I was wondering if accessing data, For example view any item, modify any item in Db/Firestore directly via Firebase console adds to usage (data download/ FireStore Read etc.)
I googled it to find an answer but I didn't find any. So raising my query here.
Also wanted to know if there is a way to provide write access to a particular child to 3-4 specific emails (google authentication). I understand we can allow writing to users who created it using the below rules. But in my case, I want others (few) also to be able to write to the child but not all( so cannot use ".write": "auth != null" )
{
"rules": {
"users": {
"$uid": {
".write": "$uid === auth.uid"
}
}
}
}
Thanks in advance.
Yes, it does charge you. The documentation says,
Firebase console data: Although this isn't usually a significant portion of Realtime Database costs, Firebase charges for data that you read and write from the Firebase console.
Similarly you are charged for any reads and writes from the Firestore console. Also you need to be the project owner (or have editor/viewer role) to access the console. You'll be charged the amount of data loaded or written. For example, if the console loads 500 documents then you'll be charged 500 reads.
For the data retrieved from client side, "Firebase charges for the downloaded data. Typically, this makes up the bulk of your bandwidth costs, but it isn't the only factor in your bill." Make sure you check all the factors in the documentation above.
To allow specific users to read or write to your database, you can try using custom claims. You can refer to this answer for a detailed explanation on security rules with custom claims.
Related
I'm building a REST API powered SPA application and I'm trying to decide on the best way to deliver "global options" via the API. By global options I mean an assortment of random fields that relate to the application as a whole rather than being associated with one specific model, for example brand logos and contact details that need to be accessible from multiple locations within the app.
Something like Wordpress would store these in an options table and access them via a php function using the option name, however since this is a REST API I'm not sure how I would go about accessing/updating multiple options without making lots of requests for each one.
I know a lot of projects just use a json file to store this data, but it specifcally needs to be editable via a CMS and served via the API. The following are two methods that have come to mind, but none of them feel like complete solutions:
1: An options table with one generic endpoint that takes a query string specifying which fields you want to access. This works for getting data, however updating data seems to get a bit messy and the only way I can think to do this is by sending an object of key/values pairs to bulk create or update the options:
GET: example.com/api/options?pick=logo,contact_phone,contact_email
POST: example.com/api/options
{
contact_email: "info#example.com",
contact_address: "123 Test St"
}
PUT: example.com/api/options
{
contact_email: "info#example.com",
contact_address: "123 Test St"
}
2: Breaking fields into groups and storing them as a json field in a "pages" table, this solves the creating and updating issues but breaks down when you have fields are used in multiple locations, and they aren't really pages so it's not very REST like.
GET: example.com/api/pages/contact
POST: example.com/api/pages
{
name: "contact",
values: {
email: "info#example.com",
address: "123 Test St",
}
}
PUT: example.com/api/pages/contact
{
values: {
email: "info#example.com",
address: "123 Test St",
}
}
I also need to take into account the issue of access permissions, for example the logo field would be accessible to the public, but the user support contact number would only be accessible to logged in users. With the first example you could have an extra permission column for each option, but this wouldn't work for the second option.
I've been googling but have failed to find any good information about this topic as REST schemas/documention generally only deal with concreate entities, so any insight into how this is achieved in real world applciations would be great!
Cheers,
Cam
I have a Firestore database see the image below. I want to retrieve the doctor's info. All of these documents under "doctors" collection are from authenticated users and I have saved the documents with their IDs.
I am using this code to get the documents but it returns 0. I think the problem is authentication. Kindly help me to solve this issue.
val query = fireStoreDbRef.collection(Constants.COLLECTION_DOCTORS)
query.get().addOnSuccessListener {
Log.d("TAG", "getAllDoctors: "+it.size())
}
Security Rules I am using
It's possible to see in your screenshot that the documentIds are in italic, this indicates that the documents you were trying to access were deleted. If you were to add a new document the code you currently have for fetching documents is suppose to work normally.
As per the reason why those documents were deleted, the most probable is that they were deleted by someone else operating this Firestore, unfortunately there are no native log solutions for Firestore for you to audit that. In fact, it is recommended that you build a logging solution for your Firestore with the use of Cloud Functions, if you fell it is necessary, here is an example in a community answer for how to do that.
If this is not the case I would advise you to keep an eye out for this behaviour, and if it should happen again I would recommend you to open a Bug Report on Google's Issue Tracker so that this can be troubleshooted by Google's Engineering team
I would like to de-identified my PII data that already in BiqQuery with Google DLP, and store the result in another table in BigQuery. Is that possible ? and how to do that ?
Currently the main recommendation is to use dataflow.
https://github.com/GoogleCloudPlatform/dlp-dataflow-deidentification
The different methods for De-Indentifying sensitive data in DLP are available through API, for example, we can use replaceConfig to replace from:
My email address is astacko#example.com.
to
My email address is [email-address].
by using an API request like this:
"deidentifyConfig":{
"infoTypeTransformations":{
"transformations":[
{
"infoTypes":[
{
"name":"EMAIL_ADDRESS"
}
],
"primitiveTransformation":{
"replaceConfig":{
"newValue":{
"stringValue":"[email-address]"
}
}
}
}
]
}
}
So, for your use case you would need to integrate the De-identifying API into a flow that reads from BigQuery, perform the De-identifying transformations and writes back to BigQuery.
