Firebase in action 2021

Firebase In
Action
Tai Duong
Head of Development
@imbaggaarm
Learn, practice and master it!
Anh Tuan
Development
@AnhTuan4198
Hoang Viet
Development
@HoangViet144

What is Firebase?
Is it something that hot?

Firebase In Action
Learn, practice and master it!

Outline
. Introduction ✔
. Why should we use Firebase?
. Firebase Authentication
. Firebase Realtime Database
. Firebase Cloud Functions
. Firebase Cloud Storage
. Relax Time
. Closing

Why should we use
Firebase?
A little bit further about reasons for using Firebase.

Cheap
Is it really cheap?
- 2 plans: Spark and Blaze (3 plans in the past)
- Free quota:
- Realtime DB: 10 GB read bandwidth (5 M message objects)
- Firestore: 20K writes/day, 50K reads/day, 20K deletes/day
- Storage: 5 GB (300 KB ~ 16667 images)
- Cloud Functions: 2 M invocations
- ...
See more here: Firebase pricing

Fast
How fast is it?
- It is a PaaS
- Faster development
- Less resource required
- Suitable for new projects, small teams

Good
Is it good enough?
- A part of Google Cloud Platform
- Host by one of the biggest CDN provider in the world
- Developed by Google Engineers
- Scales automatically, global edge cache, 99.999% uptime, robust security,...

Firebase
Authentication
Learn how to use Firebase Authentication as a
professional developer.

What is it?
Identity-as-a-Service
- Supports email/password, popular IDPs
- Phone number and custom auth, anonymous auth
- Leverages industry standards like OAuth 2.0 and OpenID Connect
- Provides backend services, easy-to-use SDKs, and ready-made UI libraries

How does it work?
Behind the screen
- Simple flow using Firebase services only
- Flow using our main auth system and Firebase services
- Flow using Firebase auth system and our resource back-end

Proprietary + Conﬁdential
Simple flow using Firebase services only
Firebase client SDK
Email/Password
or phone, 3rd
IDPs
Firebase pre-built UI Build it ourselves
1. Call Login API 2. Send login request
Firebase Authentication
3. Repond tokens
4. Save tokens in the device
5. Communicate with Firebase
Platform using tokens

Flow using our main auth system and Firebase services
Email/Password
1. Send login request
Our authentication server
Firebase Admin SDK
Realtime database with
Security Rules
Firebase client SDK
2. Call generate
token API 3. Respond a
custom FB
access token
(JWT)
Our resource server
4. Respond tokens:
- Access token
- Refresh token
- Custom firebase token
5. Login with custom token
6. Call API with
custom token
7. Send requests with access
token

Flow using Firebase auth system and our
resource back-end
Firebase client SDK
Email/Password
or phone, 3rd
IDPs
1. Call Login API
Firebase Authentication
3. Tokens
4. Save tokens in the device
Our server
5. Send login request with
firebase token (JWT)
Firebase Admin SDK
6. Verify token 7. Response
8. Respond tokens:
- Access token
- Refresh token
9. Send requests with access token
2. Send login request

Why?
Why we should use it
- Robust security
- Reasonable price (almost free)
- Faster development, less resource required
- Easily scaling
- ...

Why?
Why we shouldn’t use it
- Data protection
- In some cases, it may be slower than using existing frameworks (Django,
Express JS, Laravel,...)
- Pricing plans may change in the future
- Firebase can be stopped (who knows, right? GG has a history of destroying
their services)
- When we need to fully control and customize our system

Demo time
Now it’s time for practicing.
Github repo:
https://github.com/dsc-hcmut/fia-web
HTTPS: https://github.com/dsc-hcmut/fia-web.git
SSH: git@github.com:dsc-hcmut/fia-web.git

Firebase Realtime
Database
Deep dive into Firebase Realtime Database and its
use cases.

What is it?
A distributed NoSQL database hosted in GCP
- Realtime Database was the original “Firebase”
- Store data in JSON tree
- Realtime updates
- Offline handling
- Presence support

Realtime DB vs Firestore
What are their differences?
- A large JSON tree, more suitable for
simple data model
- 99.95% uptime
- Pricing based on data volume
- Multiple databases per project
- NoSQL, document collections structure, more
suitable for complex, hierarchical data model
- 99.999% uptime
- Pricing based on event counts
- Single database per project

Realtime DB vs Firestore
What are their differences?
- Presence supported natively
- Technically a Firebase product
- Suitable for:
- Massive updates with small data.
- Chat apps
- Realtime location apps
- Presence supported by ourselves
- Technically a Google Cloud product
- Suitable for:
- Complex data structure, queries, large data volume
- Other apps

How to use it correctly?
Suggestions for using Firebase RD as a real developer
- Read the document carefully
- Learn how to denormalize and flatten data
- Index the database, query with offset and limit
- Write security rules
- Sometime it’s better to read data by using Cloud Functions
- Use Firebase extensions to integrate with other great features.

