Chat Done Right

•

1 like•78 views

A presentation given at GDG Cape Town about how to build a chat app in a very secure and stable way using Firebase. We used Kotlin and Node.js. From Firebase we used: Realtime Database, Cloud Functions, Notifications, Auth & Storage.

Technology

Chat Done Right!
With Android & Firebase

How is this going to work?
This is NOT a lecture…
‣ Interactive discussion
‣ There is no “questions” slide

Our Tools
Android
Kotlin
Firebase
Realtime Database
Cloud Functions
Database Rules

What we’re building
A chat app (surprise) that needs:
1. Authentication
2. Users
3. To send messages
4. To show active chats
5. A contact list
6. Send notiﬁcations
7. Group management

Why Firebase?
Realtime
Database
Serverless
Cloud Functions
Seamless
Synchronisation
Realtime
Notiﬁcations
Native SDKs

Write directly to DB from Android
๏ CRUD - You can do just about anything from the client
๏ Persistence and caching to writes to DB
๏ Super super fast
๏ But the are somethings better done with a Cloud Function

Database Rules
Insecure rules
(public access)
Default rules
(read/write if authorised)

All Messages
chat_id_1 chat_id_2
message_id_1
message_id_2
message_id_3
message_id_4

All Chat Previews
user_uid_1 user_uid_2
chat_id_1
chat_id_2

All Chat Previews
user_uid_1 user_uid_2
chat_id_1
chat_id_2 But how do we know which
chat previews to update
when a message is sent?

But wait, there is!
๏ Unnecessary logic on client apps
๏ Direct write access to DB
๏ Security rules management easily
becomes a nightmare

Introducing Cloud Functions
๏ Conditional triggering & throttling
‣ On node changes (has auth object)
‣ Client SDK callable (has auth object)
‣ HTTP Request
๏ Central & Secure
๏ Node.js
๏ Logging
๏ Admin rights on all operations

Calling a function
Cloud FunctionAndroid App
https://tinyurl.com/chitchatCloud
https://tinyurl.com/chitchatAndroid

Chat Done Right:
Using Cloud Functions
Trigger onWriteSend message
payload
onSendMessage
Function
Realtime DatabaseAndroid App
User 1

Why the direct write
๏ Caches the write (local state management)
๏ Avoid response delay
But!
๏ Write access risks
Solution
Only allow message creates (not updates) for
chats that an authorised user is part of.

Remember these
Insecure rules
(public access)
Default rules
(read/write if authorised)

Database Rules
Adding security: Taking it up a notch

Trigger onWriteSend message
payload
onSendMessage
Function
Realtime DatabaseAndroid App
User 1

Using Cloud Functions
for Chat
onSendMessage
Function
Chat Members
Node
Fetch
Chat Member
IDs
Write to each
Chat Preview
Chat Preview
Node

Using Cloud Functions
for Chat
Android Apps
User 1 User 2 User 3
All user
Chat previews
Updated
Chat Preview
Node
Notiﬁcations sent

Take Homes
•Cloud functions takes logic off the client
• This avoids repetition between the
platforms
• Easier to think about security
• If you can use a Cloud Function do it
•Writing directly to DB from client
• Firebase handles the persistence
• Caches writes & reads
wisani@nona.digital
adrian@nona.digital
https://tinyurl.com/chitchatCloud
https://tinyurl.com/chitchatAndroid

Наверняка тема вам уже знакома в той или иной мере. Согласитесь, так бывает, что запуская запрос мы ожидаем чего-то определённого, а получаем нечто иное. Меняем опцию чтобы запрос выполнялся быстрее, а он начинает тормозить. Ожидаем что запрос выполнится (в принципе), а он висит вечно, или даже не начинает выполняться. Ожидаем что запрос будет искать данные по индексу, а он сваливается в Full Scan. В этом докладе мы рассмотрим ряд таких непонятных, на первый взгляд, ситуаций и заглянем под капот SQL Server чтобы разобраться как это работает и почему ожидания не совпадают с реальностью.

