handles generating this file.

gustavovalverde commented 1 year ago

Hi @reesscot, I do get that, but this does not solves the problem.

The main subject is: How do I connect to Amplify to use FaceLivenessDetector without exposing the credentials to connect to it? If I remove this information from the repo and build my Next.js application, my frontend can't connect to Amplify as it's missing the file.

We can't find a documented workaround for this.

reesscot commented 1 year ago

@gustavovalverde How are you hosting your Next.js application? Are you using Amplify Hosting?

If not, then you'll need to run amplify pull with your appid / environment / etc in your CI/CD pipeline to generate the aws-exports.js file. See: https://docs.amplify.aws/cli/commands/pull/

gustavovalverde commented 1 year ago

@reesscot We're not using Amplify Hosting, we're hosting ourselves and using Liveness from our infrastructure. I think amplify pull might be what's missing.

Note: I don't think we would have found this solution by ourselves, as this approach is not mentioned through the different Liveness (nor Amplify [?]) tutorials and setup documentations.