I am searching for preventing attacks like Ddos, I am not sure I came across a solution.
Case 1
in which from every request putting a increment value in firestore database. After certain value such as 100000 a cloud function will trigger which will destroy / deactivate all my cloud functions.
Case 2
Is there any easy way using if else in cloud functions.
I am new to Firebase cloud functions
I am writing cloud functions in dart
Is there any way to write security rules for calling function
Is there any way to limit invocations
Can cdn or another service integration help in this situation. I dnt want surprise bill
First of, see this documentation on the guidelines you should follow to avoid security attacks in Firebase.
in which from every request putting a increment value in firestore database. After certain value such as 100000 a cloud function will trigger which will destroy / deactivate all my cloud functions.
Unfortunately, this is not how a managed service works. Cloud Functions can only be triggered when invoked or during a response to an event. If there's no traffic, then the function is not running. It's not possible to deactivate them.
You can however, list all you functions and delete them one-by-one by using Cloud Functions Client Library and method deleteFunction().
Is there any easy way using if else in cloud functions.
For this question, are you referring to conditional statements or on how a traffic is redirected?
I am new to Firebase cloud functions I am writing cloud functions in dart
Currently, there is no official way to deploy a function running in Dart Runtime, though there are community supported projects that allow you to run Dart functions on other environments.
Node is the only runtime being supported in Cloud Function for Firebase as of the moment. See documentation here.
Is there any way to write security rules for calling function
Firebase security rules are for Cloud Firestore, Realtime Database, and Cloud Storage. See this SO that shows how to protect HTTP functions using auth id tokens and database rules.
Additionally, in this documentation, you can find how to setup security rules in your Firebase project. Sample scripts can be found here.
Is there any way to limit invocations
You can find a similar SO question here on limiting invocations in Firebase Cloud Functions. Additional details regarding Quotas and Limits can be found here.
Can cdn or another service integration help in this situation. I dnt want surprise bill
CDNs can help you bring down costs due to caching behavior, however it is not the complete solution to avoid surprise bills. One way to avoid this is to setup budget alerts to send email notifications whenever your project exceeds (or about to exceed) the set spend threshold. See documentation on Avoiding surprise bills here.
Related
I'm using Firebase for my mobile app's entire backend and I was wondering which of the two is a more reliable way of performing the task of creating a user and then a batch of documents.
Create the Firebase user (using Firebase Auth) on the client and if it succeeds then perform a Firestore batch write also on the client to create the documents.
Call a Firebase cloud function from the client to perform the above task.
My reliability concern has to do with the network. If the user is created on the client but is unable to create the documents then, well, that's not good. But if the client is able to invoke a cloud function then I feel like network reliability is not an issue in the cloud environment. If the task is to fail in the cloud it will be because of violating an error that I have control over (i.e. bad email format, weak password). Which of the two is more reliable for my purposes?
If the user has a spotty connection, the call to the Cloud Functions is just as likely to fail as the call that writes them directly to Firestore. The main difference is that the Firestore SDKs will automatically retry the write operation in such cases, while with a Cloud Function you'd have to implement that yourself.
I definitely would recommend using option 1. You should create a user with Firebase Auth and then create a collection called "users" and add a document with the user's UID, which is auto generated. This should occur after you insure that there is no error in the Firebase Auth process. If there is you should just display the error. If you need more specific info, feel free to respond.
I'm developing a Mac app that uses CloudKit as its back-end. Some of my users are requesting the ability to ingest and extract data via an automation/integration service such as Zapier. For this, I need to introduce a web API.
I am planning to use CloudKit Web Services to access the app's data. This data is user-specific and hence, resides in a private database. As a result, CloudKit requires user authentication as described here.
Essentially the user needs to be redirected to an Apple-hosted authentication page. After successful authentication, an authentication token is provided that can be used for data operations. Similar to how OAuth2 works, but different enough to not work with Zapier's (or probably any other similar services) supported authentication schemes.
