Good night.
May someone help me?
I'm trying to upload data throught arduino and SIM800L to firebase, I have seen one tutorial in github but It didn't work for me, I have done a code to upload data to thingspeak db and it works with url using get method, If I put this in the navigator i see the data in thingsepak:
https://api.thingspeak.com/update?api_key=API_KEY&field1=0DATA1&field2=-0DATA2&field3=0DATA3
So in thingspeak I'm going to see in field1:DATA1, field2:-DATA2, field3:DATA3
Is It possible to make the same with firebase?
For example:
https://api.firebaseio.com/update?api_key=API_KEY&field1=0data1&field2=0
Sorry for my english
Kind regards,
Thanks!
Firebase Realtime Database has a REST API that you can access using any modern HTTP client.
Some of the operations will not work if you are just using a web browser to enter a URL. If you want something that allows you to write data purely by URL, you will have to build that API yourself.
Related
so I am having a bit of trouble understanding webhooks.
I am working with Vue.js and Axios and am trying to see if there's a way to store data in a firebase database when a webhook changes (i am using picqer webhooks) but I cannot figure out how to do this as looking at a webhook looks like more of a serverside (possibly php?)thing.
is there someone out there that could teach me how to either make a script that looks at the webhook and if it changes 24/7
or explain how they work in php and how I can easily store that data in a firebase database
The problem
I am following a Vue.js 3 tutorial on youtube and I tried to implement the app shown in this video.
Then I started improving it a bit at a time. You can view my project here.
One of the main features I am trying to add is a Hall of Fame component in which you can view the best ten scores of anyone who plays. You can submit your score just after finishing the game. I decided to use Firestore to hold the data.
However, suppose I build the app for production and host it in a server. Then, I can download the whole project on my laptop, change a little bit the logic, and then play it locally on my computer. That way, I can send any type of data to my firestore database (because my credentials are injected in the javascript by Vue). I can then just send the ideal score of 1 ms to hack the game (this is indeed what a friend of mine managed to do).
The question(s)
The question is: how can I prevent this from happening?
Should I make a few changes in the code about the firebase configuration?
Should I use some other way to store the data, and not firestore?
Should I config properly the firestore security rules?
Also, what are the best security practices in JS frameworks like Vue.js (or React, in general) to prevent the insertion of non-wanted data on the client side? How do I manage the connection to a cloud database from such front-end frameworks?
Disclaimer
I learn everything about programming on my own, by watching youtube videos or googling and so on. I am new not only to Vue and Firebase, but to web development in general. Please consider this when answering.
TL;DR;
If the score is calculated on client-side (in browser) you can't secure it.
Anyone can just see the API call being made from the app to the server and replicate that with rest API tool like postman, so you wouldn't even need to download it locally to make changes.
If your game relies on client-side as a source of data, there is no way for the server to ensure that it is un-tampered.
You can try obfuscating the source code and doing client-side data encription, but it's all in javascript so everything is readable.
If you were to implement it in a more secure way, you would have the server trigger an action (as opposed to the script) but then the times would end up being longer because of the data turn-around time. Since the event fired from server to client and back would be reflected, but even then the automated response can be hacked by handling it with a script.
I've searched around and have come up blank. I can't figure out where OAuth2 claims are actually stored in Firebase. I refer here to the claims that I can set via SetCustomUserClaimsAsync and get (through the returned user) via GetUserAsync. I guess I was imagining being able to manage that data via some browser page, as well as via code, but perhaps by design this is not possible?
Thanks in advance for suggestions.
Custom claims currently don't have a UI in the Firebase console. Feel free to file a feature request for that. Right now, you will have to write code to find the contents using the APIs you already mentioned.
I'm trying to find a way of authenticating a user with email /password purely through Go. I'm using Go templates and would like to use HTML purely as a dumb terminal to fetch input from. I seem to need to go through the firebase-app.js apis, sign-in, then pass the returned UID to go. Am I missing something? I am looking for something similar to the js :
firebase.auth().signInWithEmailAndPassword(_emailText, _passText)
I've had no luck finding anything in the godocs.
I figured it would be straight forward since I'm hosting on GAE and fetching a firebase service account is trivial. But it seems I need to capture the userInfo through js and possibly pass it back to go possibly through a GET method.
thanks in advance!
I am considering firebase for an app - mainly for the real-time but other features like the analytics and authentication (and price) are other bonuses.
I have my own database and I want everything saved in there. Firebase will have a small portion of the dataset I push as it's needed.
So I'm basically thinking that the firebase data will be read only to the users. If a user comments, that will actually go to my server, I'll authenticate, clean, whatever.. and push to the that feed.
Are there problems with this approach? Are there other (better) ways to solve the problem?
This is a completely valid approach. Firebase is designed so you can use specific features that suit your needs.