Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Allowing write access only to Cloud Functions for Firebase

Tags:

node.js

firebase

google-cloud-functions

firebase-admin

How can we secure database via the rules that only allow Cloud Functions for Firebase to write data to certain locations, previously there was an option to add uid to admin client databaseAuthVariableOverride and use that uid in rules section, but now we initialise via admin.initializeApp(functions.config().firebase); so I’m not to sure about how to add additional params in.

EDIT is it a good idea to initiate with certificate for this instead? i.e

admin.initializeApp({
  credential: admin.credential.cert("/path-to-cert"),
  databaseURL: "database-url",
  databaseAuthVariableOverride: { uid: "some-id" }
});

What benefit does admin.initializeApp(functions.config().firebase) have over above and where is functions.config() actually getting data from, isn't this just a node module?

like image 554
Ilja Avatar asked Mar 22 '17 17:03

Ilja

People also ask

What does Firebase deploy -- only Functions do?

firebase deploy --only functions overrides existing functions. Running firebase deploy --only functions deletes the existing functions before creating new ones.

How do I access Firebase Functions?

Run firebase login to log in via the browser and authenticate the Firebase CLI. Go to your Firebase project directory. Run firebase init firestore . For this tutorial, you can accept the default values when prompted for Firestore rules and index files.

1 Answers

Normally, at the top of your Cloud Functions code, you have:

var functions = require('firebase-functions');

As part of the firebase-functions node module, you have access to a functions.config().firebase which is just an object which has everything you need to initialize the Admin SDKs, including your Database URL and a credential implementation (based off of Application Default Credentials). If you console.log(functions.config().firebase) in your code, you will see it just is an object with these properties and a few other ones you may want to use in your code.

You can add databaseAuthVariableOverride to this object to limit the Admin SDK's privileges. You can just overwrite the object itself:

var firebaseConfig = functions.config().firebase;
firebaseConfig.databaseAuthVariableOverride = {
  uid: 'some-uid',
  foo: true,
  bar: false
};
admin.initializeApp(firebaseConfig);

Or you can use something like Object.assign() to copy the relevant details to a new object:

var firebaseConfig = Object.assign({}, functions.config().firebase, {
  databaseAuthVariableOverride: {
    uid: 'some-uid',
    foo: true,
    bar: false
  }
});
admin.initializeApp(firebaseConfig);
like image 159
jwngr Avatar answered Oct 04 '22 01:10

jwngr
Sign in to Comment

Related questions

Google Cloud Pub/Sub Retry Count
Run node server and webpack together using package.json
Import jquery and bootstrap in typescript commonjs
Azure Functions: Nodejs, What are restrictions / limitations when using file system?
JavaScript errors not showing up in console?
The gyp==0.1 distribution was not found
Using a for loop in a Mocha Test
Unable to interact with anything in Cordova app
Express Router "Cannot GET ..." on browser screen
Cannot find type definition file for 'core-js'
mongoose Model.update() - only update provided values
wedriverio jenkins - npm command not found error
How to add many records to mongoDB from directory of JSON files?
How do you read from a file on mocha prior to running tests?
Express ip filter for specific routes?
Getting access token with axios
TypeError: Cannot read property 'substr' of undefined - source-node.js
How to send a http response using koajs
Install for @angular/cli not working on Mac
node.js get result from mysql query

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!