Timings API: Performance Assertion during the functional testing

PetrosPlakogiannis

Most teams at GoDaddy follow a CI/CD process where Selenium is commonly used for test automation. When they realized that the Selenium WebDrivers provide access to the same APIs as real browsers, including the widely supported W3C performance API, the concept for the cicd-perf-api webservice was born! By inserting some JavaScript code into the WebDriver object, performance data can be collected and posted back to the webservice. The response from the webservice includes a boolean field that testers can use for assertion - just like they would with functional checks! The field indicates whether performance was above/below the baseline. With this talk Petros will give an introduction to the concept of the Timings API and Marcel will be online in order to tell us about the future of it.

.NET Fest 2017. Андрей Антиликаторов. Проектирование и разработка приложений ...

NETFest

В докладе будут рассмотрены принципы и лучшие практики создания гибких масштабируемых приложений на базе Microsoft .NET Core в связке с сервисами Microsoft Azure. Будет рассмотрен ряд полезных подходов, инструментов и библиотек, которые сильно упростят разработку, конфигурирование и развертывание приложений. Также будет уделено внимание некоторым “подводные камням”, с которыми может столкнуться человек, использующий .NET Core.

Visto il successo dello scorso anno, anche quest’anno il DotNetCampus ospita un Cert Path dedicato a chi vuole avvicinarsi al mondo delle certificazioni di prodotto e di tecnologia Microsoft. Microsoft, così come altre importanti aziende sul mercato, propone diversi percorsi di certificazione che ognuno può intraprendere, anche in autonomia, per guadagnare competenza e ottenere un riconoscimento. Una certificazione è generalmente un titolo che si ottiene dopo uno o più esami conseguiti con successo in un centro di formazione abilitato. Nel Cert Path vogliamo spiegarvi come affrontare alcuni esami di base per ottenere il titolo di MCP (Microsoft Certified Professional).

Rest api with node js and express

GirlsInTechnology Nepal

Microservice Secrets

Justin Hart

What’s new in WSO2 Enterprise Integrator 6.6

WSO2

This release aims at addressing the long-awaited JDK 11 compatibility which enables enterprises to migrate their middleware solutions to the LTS JDK version. In addition, this release features new productivity improvements including built-in test framework with comprehensive tooling support from Integration Studio and support for cloud-native integration requirements. This WSO2 Enterprise Integrator release brings new product components and features specifically targeted to help developers build and deploy container-native integration solutions easily. Watch the webinar on-demand here: https://wso2.com/library/webinars/2020/01/whats-new-in-wso2-enterprise-integrator-december-2019-release/

MongoDB World 2018: Evolving your Data Access with MongoDB Stitch

MongoDB

Code Generation for Azure with .net

Marco Parenzan

Javantura v4 - Test-driven documentation with Spring REST Docs - Danijel Mitar

HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association

Introduction to Firebase on Android

amsanjeev

API Versioning in the Cloud

Cloud Elements

Design Microservice Architectures the Right Way

Michael Bryzek

Learn from first hand, deep experience, the most critical decisions we face in building successful microservice architectures: how to think about the tradeoffs that impact the productivity of our teams and the quality of our software. In particular, understand how to avoid creating an architecture that eventually (and sometimes quickly) paralyzes our ability to execute. This talk highlights specific key decisions that very directly impact the quality and maintainability of a micro service architecture, covering infrastructure, continuous deployment, communication, event streaming, language choice and more, all to ensure that our teams and systems remain productive as we scale.

