Monitoring, logging a Firestore rule error - firebase

I have an app in production environment with remote logging of the client side errors. I get now and then this Firebase (firestore) security rules error:
FirebaseError: Missing or insufficient permissions.
When I check on the rules console, I can see that those errors are actually reported, but I have now way to see which rule specifically has provoked the error. I have no way to trace back which part of my client side code is triggering this error.
Any suggestions to find it? Any log from the Google console where I can dive?

In production no details are logged anywhere about what specific part of your security rules failed.
The two most common approaches to finding this are based on "replaying" the scenarios in your app:
In the rules playground in the Firebase console.
In the emulator suite, and its debug function.
In both cases I find it easiest to use a divide and conquer approach, enabling/disabling large chunks of my rules at a time to zoom in on what check might be rejecting the operation.

Related

How to connect fitbit sdk to firestore database?

I'm trying to set up an app using the Fitbit SDK, which I want to use to pull data down from my firestore database to the companion app in the fitbit application. However I am encountering an issue. The code is returning the following errors:
[15:29:50] Companion: Uncaught (in promise) TypeError: Cannot read property 'getEntriesByType' of undefined
new dn at node_modules/#firebase/webchannel-wrapper/dist/index.js:66,585
new Gn at node_modules/#firebase/webchannel-wrapper/dist/index.js:82,64
new gr at node_modules/#firebase/webchannel-wrapper/dist/index.js:95,30
pr.g at node_modules/#firebase/webchannel-wrapper/dist/index.js:94,385
Ao.ho at node_modules/#firebase/firestore/dist/index.esm2017.js:12548,19
Oo.Ko at node_modules/#firebase/firestore/dist/index.esm2017.js:13025,9
Oo.Uo at node_modules/#firebase/firestore/dist/index.esm2017.js:12978,23
? at node_modules/#firebase/firestore/dist/index.esm2017.js:12968,13
[15:30:00] Companion: [2022-08-04T14:30:00.245Z]
#elixr firebase
/firestore: Firestore (9.9.1): Could not reach Cloud Firestore backend. Backend didn't respond within 10 seconds.
This typically indicates that your device does not have a healthy Internet connection at the moment. The client will operate in offline mode until it is able to successfully connect to the backend. (node_modules/#firebase/logger/dist/esm/index.esm2017.js:78,9).
Which I can't seem to find a fix for online. The added complexity is with the environment for developing the code for this app is somewhere between node.js and web 9, so when looking at the docs on the website I have to use a mixture of the two guides to try figure out how to get it to work. The additional awkard part about this is that firestore doesn't enable app check for something that's neither iOS, Android or Web, while this could technically pass as a web app, I would need to somehow register a website just to get the recaptcha key from to then enable app check. But would have no way to verify the user each time using app check.
Is this even possible to do, as there's no docs on either end of fitbit or firebase to help in this sort of situation. I had though of potentially using direct websockets but don't know the restrictions on that kind of data transfer.
Does anyone know a work around/ how to remedy this?

Cloud Firestore serving outdated data

In the last day, I have started having trouble with Cloud Firestore serving outdated data to my Flutter app running on android. I tried clearing the cache for the app, uninstalling/reinstalling with no success. Still Firestore kept serving the outdated data. Then I tried disabling persistence with the persistenceEnabled: false at startup. It stopped serving the outdated data, but now it doesn't return current data that should be returned! Any suggestions to check what might be going on?
Edit: I should mention that this is happening on a collectionGroup query for which the index has been built. I've checked the database rules, and there are not any denies or errors resulting from this query.
Turns out I changed one of my Collection group queries recently and needed to update the index. So if you have Cloud Firestore queries that are acting erratic like mine was, check out your logcat or console log for an error like this:
Unhandled Exception: [cloud_firestore/failed-precondition] Operation was rejected because the system is not in a state required for the operation's execution. If performing a query, ensure it has been indexed via the Firebase console.
Firestore is supposed to provide a URL to build the appropriate index, but in my case the URL did not appear so I had to add it manually.

How to do logging with firebase and google cloud?

I'm using simply console.log('some flag', someObject) on Google Cloud and functions.logger.log('some flag', someObject) on firebase functions.
The problem is that both Firebase's admin panel logs page and Google Cloud's logs page makes this hard to read. Logs are getting split into lines. If my log had line breaks, then each line will be displayed as a separate log. Moreover, Google Clodu clearly has some kind of racing conditions when it comes to recording logs, as my logs are often displayed in the wrong order.
An obvious solution would be console.log('some flag', JSON.stringify(someObject)), but this makes logs hard to read in a different way. Now I have to copy the stringified object and JSON.parse it somewhere in browser console to make it readable.
What is the right way of writing logs in Firebase and Google Cloud?
The Cloud Functions logger SDK provides a standard interface that has a similar api to console.log statements and supports other log levels. You can use this SDK to log events with structured data, enabling easier analysis and monitoring.
The logger SDK supports log entries as part of a wildcard import. For example:
const functions = require("firebase-functions");
functions.logger.log("Hello from info. Here's an object:", someObj);
For Firebase Cloud Functions is better to use functions:logger to write logs and for reading logs use the command
firebase functions:log from CLI

Getting firestore usage stats from firebase client libraries

I am trying to identify the reason for an abnormally high firestore read count in my android and web app.
If there was a way to profile firestore, I could get an idea of which collection, or which user is causing this high read count, but currently there is no way to profile firestore.
I added a log entry to my android and web apps to log the read count to a remote server, so I can troubleshoot the issue. But this log doesn't match the actual read count I see in the firestore console, so it looks like I have missed to log some places where firestore is queried.
The reason why firestore hasn't provided a way to profile firestore is because it is technically difficult for them to do it with the high load, as I read somewhere. But, it shouldn't be hard to track the usage at client library level.
Does anyone know a way to get the usage statistics out of the firestore client library? Or any other way to troubleshoot this issue?
There is currently no profiler. Please contact Firebase support and file a feature request to vote for this. Also, they might be able to help you understand the traffic.

Firestore Rules > Determine which collection / rule is failing

Is there any way to see the specific collection / rule that is failing in Firestore? I've looked in firestore-debug.log (running on localhost) as well as in the Firebase UI. Firestore logs the error to the console, but does not include the information I need to debug the permissions:
Firebase intentionally does not disclose information about what rule is failing, as it would give malicious users information you don't want them to have.
The best information is typically available in the emulator in the Firebase console, which tells you what specific rule has failed.
Error messages delivered to the client SDK will never show the root cause of the rejection, as that would reveal something about the security measure to a potential attacker.
If you want to test and debug your security rules locally before you deploy, you can use the Firebase emulator suite to get detailed information about how your rules are working with client code that would make queries against them.
https://firebase.google.com/docs/firestore/security/test-rules-emulator
https://firebase.google.com/docs/rules/emulator-setup

Resources