I am using Firebase as a RESTful API, but I would like to create some endpoints that will return specific statistics about the data in the db to the user. For example, how many registered users in the system are from a certain country. Is that possible in Firebase or do I have to make my own custom backend to handle the generation of those statistics based on the data already stored in the Firebase database?
Related
I have an existing API connected to an AWS PostgreSQL database that uses AWS Cognito for User authentication.
The goal is for users to insert data via the API with some field mapped to their Cognito id, and retrieve the same data. The idea would be for each user to only have access to the data 'owned' by them. Similarly to the way row level access works.
But I do not want to create a role for each user which seems to be necessary.
The idea would be that I need to somehow setup a connection to the PostgreSQL DB with the user_id without creating a user and handle the accessible data via a policy, or somehow pass the data to the policy directly.
What would be an ideal way to do this, or is creating a PG user for each user a necessity for this setup?
Thanks in advance
EDIT: I am currently querying the database through my backend with custom code. But I would rather have a system where instead of writing the code myself, the PostgreSQL system handles the security itself using policies(or something similar). I fully understand how PostgreSQL row-level-access works with roles and policies and I would prefer a system where PostgreSQL does the major work without me implementing custom back-end logic and preferably not creating thousands of PostgreSQL roles for the users.
You should not allow users to make a direct connection to the database.
Instead, they should make requests to your back-end, where you have business logic that determines what each user is permitted to access. Your back-end then makes the appropriate calls to the database and returns the response to the user.
This is a much 'safer' response because it prevents users having direct access to your database and it is also a better architecture because it allows you to swap-out the database engine for another one without impacting your service.
The database is for your application, not for your users.
How do I create a system user? The goal is using this user as an administrator.
I can only create normal (client) and server (something like client) users, but I'm unable to create a system user.
I tried the Atlas App Services Admin Rest API but there I can do just the same I can here.
I see that a possible solution is adding custom user data but there isn't a way in the console.
Any solution?
A server user is for backend access to your database. This may be useful if you are looking to perform backend database administration.
When you use Atlas App Services, you are creating users for frontend access to user-appropriate data. If you want to create users on the frontend with a role/privilege of 'Administrator', then you need to implement that logic.
You can create custom data for users, which is a separate document linked to the user with additional fields. A simple implementation would be a custom field 'isAdmin'.
A rule would need to be implemented to only give your frontend users access to restricted data once 'isAdmin' === true. For example:
{
"%%true": {"%%user.custom_data.isAdmin"}
}
For more rule examples: https://www.mongodb.com/docs/atlas/app-services/rules/examples/
I'm developing app for University. I will give each student a unique 10 digit Id for login(no email and password, student can just login using the given id). Now I need to restrict student to access only their data, not other students data. In firestore security rules is it possible with my implementation?
In PHP MySQL I can check it in the script, in Firebase it is still possible if I use cloud functions for all read and write operations. Is it is good practice to use cloud functions for all read and write operations?
As long as you mint a custom token for your users, Firebase Authentication will know about the user, and pass the information into the security rules of your database. Without such a custom token, there is no way to pass your information into security rules.
Is it possible for an App running on multiple devices to have their own individual Firestore database, which the user of the device can access with their own login?
No. You would typically have each user access their own collection or subcollection within the database, identified by their Firebase Authentication user id, then protect that collection with security rules.
No. You would make a database with a child for every user to keep all his data. This structure is pretty common In apps. You could also add the security features that only a user can access his own data to make sure it’s individual
I am planning to use Firebase as my backend service for the mobile application. As part of the functionality, I need to get the data from external rest API which returns JSON data. I need to update the data periodically so that I can have updated information.
I have an option to call the rest API and update firebase on the mobile application however it is not the right approach. I prefer to keep this logic on the backend service.
Is there a way to use Firebase cloud function to periodically update firebase database from external Rest API?
#Ioki, I assume what you are trying to do is make a mobile app which gets updated data every time a user goes to the app but you want this to be on the backend. I haven't tried it but you might want to use Node js with their Firebase Admin SDK.
See the link: https://firebase.google.com/docs/admin/setup
Although I think it might make more sense to use the real-time database via the iOS/ Android SDK because automatic/ value event updates are basically the purpose of the real- time database. Good luck! :)