Serverless Computing With Azure Functions

Jaliya Udagedara

Progressive Web Application - Advanced Topics

Hiren Dave

Architecture in real

Michael Chen

Production - Designing for Testability

Michael Bryzek

A major part of our lives is working safely with production - yet few organizations today are designing production to enable higher quality and end to end verification of the code we write and deploy. In this talk, we build on the foundation of great microservice architectures to include the first class design of testability as one of the most important artifacts that high velocity and high-quality teams should consider. In particular, we’ll explore what it’s like to build quality software with no development, QA, or staging environments. We'll include a deep dive into “verification in production” and what it really takes to build software that can safely be tested continuously in production. Let’s build developer happiness by *knowing* production is correct. Given at QCon New York June 2017

O365Con18 - Automate your Tasks through Azure Functions - Elio Struyf

NCCOMMS

Mobile Authentication for iOS Applications - Stormpath 101

Stormpath

Want to build user authentication into your iOS apps quickly and securely? In this presentation, iOS Developer Evangelist Edward Jiang will go over OAuth, best practices, and how to easily integrating Facebook, Google, and email logins into your app using Stormpath's iOS SDK! Topics Covered: - Stormpath Customer Identity Management - What does authentication mean? - Common methods of mobile authentication - OAuth Token Authentication - Building Login & Registration with Stormpath - Making authenticated network requests - Add Facebook / Google login with one line of code - Technical Q&A

Progressive Web Apps

Yatendrasinh Joddha

devworkshop-10_28_1015-amazon-conference-presentationAlex Wu

Serverless Design Patterns (London Dev Community)

Yan Cui

Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy. Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.

What's hot

London Non-Profit Spring 22 Salesforce Release

Keir Bowden

Microservices: a journey of an eternal improvement

Anton Udovychenko

London Salesforce Developer January 2022

Keir Bowden

70-534: ARCHITECTING MICROSOFT AZURE SOLUTIONS

DotNetCampus

Rest api with node js and express

GirlsInTechnology Nepal

Microservice Secrets

Justin Hart

What’s new in WSO2 Enterprise Integrator 6.6

WSO2

MongoDB World 2018: Evolving your Data Access with MongoDB Stitch

MongoDB

Code Generation for Azure with .net

Marco Parenzan

Javantura v4 - Test-driven documentation with Spring REST Docs - Danijel Mitar

HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association

Introduction to Firebase on Android

amsanjeev

API Versioning in the Cloud

Cloud Elements

Design Microservice Architectures the Right Way

Michael Bryzek

Serverless Computing With Azure Functions

Jaliya Udagedara

Progressive Web Application - Advanced Topics

Hiren Dave

Architecture in real

Michael Chen

Production - Designing for Testability

Michael Bryzek

O365Con18 - Automate your Tasks through Azure Functions - Elio Struyf

NCCOMMS

Mobile Authentication for iOS Applications - Stormpath 101

Stormpath

Progressive Web Apps

Yatendrasinh Joddha

What's hot (20)

London Non-Profit Spring 22 Salesforce Release

Microservices: a journey of an eternal improvement

London Salesforce Developer January 2022

70-534: ARCHITECTING MICROSOFT AZURE SOLUTIONS

Rest api with node js and express

Microservice Secrets

What’s new in WSO2 Enterprise Integrator 6.6

MongoDB World 2018: Evolving your Data Access with MongoDB Stitch

Code Generation for Azure with .net

Javantura v4 - Test-driven documentation with Spring REST Docs - Danijel Mitar

Introduction to Firebase on Android

API Versioning in the Cloud

Design Microservice Architectures the Right Way

Serverless Computing With Azure Functions

Progressive Web Application - Advanced Topics

Architecture in real

Production - Designing for Testability

O365Con18 - Automate your Tasks through Azure Functions - Elio Struyf

Mobile Authentication for iOS Applications - Stormpath 101

Progressive Web Apps

Similar to Chat Done Right

devworkshop-10_28_1015-amazon-conference-presentationAlex Wu

Serverless Design Patterns (London Dev Community)

Yan Cui

Getting Started With Android Application Development [IndicThreads Mobile Ap...

IndicThreads

Session Presented at 1st IndicThreads.com Conference On Mobile Application Development held on 19-20 November 2010 in Pune, India WEB: http://M10.IndicThreads.com ------------ Speaker: Rohit Ghatol Abstract: This session looks at - Introduction to Android Android OS Capabilities Building Blocks of Android Use Case – Building Blocks and their Interaction for Gmail Client Understanding Android UI Challenges in building Android Application and Best Practices Web Services Client Database Vs File Vs Shared Preferences Minimizing GC Fetch online Vs Local Cache Working in Background Threads Building custom Widgets

CFInteropwebuploader

Android Whats running in backgroundNaval Kishore Barthwal

Serverless Design Patterns

Yan Cui

MongoDB World 2018: Ch-Ch-Ch-Ch-Changes: Taking Your Stitch Application to th...

