User can search for a potential credential leak (email + password) in a simple online web page.
1) User signs in using email + password, so we can map later his email and search pattern
2) When a user is logged in, it has access to the search bar.
Ps: for cost reason, I had to disable the search function for new users, as each BigQuery search costs 0.5$. Please ask me to unlock if you want to try the app.
3) The search query is sent to backend, which forward to BigQuery. Then the results, limited to 100 records, are displayed to user.
4) Backend records email + search + timestamp in the firebase database
Firebase project: first create a new Firebase project "gothacked". This will create a new google cloud project with the same name, which will store the Firebase infra
BigQuery: in my google cloud console, I selected the project "gothacked", and loaded the data using this guide. I ended up with a dataset
Where I could run local queries:
Credentials: because Firebase and BigQuery live in the same google project, Firebase backend functions don't need any additional credentials to access the data. Same for recording search history in the Firebase database
CI-CD is so straight forward: you just have to tell to which Firebase project you want to deploy with
firebase use $project, then deploy to cloud with
This side project taught me a lot about Firebase front/backend/database interactions.
I did not expect the ~0.5$ query cost on BigQuery, so this can't be open-sourced to many users. However, storing the data is inexpensive.
Other websites give you opportunities to check if your passwords have been revealed:
Thank you for reading :-) See you in the next post!