It looks like there is a service for logging all read/write operations in Firestore:
https://cloud.google.com/firestore/docs/audit-logging
I have billing enabled, as well as the Cloud Storage for Firebase API with read/write data access. (the api keys are also ip restricted, so that the db won't be abused)
IAM -> Audit Logs
In cloud logs, I perform this query:
logName=("projects/{my-project}/logs/cloudaudit.googleapis.com%2Fdata_access" OR "projects/{my-project}/logs/cloudaudit.googleapis.com%2Factivity")
But I still can't see any of the read/write operations.
Are the queries wrong? Anything else?
For Firestore, enable the Audit Logs under Firestore/Datastore API in the IAM -> Audit Logs page.
Cloud Storage for Firebase API does not apply to Firestore.
Related
V limited operations are seen in logs like create DB instance and List instances. How to see all read/write operations for Realtime DB in Cloud Logging.
if I turn off wifi and then close the app, didChangeAppLifecycleState() will try to set the status to 'offline' in Firestore, but as wifi is off Firestore can't set the status to offline... So, other users of the app will see that user 'online'. How can I fix this?
Firestore has no built-in capability to write something in the database after the client has disconnected. In fact, most databases don't have such a capability.
One exception is Firebase's other database: the Realtime Database, which has so-called onDisconnect handlers, which are delayed write instructions that you to the database when you are connection, and which the database then executes once it detects that the connection is gone.
You can combine the Realtime Database with Firestore as shown in the links below.
See:
The FlutterFire documentation on onDisconnect handlers.
The Firebase documentation on building a presence system with the Realtime Database.
The Firebase documentation on connecting Realtime Database and Firestore to get presence information into Firestore too.
I was wondering how to to secure firebase auth. I plan on using firebase JUST for user authentication (not using firestore or realtime db). Since the API key is exposed on the client, my fear is that a malicious user can find the key and start using it inappropriately. So far I've done the following to try to improve security:
Limit key use to a specific domain
Restrict the key to only be able to use "Identity Toolkit API"
Is there anything else I should do here?
My application should be the only one able to use my credentials to access the Firebase API.
For any app where you access a cloud based API directly from within the client-side application code, that is going to be a myth. The closest you can get within Firebase these days is with App Check, but that isn't available for Authentication calls at the moment.
Part of the reason for this is that the authentication API is quite well protected on its own already, and most abuse will actually not affect you as a developer very much. E.g. (ignoring phone auth) there is no charge for account creation, sign in, and any other operations.
I highly recommend checking:
Is it safe to expose Firebase apiKey to the public?
The documentation on API keys in Firebase.
The documentation on Firebase's security rules, which is how you can protect the Firestore and Realtime databases, and files in Cloud Storage.
The documentation on Firebase App Check, which reduces abuse for Realtime Database, Cloud Storage, Cloud Functions, and Firestore at the moment.
More of these previous questions on allowing only you app to access Firebase
How do to enable data access log and audit log for Firebase. In GCP Platform, I am able to see audit log and data access log for cloud datastore. How do we enable the same in firebase?
I have few tables in firebase, client is complaining of few calls not being serviced and has got the error in connecting. 3 requests failed out of 821 requests.
This feature is available for firebase firestore now.
https://cloud.google.com/firestore/docs/audit-logging
Need to enable IAM audit log for Firebase API and that helps in tracking the firebase activities.
There is no accessible data access log for the Firebase Realtime Database. If you can reproduce the problem, you might want to reach out to Firebase support to see if they can find the missing client calls in their logs.
I just deleted my flutter app from firebase console , but it is still working and changing data in the realtime database.
Can anyone tell me how its still connected with the firebase?
Thanks
According to Firebase documentation, when you delete an app:
Corresponding API keys or OAuth clients are NOT deleted. You can clean
up the API keys or OAuth clients in the Google APIs console
credentials page. Deleting these resources will break installed
applications: your users will no longer be able to authenticate or
sign in.
Access to the realtime database is not limited to apps that are registered in the Firebase console. Any code that has the proper configuration for your database, can try to access that database. If you want to be more selective in who can access the database, you will need to do this with Firebase's server-side security rules, typically in combination with Firebase Authentication.