MongoDB

Building Microservices with the 12 Factor App Pattern on AWS - AWS Online Tec...

Amazon Web Services

Building Microservices with the 12 Factor App Pattern on AWS

Amazon Web Services

by Chris Hein, Partner Solutions Architect, AWS Microservices architectures make applications easier to scale and faster to develop, enabling innovation and accelerating time-to-market for new features. But building containerized microservices across multiple teams means you need well-defined, guiding methodologies for software design and implementation. In this talk we’ll discuss architectural best practices for building containerized microservices on AWS, and how traditional software design patterns evolve in the context of containers. We will deep-dive into Martin Fowler’s principles of microservices and map them to the twelve-factor app pattern and real-life considerations. If you are building or in the process of building microservices on AWS, don’t miss this session.

Andy Malone - The new office 365 for it pro'sNordic Infrastructure Conference

NoSQLEU: Different NoSQL tools in Production

Bit Zesty

Serveless design patterns

Yan Cui

Building Microservices with the 12 Factor App Pattern on AWS

Amazon Web Services

Microservices architectures make applications easier to scale and faster to develop. But building containerized microservices across multiple teams means you need well-defined, methodologies for software design and implementation. In this talk we’ll discuss best practices for building containerized microservices on AWS, and how traditional software design patterns evolve in the context of containers. We will deep-dive into Martin Fowler’s principles of microservices and map them to the twelve-factor app pattern and real-life considerations.

Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...

Soroosh Khodami

Session Recording on Youtube https://www.youtube.com/watch?v=uWPZQ_HMy10 - Session Description Do you find yourself bombarded with buzzwords and overwhelmed by the rapid emergence of new technologies? "Stream Processing" is a tech buzzword that has been around for some time but is still unfamiliar to many. Join this session to discover its potential in software systems. I will share insights from Apache Flink, Apache Beam, Google Dataflow, and my experiences at Bol.com (the biggest e-commerce platform in the Netherlands) as we cover: - Stream Processing overview: main concepts and features - Apache Beam vs. Spring Boot comparison - Key Considerations for Using Stream Processing - Learning strategies to navigate this evolving landscape.

Office 365 introduction and technical overview

Motty Ben Atia

Develop Hybrid Mobile Application with Azure Mobile Services and Telerik Plat...

Abhishek Kant

Meet with Meteor

Tahmina Khatoon

Internet of Things and Edge Compute at Chick-fil-A

Brian Chambers

Behat internals for advanced usage. Symfony Camp 2016

Sergey Polischook

The dev ops code has no servers

Ed Anderson

Similar to Chat Done Right (20)

devworkshop-10_28_1015-amazon-conference-presentation

Serverless Design Patterns (London Dev Community)

Getting Started With Android Application Development [IndicThreads Mobile Ap...

CFInterop

Android Whats running in background

Serverless Design Patterns

MongoDB World 2018: Ch-Ch-Ch-Ch-Changes: Taking Your Stitch Application to th...

Building Microservices with the 12 Factor App Pattern on AWS - AWS Online Tec...

Building Microservices with the 12 Factor App Pattern on AWS

Andy Malone - The new office 365 for it pro's

NoSQLEU: Different NoSQL tools in Production

Serveless design patterns

Building Microservices with the 12 Factor App Pattern on AWS

Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...

Office 365 introduction and technical overview

Develop Hybrid Mobile Application with Azure Mobile Services and Telerik Plat...

