To avoid rewriting Firebase DB logic in various apps (iOS, Android, Web) we earlier used a service/middle layer to hold this logic. In this way the app never interacts with the DB directly.
However, in the new architecture with Firebase and Google Cloud Functions, would it be wise to route all DB calls through Cloud Functions or should this be done only selectively based on use case?
In almost all the examples I’ve seen so far, the app directly interacts with Firebase DB and the Cloud Functions are meant to only listen to certain events and used selectively. They are not meant to be a middle layer.
This approach would however lead to the need to duplicate DB logic in all apps. Can this duplication of code be avoided?
Yes. By moving certain functionality from your application code into Cloud Functions, you will only have to implement that logic once: in JavaScript. This is great for certain logic that you either don't want on the client (too big, too secret, too slow, etc).
But:
Each client will still need code to access the functionality in Cloud Functions. This can be as simple as a write through the Database SDK, but can also get quite involved.
The functionality will only be available if the user has a network connection. Unlike client-side functionality, it won't work when the user is disconnected/offline.
Related
I have a desktop app that will be distributed to users, and part of its code (which the user might be able to access) has to perform an API call to a third-party web service. However, this requires the API keys to be embedded into the source code, which causes some obvious security issues.
The main solution I've found while researching on the subject is to have a backend server between the user and the third-party API endpoint. So, I've been looking into Firebase for a while and it seems that this solution can be implemented using Firestore and Cloud Functions.
But, I wasn't able to find any clear examples that achieve something like this, and since I have no previous experience with Firebase or just backend programming in general, I would like to know if I'm on the right track and get more details about how to get it done, or if there are better alternatives for solving this issue. Any input is appreciated, thx.
You can use the firebase cloud functions as you mentioned. Your desktop application will be communicating with the cloud function - simple API call. Here you can find examples how to implement and deploy functions and test it locally https://firebase.google.com/docs/functions/get-started. Your cloud function will hold the API keys (it is backend so it will be secure if you dont expose it explicitly. Also the backend to backend communication is considered as secure). Finally, this cloud function will call the third party service and return some data back to the desktop app if needed. So you are on the right track, that is how the design should look like. If you need some help with cloud functions, you can also contact me directly.
So I was watching multiple tutorials about how to present data on an actual webpage using Cloud Firestore. The thing is, everyone was using an actual index.html file sitting in Public folder(instead of serving html content within node.js code) and tags which would mean that their program would use client-side JavaScript instead of node.js. But why? for what reason? According to Firebase tutorials and documentation, having an ACTUAL index.html sitting in Public folder is only for making static webpages, thus, if I'm making a complicated and dynamic webpage(which will also present Firestore data within the webpage), I should be using node.js right?
The Firebase SDKs for Cloud Firestore perform local persistence (caching) of doucments fetched from the database. The persistence is enabled by default for Android and iOS, and you can programmatically enable it for web (currently experimental). This local caching allows the client to avoid requesting documents from the server, which is obviously faster and cheaper than going through some API endpoint to request the data each time it's needed.
There is also the fact that the SDKs will push you realtime updates of data as it changes on the server, as long as you have a listener attached to some document or query of interest. You won't be able to duplicate this if you write it all in Cloud Functions. You will spend a tremendous amount of time trying to duplicate and scale this behavior using socket.io or something similar on a backend you control.
You could write the entire app to be driven through API endpoints that you create. There's nothing wrong with that, if it meets your needs. But you'll write more code, you'll sacrifice realtime updates, and it will likely be slower and more expensive than allowing the client SDKs to optimize for you.
I'm a little bit lost, I was reading the documentation on firebase and they have auth and other functions client side and server, what's the difference? I want to build a serverless web app. Can I do it all (auth, CRUDE) from the client?
Firebase provides SDKs that allow you to interact with its back-end services right from the client. This means that your (web) apps can read and write directly from Cloud Firestore, by using Firebase's JavaScript SDK for that.
You'll then use Firebase's server-side security rules to control what data each user can read and modify in the database. This typically means you'll ask your users to sign in, although this is not technically required.
Whether this is good enough to build your entire app without writing any server-side code, depends on the use-cases that your app covers. Typically I use Cloud Functions to run my server-side code without worrying about server administration, and I use it for:
Operations that require sensitive data (e.g. API keys for a payment gateway), or for which the code itself is sensitive (e.g. cheat detection for games).
Operations that require reliable computing power such as RAM, CPU, bandwidth or battery (e.g. scaling images).
Operations that I only want to implement once, and that can wait until the user is connected to a network (Firestore continues to work on their local device when they're offline).
Yes You can build a serverless app by using client side code only (example: swift + firebase Auth, Firestore, Storage etc).
However some feature or for security purpose you might need to write some cloud function code. Cloud function code are server side code which will never exposed on client side
I'm trying to build a relatively simple application that has several different views, requires authentication, collects some user data, stores it in a database, and needs backend logic to manipulate that data and spit it back out to the user in a view.
The stack I've decided on is Vue for the frontend, with Express and Node for server side logic and Firebase for some of their services (namely auth, firestore, storage).
I haven't been able to find any examples of this stack (Vue, Express, Firebase) anywhere (I have however found Vue/Express or Vue/Firebase examples). My question is whether or not Express is obsolete here in that I can use Vue router to do my routing. Is the difference that one does the rendering server-side?
You could use Cloud Functions for Firebase as your backend and then limit your stack to Vue.js and Firebase.
From the doc:
Cloud Functions for Firebase lets you automatically run backend code
in response to events triggered by Firebase features and HTTPS
requests. Your code is stored in Google's cloud and runs in a managed
environment. There's no need to manage and scale your own servers.
For your specific need: "backend logic to manipulate that data and spit it back out to the user in a view." you have several possible approaches:
You manipulate the data with Cloud Functions (in the back end), write the results of this manipulation to the Real Time Database and setup some listeners in your Vue.js frontend (with the on() method) that will refresh your front end upon changes in the database
Use some HTTPS Cloud Functions that you call, from your Vue.js front-end, as REST API endpoints. You can use Axios for example. See the doc here.
One advantage of the first solution is that you can easily, by default, rely on the database security rules, while it would need some more extra work in the second case.
I am using Firebase for my new project. This will be used on both Android and IOS. As you can guess I don't want to write the same code over and over again for both OS.
I am considering to code most of the work with Javascript on the cloud functions. In order to do that I need to use HTTP Requests to call my functions since firebase doesn't support any other way to call cloud functions.
There is two question in my head about this.
Is this possible and does it makes sense?
Since I've been using HTTP Requests all the time isn't that make my app open to listening with tools like Wireshark etc if there are multiple users on the same network? (I know Firebase now supports SSL but do I have to but a domain and license for that?)
What is the best way to do it in an engineer's perspective?
You can certainly move more of your app logic into Cloud Functions. But it's not really true that the only way to invoke a Cloud Function is via HTTP. You can also push data into your database to invoke a database trigger. I gave a talk on this at Google I/O yesterday about how I made a game with all the logic in Cloud Functions. You can watch it here.