Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to only accept function calls from my app in Firebase?

I am creating a game in Unity where the user can contribute with levels using a Level Creator system.

My application is setup in a way that I just need to call the Cloud Function with the level info, and it handles duplicate entries and saves it to Firestore. All of this works perfectly.

My question, basically, is: can I have my functions only accept calls from my game? (without having my users registered?).

Naturally, I am using functions.https.onCall((data, context) => {}). In the documentation for Firebase, I noticed they use context.auth to check whether the user is authenticated or not. However, I am logging this value to the console and it appears to be undefined.

I am also confused with this line, from the same link:

With callables, Firebase Authentication and FCM tokens, when available, are automatically included in requests.

Maybe context.auth is not defined because my game isn't yet in Google Play / Apple Store? Any ideas?

like image 418
Santiago Degetau Avatar asked Feb 12 '20 15:02

Santiago Degetau


People also ask

What does Firebase deploy -- only Functions do?

Running firebase deploy --only functions deletes the existing functions before creating new ones.

What is the difference between onCall http callable and onRequest HTTP request Functions?

onRequest creates a standard API endpoint, and you'll use whatever methods your client-side code normally uses to make. HTTP requests to interact with them. onCall creates a callable. Once you get used to them, onCall is less effort to write, but you don't have all the flexibility you might be used to.

How many requests can handle a single cloud function?

By default each Cloud Run container instance can receive up to 80 requests at the same time; you can increase this to a maximum of 1000.

When should I use Firebase Functions?

You should use Cloud Functions for Firebase if you're a developer building a mobile app or mobile web app. Firebase gives mobile developers access to a complete range of fully managed mobile-centric services including analytics, authentication and Realtime Database.


1 Answers

Thanks to the new feature called Firebase App Check, it is now actually possible to limit calls to Callable Cloud Functions to only those coming from iOS, Android and Web apps that are registered in your Firebase project.

You'll typically want to combine this with the user authentication based security that Doug describes in his answer, so that you have another shield against abusive users that do use your app.

like image 149
Frank van Puffelen Avatar answered Sep 28 '22 14:09

Frank van Puffelen