If I create a web app with the serverless client-firebase model, it seems almost 100% my data structure, comprises of nodes, subnodes, duplicate nodes and key:values, is exposed by those DB ref URLs, CRUD and atomic update functions from client js code .
I am not saying that I am not gonna put DB rules, but to only question that exposing so much info which client does not need at all, is it beneficial to hackers only?
I am thinking of create a REST API in the middle and hide firebase queries, but this somehow against the serverless idea. is Cloud Functions for Firebase a cue here?
P.S. I have read related questions below, but they are not the same.
How to restrict Firebase data modification?
Is it safe to expose Firebase apiKey to the public?
Related
I have a small question about managing data between Firebase Authentication and Firestore.
For example:
The Firebase Authentication API stores the email of the user.
But we also use Firestore to store the other details about the user.
So the question is...
Should we also store the email on Firestore ?
I feel that a duplicate data is never a good idea. But having the email directly in Firestore should be faster and easy to access.
Thank you
I feel that a duplicate data is never a good idea.
When working with NoSQL solutions I'd highly recommend letting that feeling go. Read NoSQL data modeling and watch Getting to know Cloud Firestore for more on this.
One of the things you'll learn from that is that your data model will typically evolve for the use-cases your app needs. For example, if you want to allow the user to see or search all email addresses, that functionality is not standard available in the client-side Firebase Authentication SDK. This means you have a few options to build this functionality for your users:
The server-side Admin SDKs of Firebase Authentication do have the option to look up the email address for a user, or to list users. So you could wrap this functionality in an end-point you create and secure (for example with Cloud Functions).
You can also write the user information to Cloud Firestore (or the Realtime Database) when the users registers, and then look it up there from within the app, using Firebase's security rules to ensure all access to the data is authorized.
This is just one example, and as I hope is clear, it is based on speculating that your app needs certain functionality. But it's quite common that developers store user information that is also in Firebase Authentication in a database too.
I am just start learning how to write fulfillment to read a data stored in the firebase as a first step.
Actually, I stored the same data in the firebase realtime database
and the firebase cloud database just to try from which one i must read my data, so I am just stuck how to retrieve it by the inline editor
My data is just a JSON object String names.
Note : form where i should start to learn Node.js for dialogflow fulfillment to do basic operation as storing and retrieving ?
You can use the firebase-admin library for node.js.
The inline editor is just Firebase Cloud Functions under the covers.
Your fulfillment code needs to run "somewhere" in the cloud - you'll need an HTTPS URL that you will provide, so this is called a "webhook". Firebase Cloud Functions are a convenient place to do this - they provide a HTTPS endpoint and good scalability, but you can run your fulfillment webhook anywhere on the public Internet.
Dialogflow provides an easy way to use Firebase Cloud Functions, by providing the inline code editor. This uses Firebase Cloud Functions to do the work, but hides the URL from you, so it is one fewer thing you need to deal with.
There are a number of good places to get started, but one is using Google's Codelabs for the Assistant make sure you also have looked at Google Docs for Actions on Google, which links to other resources as well.
I'm teaching myself to use Flutter and I'm making an app that queries The Movie Database API. Currently, I'm having the client query the API on launch but I'm thinking this is not the most efficient way of doing it, and I would rather have the client query a backend service like Firebase to get the same data.
I would appreciate some guidance into where to start in order to setup a periodical process to query the API and use the results as entries into a Firestore DB. I've looked online but I might be using suboptimal keywords since I haven't found a good tutorial or example for this.
Thanks.
You can use Firebase Cloud Functions to build code that runs on Firebase servers to fill your Firebase database, but you can only make HTTP requests to non-Google addresses if you use a paid plan.
https://firebase.googleblog.com/2017/03/how-to-schedule-cron-jobs-with-cloud.html explains how to invoke periodic tasks with Cloud Functions. It utilizes Google AppEngine for that because Cloud Functions doesn't provide that out of the box.
In my Unity project, I'm using simple web requests (POST requests) to store and retrieve information from the Cloud Firestore, and it is all working fine.
The POST requests are made to some Cloud Functions that do all the job in the database.
The thing is I'm using the database with all permission (read and write) granted to everyone.
I don't know how to safely allow this operations. What I mean by this is if I'm an user of the app (and I'm INSIDE the app), then I should be able to read and write from the database, but outside the app nobody should be allowed to do any modification in the database.
How can I secure my database within these constraints? I read about Firebase auth but I didn't understand.
You'll need to learn about Firestore security rules. It's a long and complex topic, and impossible to say for sure exactly what's required for your case. But you can start reading the documentation about it.
Firebase's documentation has the following paragraph:
Using Cloud Firestore and Realtime Database: You can use both databases within the same Firebase app or project. Both NoSQL databases can store the same types of data and the client libraries work in a similar manner. Keep in mind the differences outlined above if you decide to use both databases in your app.
I can't find any documentation on how to add a Cloud Firestore to an existing project with a Realtime Database, though. I will ultimately upgrade to Cloud Firestore, but would like some time to experiment and learn before I convert the production database.
Does anybody know how to use both databases in the same Firebase project?
When you go to your project in the console and choose the Database product, you should see something like this the first time:
This is a selector that lets you choose to see either Realtime Database or Firestore in your project. You can switch between the two with this selector.
The first time you select Cloud Firestore, it will ask you to configure things. Start in "test mode" to set things up for full read and write without authentication to get started quickly, but of course your should always have rules set up in production.
After you set up Firestore, you should be able to use both client SDKs to access both databases independently.