Who has done something similar? What are my options? I want to keep things as simple as possible and make my web API's implementation as thin as possible.
Thanks.
Niels
This is definitely doable and you are on-track with your thinking. Here's how I envision it working:
You could do all of this with a front-end web app (no server-side app needed). I personally prefer Vue.js but you probably have something in mind already.
Your app will need to authenticate the user to CloudKit using the flow you mentioned. I highly recommend you use the Web Services API and not try to wrestle Apple's neglected CloudKit JS API. For this, you are going to need to generate an API token in the CloudKit Dashboard.
You app would then prompt the user to authenticate to Zapier.
You should now have user credentials for both CloudKit and Zapier in place in the user's browser cache (you can save, for example, the CloudKit token to sessionStorage and likewise with Zapier).
Make API calls to Zapier, pull down the data, and then save it to CloudKit all within your JS app. It's all API transactions at this point. I'm a fan of Axios for making the HTTP requests.
If you are downloading files, transacting huge amounts of data, or doing processor-intensive stuff, you might consider using a server for that work. But if you just need a place to pull and push reasonable chunks of data, I see no reason why you can't do it all in a front-end app.
Alternatively, if you don't want a web app at all, and want to only have the user work in the Mac app, that can be done, too. Just make API calls directly to Zapier from within your Cocoa app. Whether or not this is feasible depends some on how you want it to work.
If you have more specific questions or need help with any of the implementation details, feel free to add a follow-up comment or ask a new question.
Good luck!
I think the other answer is mostly correct. I don't know much about CloudKit, but we can talk through what you'd need for it to work.
Let's say you had a simple iOS app that stored contacts. On the iOS side, Apple presumably abstracts the upload and download operations.
If you wanted to make a web viewer for synced contacts using CloudKit, you'd need an endpoint to fetch all rows belonging to the authenticated user (each of which would have a UUID, name, and a phone number). I believe that's possible with CloudKit code Apple provides (but let me know if I'm off base).
Now, we want to integrate with Zapier. Say, a "New Contact" trigger. You make some sort of authenticated HTTP request from Zapier to Apple on behalf of an authenticated user. It gives back a list of contacts and Zapier can trigger on the ones it hasn't seen before. To do that, Zapier needs some sort of user token.
That's where the little front-end page the other answerer mentioned comes into play. If you've got a web page that can surface a user's token to them, they can paste it into Zapier and all of the above becomes possible. I'm not sure what the lifespan of the token is, but hopefully it can be automatically refreshed as needed (rather than the user needing to take any manual action).
I'm not sure if what I've described is possible, but do let me know if it is. It would be huge if it were possible to integrate Zapier and the iOS ecosystem!
Edit to respond to comments:
Zapier won't be able to interact with CloudKit in a way sufficient for me (some minor business logic is needed)
I'm not sure what that entails for you, but it's common to put logic in the Zapier integration to structure data in a way Zapier expects. There's a full Node.js execution environment, so the sky's the limit here.
I don't think Zapier can authenticate against CloudKit as it uses a non-standard authentication scheme
Once you've got a user's token (described above, which is unusual), you will almost certainly be able to use it in requests to cloudkit. Zapier provides a "custom" authentication scheme which lets you do basically anything you want. So unless Apple uses something that fetch can't handle (unlikely), it should be fine (once you get the token).
I would like to push data directly from my app into Zapier and have it done whatever magic the user has configured
This is also probably possible. Zapier ingests data in two ways:
polling, where Zapier frequently makes a web request, store the IDs of items we've seen before, and act on the new ones. You can read more about that here. Assuming you can work your business logic into the integration, this is doesn't require an external server besides Apple's
webhooks, where Zapier registers a subscription with you and you send new data, on demand, to that address. This would probably require a webserver on your end to handle. It's optional though - you can do polling instead.
