I have an admin site that has a react frontend, using redux actions, with a node.js app as the server which uses firebase-admin to do the work.
I want to use firestore's onsnapshot listener. but im not sure how this works within the HTTP protocol?
I can't use the firebase-admin from my frontend app, and i cant create realtime DB functionality from the backend within HTTP protocol.
The goal: to set snapshot listeners on my collections from rreact frontend without having to go through multiple authentication processes, considering ive got a separate auth system for admins with my express api.
Is there a solution for this?
EDIT:
my client app is currently initialized with firebase web app config data, but because im authenticating admins with my own express server, the firebase web SDK hasnt authenticated with firebase, so i dont have permission for the data i need. im not sure if i need a service account, or a web app config with extra setup or what
My recommendation is to integrate the Firebase JS SDK into your client app using signInWithCustomToken().
It's not too complicated to do. Though I suppose that depends a lot on how your current auth setup works.
The general idea is this:
Send auth request to your auth service.
Process the request like normal.
Evaluate if the user should have access to Firebase.
If they should, use firebase-admin to create a custom token and send it back to the user.
Use the token on the client to authenticate with Firebase.auth
You should make sure to have Firestore rules to allow admin users to access the data you need.
As an alternative that doesn't use the Firebase client SDK, you could have a long-running node process that opens an onSnapshot. Your react app could receive data from it using either Server-Sent Events or through a WebSocket
Related
I'm trying to accept billing subscription using the Stripe API in my Electron app. I would create an endpoint in the 'main' file but I guess it's insecure and not the right place to do that.
What's the most secure payment flow in Electron apps? Would I need to do this using a simple web page and a nodeJs server?
You must not include your secret key in any client application. Your Electron client needs to make calls to your remote server where you can make secret key API calls securely.
Yes, if you want to build a server in the JS/Node ecosystem, you can use Stripe's stripe-node client and build a server like this example.
I have two Ionic applications, and both use the same API served with node. What I need is that when one app sends a post request, the other app gets that post request and uses the information that comes from the request. How can I achieve this? I thought of listening for that particular post request, but I don't know if that's possible, or when the post request reaches the API, trigger some action in the server that sends the information to the other app. Is this possible?
You can use Firebase Cloud Messaging to implement this.
When one ionic application requests a service from your server by using HTTP Requests, the server will trigger the respective action and sends a push notification to your other app by using the Firebase cloud messaging service. Your 2nd app will capture this push notification by subscribing to a URL in Firebase.
For the server-side, You can use fcm-node module or Firebase NodeJS Module to implement this functionality. For the mobile app, you can use providers in ionic to subscribe to firebase cloud messages
A detailed guide on implementing push notifications can be found here
I am using Angular4 app for UI and I have a separate Node+Express app which handles rest api calls.
Angular app runs on a different port. and express app runs on a different port.
I try to use express-session framework on the server(express)app.
I use Microsoft ADAL services to authenticate the user. After successful authentication my approach was to make a rest api call from angular app to express server app by passing userEmail and set userEmail variable to req.session.userEmail. I expect the session to be available when a different route is being called to check if the session is available, but the session variable is always showing up as undefined.
What is the best solution here? My goal is to have a session management and prevent responding to unauthorized requests on the server side rest api calls.
I'm trying to create a self-hosted app. This app would provide a custom express server with some routes and also provides a CouchDB access using pouchdb-server. I would like the node server to be able to configure the database and create the admin username/password, and then create the roles functions. How can I configure CouchDB from my nodejs app?
I would like to:
Stop admin party and create an admin with a password. I found that the web client makes a PUT request to http://localhost:5984/_node/couchdb#localhost/_config/admins/<username> with password in payload, but I would like to do it using express-pouchdb, so HTTP is not possible
Create users roles I would like to set up several roles
Set up permissions which roles can update which databases, what databases are readable by who etc...
Please note that I can't do direct http requests to CouchDB, since I'm using pouch-db-express in my node app to serve the db to the client, and I would like my express app to configure the couchDB instance managed by pouchdb-express
Stop admin party and create an admin with a password
I'm pretty sure the only way to interact with the _config endpoint is with HTTP, as I see no config plugin on the plugins page. Even if there was a plugin, it would use HTTP. Is there some reason HTTP is actually not possible? Or you just don't want to use it?
Create users roles
The PouchDB authentication plugin can do this for you.
Set up permissions
The authentication plugin also gives you access to the _security endpoint for this. Then you'll also need to create the appropriate design documents, using the standard put() API.
I feel like I am wanting to do something that is either easy, or very wrong. Not sure which one yet.
I am wanting to build an application that is backed by Firebase for:
Authentication
Realtime Database
I will build an Angular2 Front end Single Page App using AngularFire2. Using AngularFire2, the user will authenticate using GoogleAuthentication provider. The Angular2 app will interact with the firebase realtime database directly under most cases.
But I have some cases that I want a NodeJS/Express REST API layer todo more complex business logic and interact with FireBase Database. What I want to have happen is when the user authenticates with AngularFire2 that the accessToken can be used on the API calls to NodeJS in the HTTP Header. Then inside the NodeJS Firebase SDK I just authenticate using that token.
How would you go about doing this? I've been digging through documentation for a while now and still haven't figure it out.
Took lots of digging, but I found the solution. I hope this is a useful thread for others to find.
The accepted answer at: Answer gives a good lead to this. Specifically look at:
Authenticating your privileged workers
Emulating users or limiting access from a server process
Validating client identity via security