I'm building a Cordova App that connects to a NodeJS Api. In the middle I have added Firebase to help me out with Authentication.
Now I want to store user's images into some server. What would it be the best approach?
a) Firebase storage: User will send image file to Firebase Storage and my nodeJS server will fetch that image's link and stores into Mondodb.
b) Send the image directly to Nodejs and it will save it somewhere else (e.g Google cloud, Azure)
What do you think?
Related
I am using polymer js for front-end and I am having a file where I am using google-map API how can I hide the API without using "dotenv" .I am using loopback framework.
How can i store the api key securely in backend and access it in the front-end.
It is recommended to have api key in backend and access it in client side , can anyone please explain a better way to achieve it.
For example-
in client side code i have js file i am using it this way..
google-map on-tap="_changeHeight" data-args="map" fit-to-markers map="{{map}}" max-zoom="18" id="googleMapLocatorAtmDetails" api-key="xxxxxxxxxxxxxxxxxxxxxxx"
But the recommended way is to store the api-key in server-side and access it in client side any idea?
Why not lock it down to your domain name in google maps?
Go to google cloud -> API & Services -> credential
I have an admin site that has a react frontend, using redux actions, with a node.js app as the server which uses firebase-admin to do the work.
I want to use firestore's onsnapshot listener. but im not sure how this works within the HTTP protocol?
I can't use the firebase-admin from my frontend app, and i cant create realtime DB functionality from the backend within HTTP protocol.
The goal: to set snapshot listeners on my collections from rreact frontend without having to go through multiple authentication processes, considering ive got a separate auth system for admins with my express api.
Is there a solution for this?
EDIT:
my client app is currently initialized with firebase web app config data, but because im authenticating admins with my own express server, the firebase web SDK hasnt authenticated with firebase, so i dont have permission for the data i need. im not sure if i need a service account, or a web app config with extra setup or what
My recommendation is to integrate the Firebase JS SDK into your client app using signInWithCustomToken().
It's not too complicated to do. Though I suppose that depends a lot on how your current auth setup works.
The general idea is this:
Send auth request to your auth service.
Process the request like normal.
Evaluate if the user should have access to Firebase.
If they should, use firebase-admin to create a custom token and send it back to the user.
Use the token on the client to authenticate with Firebase.auth
You should make sure to have Firestore rules to allow admin users to access the data you need.
As an alternative that doesn't use the Firebase client SDK, you could have a long-running node process that opens an onSnapshot. Your react app could receive data from it using either Server-Sent Events or through a WebSocket
I am planning to migrate the backend of my app, which currently uses Firebase to a NodeJS + MongoDB server. I don't know much about Node and Mongo but I know that it is possible to export the database through a JSON file. The problem would be the login system and the files saved on Storage.
All my users can login with email and password and also by phone number. Is it possible to migrate this authentication system or do I have to start over from scratch?
Another question: is it possible to migrate data from Storage to the new server? Thanks in advance!
Is it possible to migrate this authentication system or do I have to start over from scratch?
You can define users that have both an email address and a phone number and match either one when authenticating.
is it possible to migrate data from Storage to the new server?
Yes.
I have a node.js app that uses the google drive API to upload a file to a google drive. It is working fine on my local machine. I am now trying to migrate it to an EC2 instance but when I run the app using node, I am unable to verify by visiting the url...
Authorize this app by visiting this url: https://accounts.google.com/o/oauth2/v2/auth?>access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&response_type=code&cl>ient_id=xxxxxxxxxxxx.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoo>b
Not sure how to proceed as there is no browser on the machine - which makes me question if I am using the correct protocol for this application? I get totally confused by all the different options available.
I am basically using the option laid out here: https://developers.google.com/docs/api/quickstart/nodejs
Any pointers would be greatly appreciated.
Following the steps from the NodeJs Drive API quickstart, you can run your application locally the first time, this way the consent screen will be prompted and you'll be able to grant the permissions. With this, a token.json file will be created in your directory which will be used to create refresh tokens used to authorize the subsequent requests. You can upload your application to the EC2 instance with the token.json file included and you won't have to authorize the application again.
You can read more about refreshing an access token with offline access in Google's OAuth documentation.
I have an application who consist of a Node.js backend hosted on AWS and an Angular 2+ frontend. I am using the facebook graph API on the backend, however, when it comes to uploading things to facebook I'm getting into trouble.
If I want to upload a file, I need to upload it to my backend before, which will put it in an S3 bucket and then upload it from my backend to facebook. This seems to be a little heavy for me and I am really suspicious that it is the correct way to do it. Also, Facebook provides a javascript API that allows us to upload a file from a client to its platform, which seems less heavy.
Right now, I see three solutions:
Continue doing everything on the backend
Only do upload operations on the client side using the javascript SDK, and everything else on the backend
Do everything from the frontend using the javascript SDK
For me, the best solution would be 2. What are your opinions? Is there other solutions?
If the file is created on the client, there is no need to send it to the server - you can just directly upload it to Facebook instead. Although, if you need to store it on your own server anyway, you can do that first and let the server handle the upload to Facebook - uploading an URL of an image to Facebook is the easiest way. If you don´t need the image on your server, this may help you:
https://www.devils-heaven.com/facebook-javascript-sdk-photo-upload-with-formdata/
https://www.devils-heaven.com/facebook-javascript-sdk-photo-upload-from-canvas/
If the file is on the server already, there is no need to send it to the client before uploading it to Facebook. In that case, i would do the upload server side. If it´s about the security: There is absolutely no problem in sending Access Tokens to the server. You can just use the JS SDK for login, send the Token to the server and do the upload on the server. Just use appsecret_proof: https://developers.facebook.com/docs/graph-api/securing-requests/
If you are using your end user identity on Facebook there is no benefit to use the backend here (except the fact that you need less Javascript on the page).
Your user Facebook credentials must never be sent to the backend, therefore do the upload to Facebook on client side using Facebook SDK.
Doing it from client side also save you the infrastructure cost on the backend.