Hopefully this cleared it up a bit. Feel free to reach out to partners#zapier.com and reference this question to talk more about it.
I'm new to OAuth2 and cloud-functions/serverless.
So I was wondering whether it makes sense to create cloud-functions to handle OAuth2 requests.
My Idea:
User sends auth request to and API Gateway (to prevent cloud-function abuse, as of my understanding, or how else should that be prevented? Cloudflare?)
Gateway redirects request to cloud-function
Cloud-function stores user authentication in DB
User is now authenticated.
The authenticated user can now request actual data, like profile, through other cloud-functions.
Response with data to the user.
Is this a correct understanding of how OAuth works? If so, does this make sense, or would a usual server be cheaper to handle OAuth?
Yes, what you described should work. Note that you will need to secure your Cloud functions and besides the OAuth, do not forget to configure your function-to-function authorisation layer (as I understood that you will use more Cloud Functions). I think this process can be a pain, as you will need to configure it for each function. Here you can find more details about it.
Although, what you have described should work, me, personally I would not implement that and I would go for an Ambassador architecture with a service running on
Cloud Run ,let's say, that include the security layer, also. I would not choose your architecture plan for a few reasons:
1) I think it will be more complicated to configure mainly because what I was talking before.
2) Even though it is possible and people do this, I would not use Cloud Functions for querying databases in general, because this is a process which may take some time and your Cloud Function may timeout under some specific circumstances. ( maybe if there are a lot of ongoing connections to your db in that moment, it could cause high latency ).
3) Maintenance and debugging may be a little more difficult in a ¨chain¨ system like this.
4) I think that in case of really high traffic the cloud functions based architecture may be more expensive. You can check this out using the Pricing Calculator.
In conculsion, I think it will work, but I would not do it like this.
I got an iOS app and I'm storing values in Firebase per user.
Every 24 hours I need to reset those values in Firebase automatically, even when the user does not open the app.
Is it possible to do this in the app itself or do I need to write cloud code?
You can´t run this type of code when your application is not active. If you need to reset the data every 24 hours even when the user does not open the app it´s better to create a job in your backend to execute this type of action and separate this logic from the application.
An example of a job in your backend can be Cloud Functions for Firebase, since you´re already using Firebase.
Cloud Functions for Firebase lets you automatically run backend code
in response to events triggered by Firebase features and HTTPS
requests. Your code is stored in Google's cloud and runs in a managed
environment. There's no need to manage and scale your own servers.
Yes there is a way to do so. Firebase gives a cloud function support where you can write and read data whenever you want. just need to run the code ones with what type of data you want to update and then set a timer of 24 hours to change the existing data. Then you are ready to go.Here is the link of Firebase Docs for cloud functions. Go through it for more deeper understanding
Cloud Functions for Firebase lets you automatically run backend code in response to events triggered by Firebase features
and HTTPS requests. Your code is stored in Google's cloud and runs in
a managed environment. There's no need to manage and scale your own
servers.
Typical use cases might fall into these areas:
Notify users when something interesting happens.
Perform Realtime Database sanitization and maintenance.
Execute intensive tasks in the cloud instead of in your app.
Integrate with third-party services and APIs.
Check this Use case:
What Can I Do with Cloud Functions: Use case
I am currently working on a social-networking based app on iOS. I try the online DB service and cloud service provider "Parse". But what i really do through this platform is just to retrieve data for the "users","messages" and "activities" in that DB.
I want to implement the recommendation function into my app which requires some sort of logic after the retrieval of the data. Is it feasible to integrate some of this logic into the "Parse" platform and avoid setting up the server?
If I understand your question correctly, you are asking if you can have server side logic run on the Parse side? Yes, you can and this is fairly standard practice in the Parse universe. You an use Cloud Code, which is Javascript run on the parse servers and you can link the scripts in to before you save objects, after you save objects, or just standalone functions. Here are some details:
https://parse.com/docs/cloud_code_guide
Hope that helps!