A comprehensive Chrome Extension (MV3) + Next.js website system that provides AI-powered fact-checking for social media posts on Twitter/X, Instagram, and Facebook.
This system consists of three main components:
- Chrome Extension (MV3): Content script that injects fact-check buttons into social media posts, background service worker for API communication, and popup for user management
- Next.js Website: User authentication, billing management, and API endpoints for fact-checking and image extraction
- Firebase & Firestore: User authentication, session management, and user data storage
- Multi-Platform Support: Works seamlessly on Twitter/X, Instagram, and Facebook
- Google Prompt API: Extracts claims and sends to Google Gemini 2.5 Flash Lite for analysis
- AI-Powered Fact Checking: Uses Google Gemini 2.5 Flash Lite for intelligent claim verification
- Image Text Extraction: Extracts and analyzes text from images using Gemini Vision API
- Source Grounding: Automatically finds and verifies sources using Google Search grounding
- Credibility Scoring: Provides detailed credibility ratings (1-10) for claims and overall posts
- Interactive Results: Beautiful overlay UI showing detailed analysis with expandable claims
- Firebase Authentication: Google OAuth sign-in integration
- Session Management: Secure session cookies for cross-origin requests
- Extension Integration: Seamless authentication flow between extension and website
/website # Next.js 14 application
app/
api/
auth/ # Authentication endpoints (unified, session, jwt, refresh, logout, finalize)
ext/ # Extension-specific endpoints
fact-check/ # Main fact-checking API endpoint
image-extraction/ # Image OCR and text extraction
me/ # User information and limits endpoints
users/ # User registration endpoint
auth/ # Authentication page
billing/ # Billing and plan management page
login/ # Login page
page.tsx # Home/landing page
lib/
auth.ts # JWT and Firebase token verification
auth-helpers.ts # Authentication helper functions
auth-utils.ts # Session cookie verification utilities
cors.ts # CORS wrapper for API routes
firebaseAdmin.ts # Firebase Admin SDK initialization
firebaseClient.ts # Firebase Client SDK initialization
jwt.ts # JWT token signing and verification
/extension # Chrome Extension (MV3)
background.js # Service worker handling API calls and Prompt API bridge
content.js # Content script for injecting fact-check buttons and UI
popup.js # Popup interface for user status and statistics
popup.html # Popup HTML structure
manifest.json # Extension manifest configuration
icons/ # Extension icons (16px, 48px, 128px)
styles.css # Extension styling
README.md # Extension-specific documentation
- Node.js 18+ and npm
- Chrome browser for extension development
-
Clone the repository:
git clone <repository-url> cd factify
-
Install website dependencies:
cd website npm install -
Configure environment variables:
Create
website/.env.localwith:# Firebase Admin SDK FIREBASE_PROJECT_ID=your-project-id FIREBASE_CLIENT_EMAIL=your-client-email FIREBASE_PRIVATE_KEY=your-private-key # Firebase Client SDK NEXT_PUBLIC_FIREBASE_API_KEY=your-api-key NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=your-auth-domain NEXT_PUBLIC_FIREBASE_PROJECT_ID=your-project-id NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET=your-storage-bucket NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID=your-sender-id NEXT_PUBLIC_FIREBASE_APP_ID=your-app-id # Application GEMINI_API_KEY=your-gemini-api-key APP_JWT_SECRET=your-jwt-secret NEXT_PUBLIC_APP_URL=http://localhost:3000
-
Load the extension:
- Open Chrome and navigate to
chrome://extensions/ - Enable "Developer mode"
- Click "Load unpacked"
- Select the
extensionfolder - Update
API_BASE_URLinextension/background.jsto match your deployment
- Open Chrome and navigate to
-
Run the website:
cd website npm run dev
- Content Script Detection: The extension detects which platform (Twitter/Instagram/Facebook) the user is on
- Button Injection: Adds "Fact Check" buttons to all visible posts using platform-specific selectors
- Post Extraction: Extracts post text, images, and metadata when user clicks the button
- Image Processing: Converts images to base64 and extracts text using Gemini Vision API
- Claim Extraction: Uses Prompt API (LanguageModel) to identify 2-3 verifiable claims from the text
- Fact-Checking: Sends claims to Gemini API with Google Search grounding to find sources and verify claims
- Result Display: Shows interactive overlay with overall rating, individual claim analysis, and source citations
- Extension Sign-In: User clicks "Sign In" in extension popup
- Website Redirect: Extension opens website login page
- Google OAuth: User completes Google sign-in on website
- Session Creation: Website creates Firebase session cookie
- User Registration: New users are automatically registered in Firestore with unlimited fact checks
- Extension Authentication: Extension uses session cookies for API authentication
- Authentication: Multiple endpoints supporting Firebase ID tokens, session cookies, and JWTs
- Fact-Checking:
/api/fact-check- Main endpoint that processes text and claims - Image Extraction:
/api/image-extraction- OCR and text extraction from images - User Management:
/api/meand/api/me/limits- User info and usage tracking - CORS: Configured to allow requests from Chrome extensions and the website domain
{
"uid": "user123",
"email": "user@example.com",
"plan": "pro",
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z"
}{
"uid": "user123",
"count": 3,
"date": "2024-01-01",
"updatedAt": "2024-01-01T12:00:00Z"
}- Firestore Security: All client access denied; server uses Firebase Admin SDK only
- CORS Protection: Strict CORS configuration for extension and website domains
- Session Cookies: HttpOnly, Secure cookies for cross-origin requests
- Token Expiration: JWT tokens expire after 24 hours; session cookies after 14 days
- Input Validation: All API inputs are validated and sanitized
- Quota Enforcement: Server-side quota checking prevents abuse
The extension consists of three main parts:
- Content Script (
content.js): Detects platform, injects buttons, extracts post data, displays results - Background Service Worker (
background.js): Handles API calls, image fetching, Prompt API bridge - Popup (
popup.js): Shows user status, statistics, and sign-in/upgrade options
Built with Next.js 14 App Router:
- API routes in
app/api/directory - Server components and client components separated
- TypeScript for type safety
- Firebase Admin SDK for server-side operations
- Authentication: Test extension login → website OAuth → session creation
- Fact-Checking: Verify claim extraction, source finding, and result display
- Image Extraction: Test OCR functionality with various image types
- Quota Limits: Verify free user limits and Pro user unlimited access
- Connect GitHub repository to Vercel
- Configure all environment variables in Vercel dashboard
- Deploy automatically on push to main branch
- Update extension
API_BASE_URLto production URL
- Build and test extension locally
- Create Chrome Web Store developer account
- Zip extension files (excluding node_modules, .git)
- Submit to Chrome Web Store for review
- Buttons not appearing: Check browser console, verify platform detection, refresh page
- Authentication fails: Verify API_BASE_URL, check session cookies are enabled
- API errors: Check network tab, verify API endpoint is accessible
- Authentication errors: Verify Firebase configuration and environment variables
- API 500 errors: Check server logs, verify Gemini API key and Firebase credentials
- CORS errors: Verify origin is whitelisted in CORS configuration
MIT License - see LICENSE for details.