I've built an iOS/firestore app. I'm now looking to create a web app to integrate with my database. I was going through the documentation and found a distinction between firebase for Node.js (https://firebase.google.com/docs/web/setup) and firebase firebase admin SDK (https://firebase.google.com/docs/admin/setup).
I believe that I will want admin privileges and control over the web app but since I'm learning this for the first time should I focus on the basics of getting user auth, access to the database, storage and cloud functions working? Or will be changing/adding the admin privileges down the line be such a hassle that it's better to struggle through it now?
I'm still new to the web side of firebase and I'm trying to get a feel for the approach I should take.
If you're building a web interface for your app, I'd encourage you to use the Firebase JS SDK and do most of the work client-side. It should be pretty similar to what you've already done in iOS.
You should only use the Admin SDK if you're specifically trying to create endpoints with custom trusted functionality that isn't available by using the normal SDKs.
Related
I have an Capacitor.js app and it uses the Firebase Cloud Messaging SDK for Push Notifications via the Push Notification Plugin. I also have a Discord bot (this is less relevant) and I want to, when a user sends a message, it will send that data to the Firebase and then that will create a notification so that the Capacitor.js app will have a notification with said data.
But I am new to Firebase and I have been reading their documentation and it is quite difficult to 1). Navigate and 2). they don't have any useful code snippets I can look at to learn how it works. Maybe that's just a problem I have, idk.
I'm wanting it for Node.js. And I really have no idea what I am doing. I have installed the Firebase Node.js package and that's about all.
My goal for the project portion is to be able to have a functioning login and register page using TypeScript.
Currently my code works without a database, but I wanted to use Firebase to register user's usernames and passwords, so they can login with ease.
The only tutorial I have found only use Firebase with Angular or React, and I was wondering if there was a way to use Firebase storage without it?
The IDE I am using is Intellij.
For now Firebase would be saving the username and password, but later my plan is to use Firebase Storage to save some text data to the account.
Firebase can be used without any specific framework. While there may be binding libraries to make it easier to integrate with common frameworks (such as Angular and React), the base Firebase JavaScript SDK for the web is completely framework-agnostic.
The Firebase documentation doesn't assume any specific web framework, so I recommend starting there: https://firebase.google.com/docs/storage/web/start.
I also recommend taking the Firebase codelab for web developers, which also doesn't require any specific web framework: https://codelabs.developers.google.com/codelabs/firebase-web/
I'm working on a school project using vanilla HTML, CSS, and JS. When compete, we're expected to have the repo working via GitHub Pages. It's above and beyond the scope of the assignment, but I wanted to connect to a Firebase Firestore database.
The question is, how do I hide the API key/information, using only vanilla HTML, CSS, and JS (no frameworks), and have a working GitHub Pages demo for the instructor to mark?
I've looked at a number of websites and YouTube videos, but every tutorial I've come across is either using a framework or some stack of packages that would go against the 'rules' of the assignment. I can use a .env file, but to my understanding, because the repo is public the key would be public.
Any advice would be greatly appreciated.
The answer is .env files (sort of).
If you're building a frontend project and you're connecting the front end directly to your database, your credentials will be visible.
The correct way to handle keys is to put them in your backend API. Of course, when I asked this question, I wasn't "there yet".
Your backend API can have a public endpoint that listens to incoming requests. You don't need to include your database credentials in the request coming from your frontend app. It hits your backend api at its public endoint where your backend code then handles the incoming request. On your backend you have the connection to your database with the necessary credentials. This is how you are supposed to build it.
For beginners, you might want to try Google Firebase. With Firebase you can create Firebase Functions. With these, you can create a simplified API endpoint to target with your front-end requests. It triggers the Firebase Function to run, and inside this function, you can store your private keys/credentials. Because your Firebase Functions run on your own secure backend, the client never sees the keys.
If you're learning or familiar with Vue3, here's a good article to check out: https://www.bezkoder.com/vue-3-firebase/#more-9260
I've built some web app with backend technology like node/express and Rails. A few days ago I started messing with the frontend Reactjs and I love it a lot. I see that we can navigate to different part of the app via React Router and Link, base on what I understand, this is similar to node/express when we do app.get('/route', cb). After a while I found out I can't send email or access database with react alone, I needed a server, I needed node/express. Then I looked into google firebase, google provided real time db, authentication, file uploading and mailing... and I heard it works great with react. So my question, if I skip node/express, can I build a fully working web app with just Reactjs and google firebase? If I can, what are the pros and cons?
If I want, can I build facebook, twitter, youtube with react and firebase?
So my question, if i skip node/express, can i build a fully working web app with just Reactjs and google firebase?
Yes
If i can, what are the pros and cons?
Covered quite a lot. Here is an old blog post : https://firebase.googleblog.com/2013/03/where-does-firebase-fit-in-your-app.html
Short answer : You can build features provided by firebase yourself, but its generally cheaper to just use it as a service.
I'm working on a PhoneGap project using Ionic. It's basically a chat app, so I need the user to be able to register, login and send messages using a backend API on my server. Naturally this needs to be secure, so I'm wondering what the best way to securely communicate with an API endpoint is, when using a AngularJS and PhoneGap.
Ideally, it should not require a server cert, as currently I don't have the funds to purchase one. In previous projects, I used a method where each account was assigned an ID, and a hash consisting of a secret + their ID, which had to be included with each request to ensure that the user couldn't forge requests from another ID, however I don't know how secure this method is.
Any tips, suggestions or read material would be really appreciated. I understand this question sounds subjective, so if possible please answer based on facts, security disclosures and any documentation on methods.
I know the solution to all your needs and it is called Firebase.
How your requirements will be met by firebase:
1. You are using Ionic to build your hybrid app(you are cool!) and that means AngularJS.. Firebase has the perfect library called AngularFire, that uses AngularJS to interact with the firebase servers.
You are building a chat app, awesome! Firebase has real time syncing between your app and database. That is a lot of work saved for you by Firebase (Claps).
You need to register users, Firebase has super easy user register management(both OAuth and manual registration)
Security! It is super important and Firebase has you covered even here. Implementing user level security is super simple using some simple json format security rules. I will quote this from the site "The safety and security of your data is our top priority. Firebase requires 2048-bit SSL encryption for all data transfer and allows you to restrict reading and writing via granular access controls and custom authentication.
All data is replicated and backed up to multiple secure locations."
It is free(upto some level. Do some research about it, I am not sure).
Your basic id + hash security measure is not bad at the same time not perfect or dependable. Firebase has you covered here through simple login and read/write rules and as well as some closed sourced security.