Meet with Meteor

Internet of Things and Edge Compute at Chick-fil-A

Behat internals for advanced usage. Symfony Camp 2016

The dev ops code has no servers

Recently uploaded

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Free Complete Python - A step towards Data Science

RinaMondal9

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

RESUME BUILDER APPLICATION Project for students

KAMESHS29

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Recently uploaded (20)

Essentials of Automations: The Art of Triggers and Actions in FME

The Art of the Pitch: WordPress Relationships and Sales

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Artificial Intelligence for XMLDevelopment

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Communications Mining Series - Zero to Hero - Session 1

Free Complete Python - A step towards Data Science

Video Streaming: Then, Now, and in the Future

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

GridMate - End to end testing is a critical piece to ensure quality and avoid...

RESUME BUILDER APPLICATION Project for students

PCI PIN Basics Webinar from the Controlcase Team

Climate Impact of Software Testing at Nordic Testing Days

Monitoring Java Application Security with JDK Tools and JFR Events

How to Get CNIC Information System with Paksim Ga.pptx

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Chat Done Right

1. Chat Done Right! With Android & Firebase

2. How is this going to work? This is NOT a lecture… ‣ Interactive discussion ‣ There is no “questions” slide

3. Our Tools Android Kotlin Firebase Realtime Database Cloud Functions Database Rules

4. What we’re building A chat app (surprise) that needs: 1. Authentication 2. Users 3. To send messages 4. To show active chats 5. A contact list 6. Send notiﬁcations 7. Group management

5. Why Firebase? Realtime Database Serverless Cloud Functions Seamless Synchronisation Realtime Notiﬁcations Native SDKs

6. Our Tools Android Kotlin Firebase Realtime Database Cloud Functions Database Rules

7. Write directly to DB from Android ๏ CRUD - You can do just about anything from the client ๏ Persistence and caching to writes to DB ๏ Super super fast ๏ But the are somethings better done with a Cloud Function

8. Database Rules Insecure rules (public access) Default rules (read/write if authorised)

9. All Messages chat_id_1 chat_id_2 message_id_1 message_id_2 message_id_3 message_id_4

10. All Chat Previews user_uid_1 user_uid_2 chat_id_1 chat_id_2

11. All Chat Previews user_uid_1 user_uid_2 chat_id_1 chat_id_2 But how do we know which chat previews to update when a message is sent?

12.

13.

14. But wait, there is! ๏ Unnecessary logic on client apps ๏ Direct write access to DB ๏ Security rules management easily becomes a nightmare

15. Introducing Cloud Functions ๏ Conditional triggering & throttling ‣ On node changes (has auth object) ‣ Client SDK callable (has auth object) ‣ HTTP Request ๏ Central & Secure ๏ Node.js ๏ Logging ๏ Admin rights on all operations

16.

17. Calling a function Cloud FunctionAndroid App https://tinyurl.com/chitchatCloud https://tinyurl.com/chitchatAndroid

18.

19. Chat Done Right: Using Cloud Functions Trigger onWriteSend message payload onSendMessage Function Realtime DatabaseAndroid App User 1

20. Why the direct write ๏ Caches the write (local state management) ๏ Avoid response delay But! ๏ Write access risks Solution Only allow message creates (not updates) for chats that an authorised user is part of.

21. Remember these Insecure rules (public access) Default rules (read/write if authorised)

22. Database Rules Adding security: Taking it up a notch

23. Trigger onWriteSend message payload onSendMessage Function Realtime DatabaseAndroid App User 1

24. Using Cloud Functions for Chat onSendMessage Function Chat Members Node Fetch Chat Member IDs Write to each Chat Preview Chat Preview Node

25. Using Cloud Functions for Chat Android Apps User 1 User 2 User 3 All user Chat previews Updated Chat Preview Node Notiﬁcations sent

26. Take Homes •Cloud functions takes logic off the client • This avoids repetition between the platforms • Easier to think about security • If you can use a Cloud Function do it •Writing directly to DB from client • Firebase handles the persistence • Caches writes & reads wisani@nona.digital adrian@nona.digital https://tinyurl.com/chitchatCloud https://tinyurl.com/chitchatAndroid

Chat Done Right

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Chat Done Right

Similar to Chat Done Right (20)

Recently uploaded

Recently uploaded (20)

Chat Done Right