I been working on a React project using firebase auth and cloud firestore as the database and I been reading the official documents. But I am grappling with the idea of whether to use mobile/web SDKs and server client libraries and I am afraid I might have some misconceptions about Cloud Firestore Security Rules.
I read this page https://firebase.google.com/docs/firestore/client/libraries several times and it is about SDKs and client libraries for firestore. It seems to me that it suggests there are two ways of using firestore: one is through Mobile and web SDKs and one is through Server client libraries. And if I am using Mobile and web SDKs then my project would be classified as serverless since I am only building the front end and let Goole to handle the database and user authentication. The other way to use firestore, which is Server client libraries, it seems like it is meant to be used with your own server. It then refers to this as client libraries in the section, But the thing I don't quite understand is, what does client mean here? I'm sure it doesn't mean the same thing as in "the mobile and web SDKs support serverless app architectures where clients connect directly to your Cloud Firestore database.", where I assume a client is an end user who is browsing your website or web app. So what does this the client mean as in Server client libraries?
Since I am only able to build front end app or the client side app, I guess I should go with Mobile and web SDKs option to start using the firebase. Here comes the second question, when selecting a starting mode for my Cloud Firestore Security Rules, there are two modes: Test mode
and Locked mode. For Test mode, it says "Good for getting started with the mobile and web client libraries, but allows anyone to read and overwrite your data. After testing, make sure to review the Secure your data section.". My first confusion is, does client libraries refer to the Server client libraries previously I mentioned? If so, as a serverless project without a server I cannot technically I cannot choose this mode? Then for Locked mode it says, "Denies all reads and writes from mobile and web clients. Your authenticated application servers (C#, Go, Java, Node.js, PHP, Python, or Ruby) can still access your database." Again this option seems like it is not for me since it mentioned Your authenticated application servers, and for my project I don't have a server, or the server is on the google cloud platform. So can someone please correct me if I am understanding this wrong. Also, if I opt-in the Test mode, I suppose it allows anyone to read and overwrite my data. But I feel like there needs more explanation on the word anyone here. I think at least the person needs to have the exact firebase configuration as my project has. something like this
const config = {
apiKey: "myapikey",
authDomain: "my-auth-domain.firebaseapp.com",
databaseURL: "my-db-url.com",
projectId: "my-pid",
storageBucket: "my-storage-bucket",
messagingSenderId: "my-sender-id",
};
to access my database. I think by anyone, here it means anyone with this config file and doesn't need to log in to my project in order to mess with my database. This is my understanding, can someone please correct me? Finally, in my case, I just want that anyone who can log in to my project can have access to the database(both read and write). Which mode(test or locked) should I go with? Or I need more configuration for this?
Is it true that whether I choose web SDKs or Server client libraries to start my firestore project, I all need to use firebase-admin? But do I need to use Firebase CLI to init my project as a firebase project with the automatically generated firebase.json?
The official documents constantly use the word web and node.js, such as this image. . I actually don't know what they exactly mean. If I am writing React, should I go with web or node.js? If it belongs to web, I am importing stuff like import firebase from "firebase/app"; in my react project, these are also modules for Node.js. Again I am confused here.
I know this might be too long to read and the questions might be a bit trivial but I really appreciate if someone could clear up my confusion about firebase.
As far as I know, Here are the answers to your questions:
1) So what does this the client mean as in Server client libraries?
Server client libraries are used to access Firebase from servers which run on Java, Python, Go etc.
2) Which mode(test or locked) should I go with? Or I need more
configuration for this?
Test mode opens your database to the public which means any user can access your database without authenication.
Locked mode keeps your database locked down by default. You can then add rules to grant access to certain read or writes.
I would recommend to start out the project with this and later configure firestore security rules to open up access to your database according to your application's requirements. You can find references here : https://fireship.io/snippets/firestore-rules-recipes/
3) Is it true that whether I choose web SDKs or Server client libraries
to start my firestore project, I need to use firebase-admin? But do I
need to use Firebase CLI to init my project as a firebase project with
the automatically generated firebase.json?
firebase-admin available on npm is the Firebase Admin Node.js SDK to access your firebase database with admin privileges. This can be useful when you initialize/access the application specific configurations and parameters in your database.
You don't need Firebase command-line to initialize your firebase project and generate the firebase config file. You can access it through Firebase console of your project once you create your project in firebase. Reference : https://support.google.com/firebase/answer/7015592?hl=en
4) If I am writing React, should I go with web or node.js?
You should go with Web because node.js SDK is used for access to your Firebase services from privileged environments (such as servers or cloud) in Node.js.
Reference: https://www.npmjs.com/package/firebase
Additional Point: Found this for React in the Google's documentation for FIrebase SDKs. https://github.com/tylermcginnis/re-base
Hope its clearer now.
Related
I'm currently developing a project in Node JS that uses microservices architecture, in which each service has it's own repository that contains both the code for the service itself (NodeJS express server), and also an SDK file that I publish for other services to use with methods that are available in this service and Typescript definitions.
