Hosting on Firebase - firebase-hosting

I was trying to host a website on firebase and this keeps coming up enter image description here

If you want to initialize a Firebase project using the CLI (like you're doing), and you want to use Firestore or Storage, you first have to go into the Firebase admin console, click on Firestore and/or Storage, and select a location/region for your database/storage buckets. The error you're getting is that you're trying to set up Storage but you haven't yet set a Storage location for your buckets.

Related

How would you design a video upload system using gcp and Go?

I want to build a tiny story system where users can upload videos.
I'm using Firebase and the frontend will be in flutter.
I'm struggling a bit to design the flow from frontend to my Go backend. What's the simplest way to achieve this ?
From what I understand I could use different flows:
Front ask for an upload signed url to Go backend
Backend generate a gcp storage signed url
Front uploads the video
Front send the link to backend
Backend transcode the video
Backend store the link in firestore
Or
Front use directly firebase storage
Front send the link to backend ?
What's the benefits of using an upload signed url vs directly firebase storage?
Thanks in advance
What's the benefits of using an upload signed url vs directly firebase storage?
Firebase storage offers simplicity of security rules to restrict access while using GCS directly will require you to have a backend to generate signed URLs. I would prefer signed URLs when it's the system does not use Firebase Authentication or you want some validation before the file is uploaded as first place. However most of that can be done using security rules as well.
When using Firebase storage, the upload is simpler just by using uploadBytes() function while signed URLs would require some additional code. An example can be found in this
I am not sure what you mean by 'transcode video' but you can use Cloud Storage Triggers for Cloud Functions and run any actions such as adding URL to Firestore or process video once a file is uploaded.

Cloud Storage - Disabled Public Access Prevention, but Failed

Okay, I was using Flutter and Firebase to upload data into Cloud Storage. I gained the downloadURL which can be accessible on web if people know the URL. I had enabled Public Access Prevention in Google Cloud Storage Console based on this doc and chose Access Control Uniform for this on doc.
I also had added Security Rule in Firebase Cloud Storage, so only Users with certain custom token can use it. But, it seems useless as everyone can get its downloaded URL. My question is why is that I still able to access the file if I am using the same URL which was I stored in Firestore? You can test it on this url.
Can hacker get the download URL I downloaded from Firestore?
Is there a secure way to download song from Firebase Cloud Storage so hacker won't get its URL?
Thank you for helping me out.
Updated v2:
I just found out that current audio file has its own AuthenticatedUrl as shown on this picture below. How can I get access to this url?
Updated v1:
I think I haven't activated Firebase App Check. Does this feature have ability to prevent it from being accessed publicly or maybe there is other things that I have to do to be able to prevent it being accessed publicly, beside all ways I described above???
Security rules only check if a user can get the download URL and do not restrict anyone from using it. You can use the getData() method instead. It doesn't return any URL and downloads the files directly and is controlled by security rules. So a user must be authenticated to fetch them.
As mentioned in the Answer :
If you're using the FlutterFire Storage library in your app, you can
call getData on a reference to the file to get its data. So with
that you just need to know the path to the data, and you won't need
the download URL in your application. Once you have the data locally,
you can create an image out of it with: Converting a byte array to
image in Flutter?
Unlike download URLs, the call to getData() is
checked by security rules, so you'll have to ensure that the user is
permitted to access the file.
You can also refer to this Answer :
For web apps: in the JavaScript/Web SDK using a download URL is the
only way to get at the data, while for the native mobile SDKs we also
have getData() and getFile() methods, which are enforced through
security rules.
Until that time, if signed URLs fit your needs
better, you can use those. Both signed URLs and download URLs are just
URLs that provide read-only access to the data. Signed URLs just
expire, while download URLs don't.
For more information, you can refer to this Github issue where a similar issue has been discussed.

How to do Google App script firestore connection

I am developing an addon for gmail and the data I need is in the firestore. Can they help me connect firestore with Google app script
The easiest way to use this library is to create a Google Service Account for your application and give it read/write access to your datastore. Giving a service account access to your datastore is like giving access to a user's account, but this account is strictly used by your script, not by a person.
If you don't already have a Firestore project you want to use, create one at the Firebase admin console.
To make a service account,
Open the Google Service Accounts page by clicking here.
Select your Firestore project, and then click "Create Service
Account."
For your service account's role, choose Datastore > Cloud Datastore
Owner.
Check the "Furnish a new private key" box and select JSON as your
key type.
When you press "Create," your browser will download a .json file
with your private key (private_key), service account email
(client_email), and project ID (project_id). Copy these values into
your Google Apps Script — you'll need them to authenticate with
Firestore.
[Bonus] It is considered best practice to make use of the Properties
Service to
store this sensitive information.
For more information on this Please refer this link.

How to have your app work offline from the start

I am looking for examples/tutorials or an explanation of how I can use my app that has both Firebase Authentication and the Firestore cloud database. I think I understand how to setup offline persistence with the Firestore db, and I think that means that data will be persisted while my app is running and should connection be lost.
What if a user jumps on a a plane with zero connection and wants to run my app and is first presented with the login screen for Authentication. Can you point to an example or tutorial on the best way to setup this so that the app can still run from the beginning with no connectivity and then be able to authenticate and put the data in the Firestore cloud database when connectivity is gained?
Thank you.
According to the official Firebase documentation:
If your app uses Firebase Authentication, the Firebase Realtime
Database client persists the user's authentication token across app
restarts. If the auth token expires while your app is offline, the
client pauses write operations until your app re-authenticates the
user, otherwise the write operations might fail due to security rules.
EDIT:
You can achieve that with Cloud Firestore by enabling offline persistence:
Cloud Firestore supports offline data persistence. This feature caches
a copy of the Cloud Firestore data that your app is actively using, so
your app can access the data when the device is offline. You can
write, read, listen to, and query the cached data. When the device
comes back online, Cloud Firestore synchronizes any local changes made
by your app to the Cloud Firestore backend.
Note that you won't need to make any changes to the code that you use to access Cloud Firestore data.
Here you can see some examples for configuring the offline persistence.

Is it safe to store user informations in the local storage?

I have a small app, i begin with IONIC and for the moment i store the token in the local storage. For the user informations (such as first name, last name or avatar for instance), how can i get that ? Should i make only one call and save those informations as an object in the local storage ? Or otherwise make a function which can get these informations when i need rather than saving that in a local storage ?
The main question is, is it safe to store user informations in a local storage ?
In general you could rely on localStorage with a Cordova app: in fact it is under the Cordova/app sandbox.
Some details and alternative (on iOS) are in this post:
http://developer.telerik.com/featured/securing-phonegapcordova-hybrid-mobile-app/
Another alternative is to use some plugin like the following:
https://github.com/Crypho/cordova-plugin-secure-storage