Cloud DLP in action is a Google post that talks about this. It points out to Dataflow to achieve this use case. Please refer to this Reference Architecture to have an idea of how this can work, in there you will find some Java classes examples. You can modify it if needed so that you can ingest it to BigQuery.
As a quick workaround, I would consider moving the tables with PII into a dataset with restricted access. Then, in a new dataset, create a view that does not include the sensitive columns. Give users query access to only the dataset with the view, and not the private dataset.
https://cloud.google.com/bigquery/docs/share-access-views
This feature is currently in preview (October 2022). Talk to your Google Cloud sales rep to see if it can be enabled for your project.
I've been using Netlify for storing 100% of my app (both frontend and backend) for the last three months. So far, so good.
The only problem now is that I need to store a custom property for each user (say, the phone number), and apparently Netlify Identity doesn't support this (only email, name and roles https://www.netlify.com/docs/identity/).
I don't want to change the whole app to migrate to another hosting provider just for this detail (actually, I can't, it's for a client and I just don't have time), because it works great, but at the same time I need it.
Can you think of any workaround to this? The less "hackish", the better, but I understand that I'm going beyond the intended use of Netlify Identity.
So it actually does look like Netlify's GoTrue API has a specific endpoint for updating custom user data. After a user is created, you can update metadata by including it as "data" within an authenticated PUT request to /user.
PUT /user
{
"data" {
"custom_key": "value",
}
}
See https://github.com/netlify/gotrue for more info.
There are dozens of ways to do this, so I'll talk about two generally applicable ways now:
the most "generally capable" one is probably using lambda functions: https://www.netlify.com/docs/functions . This lets you run dynamic code, such as "store to database hosted elsewhere" or "email to our office manager to update a spreadsheet" or even "commit to our closed git repo so it's available in-code" (last one is probably a worst practice, but is possible). You can similarly use a function to read that data back out without exposing API tokens (code example: https://github.com/netlify/code-examples/tree/master/function_examples/token-hider)
you could have the data gathered via a form submission (https://www.netlify.com/docs/form-handling). I'd probably use zapier.com to receive a notification of the form submission (https://www.netlify.com/docs/form-handling/#notifications). Zapier can of course connect to just about anything on the planet :) . Getting the data back out if you want to show it in your UI is a bit more of a challenge, but you could use the above mentioned functions if you need to connect to some private data store to pull it out. Or for an MVP, just not show it, only let people enter/update it ;)
im building a specific book reader like app.
Main page call api/booksList and receive the json array containing each book info like:
[ { id: server_db_id, title: "title test", sum: 10 , date: ... }
]
ans its cached after the request, so im not saving the book list into indexedDB, localStorage or other storage. If i need one specific book, i just call the api book list again and filter it. Is that bad design? (book will be over 200 items)
Whe user open the book, it call the /api/book/book_id and its cached too, the opened book response is a json list of the lines of the book, eg:
[
{
id: ...
content: "This is line...lore ipsum..."
....
}
]
I put the api response inside vue data variable and the component is rendered correclty
Im not using any kind of handler for keeping this offline by my hand. To detect if user already opened this book, i just call the api, check if errors happened or the responde body has content.
Is that a wrong, bad or stupid decision? Will this hit the quota limit api or other kind of limitation? The "gods" of pwa will raise the finger to me and say: WAAAT. (im not using indexedDB at first because it need some models handling and i want to make things easier if possible)
I my self was just researching this and concluded, at the moment I am going to go with this method, where I use cache for assets, js, css, html etc based on their matching routes.
Then when it comes to data e.g. json requests etc. Its best to store them in indexedDB (or an equivalent), which really does not require a model or schema as such.
See Jake Archibald's IndexedDB-Promise library https://github.com/jakearchibald/idb its really simple to get your head round.
Though both Jake and Addy say it's not a defacto rule, so you can decide ultimately what is best for you.
Read this for better clarification
https://developers.google.com/web/ilt/pwa/live-data-in-the-service-worker
https://medium.com/dev-channel/offline-storage-for-progressive-web-apps-70d52695513c
It helped me to make a better decision on how to go about moving forward.
Recommendations Also
Check out PWA Training: https://developers.google.com/web/ilt/pwa
Workbox: https://developers.google.com/web/tools/workbox (This has sped up my development massively!)
Codelabs: https://codelabs.developers.google.com/ (Search PWA)
The guides on here are really good at taking you through everything you need.
Good Luck with your PWA
Random thought (edit)
One thing that makes me question this though is based on some of the examples and guides I have seen is that, data storage is handled in a more ad-hoc manner. For example, if the PWA calls out an API, there are two methods I have come across where you can either manage cached data in the application or in the service worker, e.g. if your API calls to get JSON fails in the app, it can revert to getting data in the indexedDB which hopefully was pre-cached the first time your app called the API.
Or you can use self.addEventListener('fetch', (event) => { ad-hoc stuff here }) this is where you can match either an asset, or data request and hijack the response with either a cache or indexedDB response. Which prevents the need handle offline data in your app.
The first method makes me feel uneasy so i'm gonna go with the addEventListener approach both in the service worker cause thats what it is there for plus my app does not then have to worry about that.