I am using firebase to host 3 different sites. The idea is to have 2 different admin sites that would be managed by 2 different admins. Is there a way I can make admin user to only access admin-site-1 and not admin-site-2?
You could deploy multiple sites on firebase hosting (2 admins + 1 client), but keep in mind that since all sites belong to the same project, they will still connect to the same Firestore database and/or the same Authentication service. You won't have separate resources per site.
I would approach this requirement by using custom roles along with security rules to control admin access on each site. Look for Firebase CodeLab and YouTube channel, there is ton of content out there on how to code this.
Related
I am currently working on SAAS Application, where the world wide users can authenticate to our system.We are in research between AWSCognito and Firebase authentication.I was able to see AWSCognito user pools can be made available across multi-regions by replicating the user pools in needed regions so that the world wide users can authenticate with very low latency.In case of Firebase ,there is an option from multi-region but not suits for my use case.our targeting areas are IND,AUS,US and UK.So, can anyone suggest me to do a proper architecture for this use case ?
Firebase Authentication stores user data in a single global pool.
The data is replicated across the worldwide automatically across Google infrastructure, but there is no way for you to control regional shards for your users in Firebase Authentication. So if that is a requirement for your application, you'll need to use another system.
I am looking to host multiple sites using firebase but have read something that could cause problems.
Each custom domain is limited to having 20 subdomains per apex domain, due to SSL certificate minting limits.
https://cloud.google.com/storage/docs/hosting-static-website
I was hoping to use subdomains, e.g. a.example.com, b.example.com ...etc.
This limit of 20 domains seems quite restrictive and I have some questions
If I create separate projects for each subdomain does this limit still apply? e.g. have 1 firebase project with a hosting site for a.example.com and have a entirely separate firebase project for hosting b.example.com.
I have also read you can hosting using cloud storage and a load balancer. https://cloud.google.com/storage/docs/hosting-static-website. Does this provide an automatic certificate or is it manual?
Does the limit of 20 subdomains apply only to firebase hosting or does it also apply to hosting via cloud storage and a load balancer?
Thanks
This limit is per project, so if you put different domains on different projects they are not affected by it.
The documentation seems to describe the process pretty well: https://cloud.google.com/storage/docs/hosting-static-website#lb-ssl
This limit applies to Firebase Hosting only. Other products may have their own limits of course, but those would be listed in the documentation for that product.
I want to be able to add domains to Firebase hosting with the API instead of the web UI, is that possible?
I want to add potentially hundreds of domains, is there a domain limit per project in Firebase?
As far as I can tell from the entire CLI documentation, there isn't any way to do this.
Lets take a step back and consider what the web UI process involves i.e. the generation of a TXT record to add to your DNS records, after verifying the presence of said TXT record on the domain, providing A records that you (authorized owner) add to allow redirecting to your firebase hosted site.
In my opinion, this very manual back and forth is necessary as a security measure. The only way it is taken out of the equation via the CLI is by providing a means for you to authenticate ownership of a domain (registered with any one of many domain registrars), and being granted authorization to change your A records. These are both outside the scope of Firebase, and could potentially introduce severe security flaws. Regardless, even if it existed, it would still have to be step-by-step and somewhat manual via CLI rather than the single command it sounds like you're looking for.
It is not possible to add custom domains automatically through an API at this time.
Nor would it allow you to create a reseller or multi-tenant project (i.e. connect a large number of domains or subdomains dynamically) since you cannot connect more than about 36 domains connected to one project.
It's possible to add domains using Firebase Hosting Rest Api. I am not sure why they didn't put it on their official website but I checked today and it works. https://developers.google.com/resources/api-libraries/documentation/firebasehosting/v1beta1/java/latest/com/google/api/services/firebasehosting/v1beta1/FirebaseHosting.Sites.Domains.html
Answer that I've received from Firebase support:
There is no API yet that would allow you to add custom domains, it was
requested as a feature before but unfortunately we have no more
information on that - so for now, only the Console UI allows you to do
it.
When it comes to the limits, in a project, a custom domain is
attached to a site - there can be 36 sites per project, and for one
site there is no hard limit, but we recommend not exceeding 20 custom
domains. You can experience technical issues with SSL certs when you
exceed 20 domains per site, which we won’t be able to troubleshoot
since the system was not designed for such use cases.
I need Hide the URL of an embedded video to prevent anyone from accessing the video outside of my domain.
What I want to use Firebase Storage for, is to store and stream the videos which ONLY paid users logged into my site can access.
Is there any way I can hide the URL so that people can only access the videos from within my web page in wordpress?
Thanks!
As Doug said in his comment, it is impossible to completely hide a download URL. There are complicated ways to obscure it, but I would recommend you avoid going down that rabbit hole - none are foolproof.
Instead, you should implement your security using Firebase Storage's built-in security rules - the situation you are describing is EXACTLY what this feature is designed to accomplish. You can put a rule in place that only users who have purchased the course (meaning, they have that video's identifier under their account in the database) are granted access... and you can even limit access to your project (see steps in answer #1) to specific domains.
There are a ton of great resources out there for you to reference while learning how the security rules work. First would be the docs I linked earlier, but they also have some pretty good official Firebase Youtube videos on the subject of rules.
If you are talking about having the videos stored in Firebase, hopefully you are planning to use the rest of Firebase's back-end features... because the ONE BIG ISSUE with this suggestion is that it relies on you using Firebase's built-in authentication. If your users are already logging into your site via an established non-Firebase system you've added to your Wordpress site, then I'm afraid this solution won't be so simple. Not impossible, but not as simple. If that's the case, you will need to pass the customer information to Firebase to login to a duplicated customer account, even if the end user doesn't realize they are being logged in to Firebase, and THEN they will have that special auth token that Firebase security uses to identify & grant access with the security rules.
I have a saas platform I'm building and I'm currently struggling with how to model my auth flow. The system is going to be multiple multi-tenant applications but I would like to unify user authorization & authentication. Basically, each US State will have its own web app/resource server/database and every county in that state will be a separate tenant. I cannot combine all states into one application, so that is not an option.
I would like to throw all users and their information/password into one database connected to my auth service. But each county (tenant) admin within each state (web app) needs to be able to add & manager their users and their roles. So the auth service needs to be aware of all the different tenants across each application. I also need to be able to link items created in each database to the user that created it. If I create object "X" and another user in my county views that item, they can see "Kovaci" created this.
I also do NOT want SSO between states but if possible I would like users to be a part of multiple tenants within one app (not a requirement though). Native iOS/Mobile apps are another client I need to support with this flow.
I used this bitoftech article to base off of: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/comment-page-1/#comments
And here is my paint quick mockup: multi saas design
My question is just generally how do I design this auth part? Can I store all users in one auth db like my goal? If so, how do tenant admins manage them and how do I link tables in my separate app db's to the users' current info in the auth db?