In an interesting blogpost about 'Firebase Authentication with the Firebase 3.0 SDK and Auth0 Integration', it is stated that:
You can even have Firebase communicate with Webtask!
Now I can imagine the (web)client triggering a Firebase operation and subsequently a Webtask, but not the other way around. Or am I missing something?
Firebase can run as a serverless app, but it can also run on the server. You can even have Firebase communicate with Webtask! (sic!)
I think that paragraph is misleadingly phrased, perhaps it was just added at the last minute to spark interest. You can have a webtask communicate with Firebase, not the other way around. You don't "run Firebase" on your server either.
TL;DR: A client application may call a webtask with an HTTP request, and that task can read/write the database, but not in any other order.
Here's a quick and dirty reality check as of Nov. 2016:
The Realtime Database by itself does not provide you with a way of executing code. This includes responding to database changes and user requests, handling fan-in and fan-out operations, etc. There is no support for webhooks either.
Which means you have to provide your own execution environment for such logic on a custom server, or you can try to cram as much as possible into the client code. This is a pretty exhaustive topic by itself.
Webtasks are short-lived functions that respond to HTTP requests. Their lifecycle always starts with a request, so they are not fit for continuously watching the database for changes. But they are perfectly valid for handling requests coming in from your client application.
As you can store "secrets" for the webtasks, you can authenticate the task on an admin access level. This gives you the possibility to verify client tokens – which should be sent along with the request –; perform complex authorization and validation, and perform RTDB write operations you wouldn't trust the clients with.
Or trigger external services securely. The possibilities are close to endless.
Related
I have a Firestore database which I want to populate with data that is delivered by a live sports event API. This API offers to push the data, so I get new values every time some event happen in a selected game - so we don't have to pull new updates all the time.
However, the delivery method is a websocket which means, that we should open a web socket to a certain endpoint, and then we'll get the data updates.
How could we do this in Firebase? If it was just a simple webhook with an HTTP call, it would be easy to make a firebase functon that could receive the posted data.
But is it possible to do something similar with a web socket? I guess that keeping a Firebase Cloud Function running 24/7 with the web socket is not a good idea at all.
What you're describing is not supported by any Firebase products, and definitely not Cloud Functions. Cloud Functions doesn't support websockets at all, nor does it support any streaming. On top of that, the max lifetime of a function is 9 minutes.
If you absolutely need websockets, consider a different backend infrastructure instead, such as App Engine.
I'm a little bit lost, I was reading the documentation on firebase and they have auth and other functions client side and server, what's the difference? I want to build a serverless web app. Can I do it all (auth, CRUDE) from the client?
Firebase provides SDKs that allow you to interact with its back-end services right from the client. This means that your (web) apps can read and write directly from Cloud Firestore, by using Firebase's JavaScript SDK for that.
You'll then use Firebase's server-side security rules to control what data each user can read and modify in the database. This typically means you'll ask your users to sign in, although this is not technically required.
Whether this is good enough to build your entire app without writing any server-side code, depends on the use-cases that your app covers. Typically I use Cloud Functions to run my server-side code without worrying about server administration, and I use it for:
Operations that require sensitive data (e.g. API keys for a payment gateway), or for which the code itself is sensitive (e.g. cheat detection for games).
Operations that require reliable computing power such as RAM, CPU, bandwidth or battery (e.g. scaling images).
Operations that I only want to implement once, and that can wait until the user is connected to a network (Firestore continues to work on their local device when they're offline).
Yes You can build a serverless app by using client side code only (example: swift + firebase Auth, Firestore, Storage etc).
However some feature or for security purpose you might need to write some cloud function code. Cloud function code are server side code which will never exposed on client side
I'm using the react native firebase sdk and am wondering about how the underlying network calls are implemented. When making firestore get queries, is the sdk just keeping a socket open when it's initialized and make requests over the open socket, or does it make individual http requests to an endpoint?
Specifically I'm looking for an efficient way to get a batch of documents (profile thumbnail properties given a batch of profile ids), and I saw an answer that said that firebase calls are pipelined so calling the gets in parallel is efficient. However, I'm not sure if that applies to firestore as well.
The Firestore SDK uses gRPC to communicate with the server. This is the same layer that many of Google's other Cloud products use under the hood. It is quite different from the Web Sockets communication layer that the Firebase Realtime Database relied on.
Digging into the code it seems like the "real time" part of firebase uses websockets. The database module also has a dependency on
faye-websocket
I am attempting do the following
write a document to server.
wait for the success event and check for metadata to confirm if its written to server
if it is not written to server even after the time out (using a timer) undo the write operation.
this is for WEBRTC calls so if a user attempts a call but was offline and closes the app since it did not succeed. after a long time the receiver would receive a call and would be weird.
There are no undo operations in Firestore. The client SDK tries doesn't really give any way to discern if the app is online or offline - it simply tries its best to service the requests that you give it via the API.
If you want to perform some operation while only online, then use Cloud Functions to make an HTTP request to backend code that performs the actions you want. If the app is offline, the HTTP request will obviously fail, and you can decide what you want to do from there.
I've been doing some research about secure tokens and Firebase JS, but I have ready some conflicting information, so I will just ask my question directly. Is it possible to handle secure sessions with Firebase using Javascript? For practice, I'm creating a little web game that will rely on Firebase to synchronize each client, and I'm wondering the process for doing so securely.
It depends on how you define a "secure session". There are two issues at play here.
Transport level security: The Firebase JS client communicates with the servers over HTTPS. Additonally, Firebase has a security rules system that lets you specify which clients can read and write which data.
Application level integrity: However, the client is free to make whatever changes it is authorized to, even if they are not triggered by your JS code. For example, in a web page, I can open the developer console and use the Firebase API to make data changes that aren't part of the web page's logic.
To tackle the latter, you'll need a server where you can run trusted code to enforce game state. For instance, every move made by a client in the game should be first put into a "pending" queue. A server process should monitor all pending changes, validate them and them move them to a "final" game state location which will be the authoritative game state.