So for instance I have a users-service that handles all of the user related actions, and a reports-service that handles all of the reports that users can CRUD.
users-service has a method called "deleteUser" that also goes to reports-service SDK in order to delete all of this user reports. On the other hand reports-service uses user-service SDK to "getUserById" for instance. So what happens is that user-service has reports-service-sdk as one of it's dependencies, and reports-service has users-service-sdk as one of its dependencies. Because the SDK is inside the same npm module with the service, I get users-service-sdk as one of the dependencies of users-service.
I thought of separating the SDK with a different package.json file, but I wanted to know if it's the right way to go or am I doing something really wrong in my architecture :)
Thanks.
This sounds like Circular Dependency which as you stated in the title is tough to deal with. Microservices are great but this sort of architecture sounds like a lot of extra unnecessary work without any added benefit.
You should look into running your services/packages/repositories as Cloud functions (or Firebase functions). AWS also has their own solution for microservices architecture. The reason being is each service can communicate with other services by using internal authorized calls or authorized REST API calls --- or you can make them totally public.
The great thing about these Google Cloud Functions is each function is automatically an Express end-point that accepts GET, POST, DELETE, PUT. Or if you use the internal call for Firebase, each function automatically contains relevant context from the frontend (such as the user's authentication details).
You also configure IAM permissions to only allow who and what service you want to be able to execute your cloud functions so that you have full control of permissions.
To answer your questions directly though, I would definitely avoid Package A having Package B as a dependency as Package B has Package A as a dependency. You absolutely can make that work but there's no upside and a lot of downside.
Here's an old thread which covers the topic.
I want to remove all the unnecessary apps that come as default while creating a project in Django.
My Project uses Auth0 for authentication and Firestore for database. I don't want the default database app, the admin app and the auth app.
By following answers to this question, I have removed the admin app.
Now I want to remove the auth and the database app. Is there any way to do so?
Any suggestion about something else that I can remove from my project will be helpful.
Thank you.
There's already questions with answers for that here in Stack. More precisely,
Run app without django.contrib.admin
Run app without django.contrib.auth.
Run app without database.
Also, as noted here, there's a Django Microproject with the bare minimum which you might find interesting.
I need to create an application which will be ran on the browser (local only, not hosted online). I will need to use a lightweight database which has a physical file (eg SQLite3, so I can have a .db file).
Also, just to mention:
I cant use IndexedDB alone to save the data because clearing browser data would clear the entire "database".
I also wouldn't be able to use electron since the bundle is too big. I need the browser for its portability
Also cant use PouchDB, since due to security constraints, online sync (CouchDB, etc) is not possible. Then it would be 100% stored in IndexedDB, which brings me back to my point on bullet 1
My question is - is there a way to create an offline web application build with VueJS frontend + NodeJS backend? I only need NodeJS because SQLite only works on the Node environment.
Deployment is preferably in .html only (is there any way that is possible, and access only using the file protocol file://)? Otherwise, I may consider using a local web server (localhost) - I'm not sure though if it is possible to serve an html file without any installations (node, python, etc), so I would still have to check all my options about this.
Any thoughts?
I am still new to this so please bear with me! There is very limited info online that talks about a 100% offline web application. Thanks a lot!
I'm working on a Node.js application hosted on Google Cloud, using Google Application Engine. The app has a few settings like the following:
const TASK_BATCH_SIZE = 50;
Currently, every time we need to change some settings like that one to do some tests we need to re-deploy the app, and that happens very often. We are looking for some alternatives inside the Google Cloud ecosystem that allows us to configure our running services without needing to re-deploy.
One of the things we found in the docs was Runtime Configurator, which still seems to be a beta product. For Node.js specifically nodejs-rcloadenv is the only client library we found, but doesn't seem to support the Watcher / Waiter concepts described in the Runtime Configurator docs or any other way to subscribe to variable changes in a configuration resource.
Is Runtime Configurator the solution to our problem? Are there any other services inside the Google Cloud ecosystem, or any other library for Node.js that could help us with this?
If you want to update or to make some settings changes in the service, you need to re-delpoy the service.
You can't use Runtime Configurator as it's for Compute Engine and not for App Engine.
You can create a feature request on Google's Public Issue Tracker for your issue ( to update configurations without re-deploying the service).
With the latest node SDK, I'm unable to programmatically create users as I had done with older versions of firebase. I need this in order to create a pre-populated database for testing purposes. The node SDK does not support createUserWithEmailAndPassword. Any idea how to programmatically create users or get the uids of users from the db or programmtically sign in as a user with the web client's signinWithEmailAndPassword?
Are you doing your testing with a live firebase instance? It might be better to use firebase-server to do this type of testing: https://firebase.googleblog.com/2015/04/end-to-end-testing-with-firebase-server_16.html
This should make your tests run faster and you won't be reliant on an internet connection.
Most of the client-side auth and user management methods (including creating users) are available in the Node.js environment since the 3.3.0 release of the Firebase JavaScript SDK. The SDK should now be mostly isomorphic, but see my message on another thread here for the full details. Full release notes for that release are here.