Please use Firebase Security Rules!

Why?
Why we should use RD (when compared with SQL DB)
- Realtime support
- Fast development
- NoSQL
- Affordable pricing
- Security
- Automatically scaling

Why?
Why we shouldn’t use RD (when compared with SQL DB)
- Not suitable for many kinds of project
- Lack of querying features
- Data protection
- Pricing may change in the future
- Google may stop this service in the future

Use cases
Is it only suitable for chat applications?
- Chat applications
- IoT applications
- Websocket gateway
- Using both Firebase RD and our database server, why not?
- Or any if you need to release your application as soon as possible

Websocket gateway
An example Websocket gateway architecture
- A true workable chat application
- Same architecture as Slack, Mattermost, Discord,... (Of course they build their own
Websocket gateway)
- Better performance, lower cost, higher availability
- Suitable for startup projects

Realtime database with
Security Rules
Our server
Firebase Admin SDK
1. Send message (REST API)
with access token
Our database
2. Check permission,
write to database,...
3. Get channel member
list, roles, notification
settings,...
4. Call APIs (RD, FCM)
Firebase FCM
5.2 Push notification to
user devices
5.1 Broadcast
NEW_MESSAGE event to
channel members with ref:
ws/{user_id}/events/
User device
Channel
member
Channel
member
Channel
member
Firebase client SDK
Logged in with custom
token
Push notifications
Events
Events
Events
Observe changes at:
ws/{user_id}/events/

Security rules
- For ref: ws/{user_id}/events/
- All requests from Admin SDK are default allowed (we can restrict if needed)
- Write permissions:
- user_id == auth.user_id (in our custom token)
- Read permissions:
- user_id == auth.user_id

Firebase Cloud
Functions
A robust serverless architecture. Let’s leverage its
power with other Firebase features.

Why?
- Integrates the Firebase platform
- Zero maintenance
- Keeps your logic private and secure

When?
What can I do with Cloud Functions? | Firebase (google.com)

Example
Analyze the number of bad words in messages
Github repo: https://github.com/dsc-hcmut/fia-scripts
HTTPS:
https://github.com/dsc-hcmut/fia-scripts.git
SSH: git@github.com:dsc-hcmut/fia-scripts.git

Firebase Cloud
Storage
Good price, strong security, automatically scaling,..
Take advantage of one of the biggest CDN
providers in the world.

What is it?
A Google Cloud Product (not a Firebase product)
- Store and serve media content
- Images
- Videos
- Files
- Users created content

Why should we use it?
Does it have any secret weapons?
- Global edge cache
- Scales automatically
- Never worry about running out of space, it scales to exabytes of data
- Work seamlessly with other Firebase products, such as Authentication,
Cloud functions
- Robust security with Security Rules

How to use it better?
Let’s leverage all features of GCP
- Use different buckets if needed
- Use Security rules to secure your data
- Compress images if needed before uploading to the Cloud Storage
- Use different sizes when downloading images for different usages
- Use Firebase Extensions or Cloud Functions to resize images

This “lolrus” has a Cloud Storage “bucket” that stores “files”. Unfortunately, it
didn’t use security rules to protect the contents of the bucket!

Retrieve data in suitable ways
Security is the most important thing
- Persistent download URLs (getDownloadUrl()): Public and long-lived, but
hard to guess
- Signed, short-lived URLs (getSignedUrl()): Public, short-lived, and hard to
guess
- Public download URLs(makePublic()): Public, persistent, without security

Workshop in a
nutshell
A short summary of the workshop. Where should
we go from now?

Thank You For
Joining Us!
Tai Duong
Head of Development
@imbaggaarm
Anh Tuan
Development
@AnhTuan4198
Hoang Viet
Development
@HoangViet144

Feedback!
tinyurl.com/firebase2021

Firebase in action 2021

More Related Content

What's hot

Similar to Firebase in action 2021

Recently uploaded

Firebase in action 2021