My latest pet #project: Replace the "free" #location sharing services with simple solution where one has full control of (a) data collection (b) data storage (c) data sharing/visualisation.
If you want to give this #GoogleLatitude like alternative a go, I'd be happy for any and all comments:
I'm currently providing an #OpenSource#PHP library for #Firebase for free. #Funding works as you might expect it: it doesn't. Firebase is a commercial service, so I'm thinking of migrating my library and its future development to a paid one. Does anyone have experience in doing so? I know I could distribute it with private packagist, but is there a an already existing system of processing licenses and payments?
Over the past week, I've been working on a #Vue / #Firebase / #Bulma app that has been sitting in the back of my head for a decade. I'm using composables for every logical object. This would be sooooo much more code with the options API but I can't help but look at a 1000 line view and think that I could make things even better.
"900 Sites, 125 million accounts, 1 vulnerability"
"""
TLDR:
Firebase allows for easy misconfiguration of security rules with zero warnings
This has resulted in hundreds of sites exposing a total of ~125 Million user records, including plaintext passwords & sensitive billing information
"""
This past autumn, I started playing around with the Composition API, and at the October 2023 Hack and Tell, I put that knowledge into writing a “Job Tracker“. The job tracker used Vuex and Firebase Authentication to log a user in using their Google credentials. With const store = useStore() on your view, you can do something like Welcome, {{user.data.displayName}} but using this technique you can also use …
… to kick off the authentication of the user. I want to use it to finally finish the State Parks app but I also want to use Pinia instead of Vuex, I wanted the resulting app to be a PWA, and I wanted to allow the user to log in with more than just Google credentials. So, this past week, I wrote my “Offline Vue Boilerplate“. It is meant to be a starting point for the State Parks app and a few other apps that I have kicking around in my head. I figured that this week, we should go over what I wrote.
Overview
The whole point of this “boilerplate” application was for it to be a common starting point for other applications that use Firebase for authentication and a NoSQL database. It uses:
I was using a lot of this stack for work projects, also. It is nice because Firebase is cheap and robust and you don’t need to write any server-side code. Hosting of the front-end code is “cheap-as-chips”, also. The Job Tracker is hosted using Firebase Hosting (which is free on the spark plan) and The Boilerplate App is hosted using Render, which is just as free.
Authentication
I am most proud of how I handled authentication with this app. Here is what the Pinia store looks like:
From your view, you can access {{ user }} to get to the values that came out of the single sign-on (SSO) provider (the user’s name, email address, picture, etc). For this app, I used Google and Microsoft but Firebase Authentication offers a lot of options beyond those two.
Adding Google is pretty easy (after all, Firebase is owned by Google) but adding Microsoft was more difficult. To get keys from Microsoft, you need to register your application with the Microsoft identity platform. Unfortunately, the account that you use for that must be an Azure account with at least a Cloud Application Administrator privileges and it can not be a personal account. The account must be associated with an Entra tenant. This means that you need to spin up an Entra tenant to register the application and get the keys.
The third SSO provider that I was tempted to add was Apple but to do that, you need to enroll in the Apple Developer program, which is not cheap.
Firebase Cloud Firestore
I have become a big fan of Firebase Cloud Firestore over the years (at least for situations where a NoSQL database makes sense). The paradigm that I started playing around with last year involved putting the Firebase CRUD functions in the composable.
Here is an example <script> block from the Job Tracker:
The author of the view doesn’t even need to know that Firebase Cloud Firestore is part of the stack. You might wonder how security is handled.
Here is what the security rule looks like behind the job tracker:
The rule is structured so that any authenticated user can create a new record but users can only read, delete, or update if they created the record.
How I made it into a Progressive Web App (PWA)
This is the easiest bit of the whole process. You just need to add vite-plugin-pwa to the dev dependencies and let it build your manifest. You do need to supply icons for it to use but that’s easy enough.
The Next Steps
I am going to be using this as a stepping-stone to build 2-3 apps but you can look forward to a few deep-dive posts on the stack, also.
Have any questions, comments, etc? Please feel free to drop a comment, below.
Od wielu lat używam #firebase ale nigdy niehostowałem tam żadnego produkcyjnego serwisu. Pierwszy postawiłem dopiero w tym roku. Przy śmiesznym wręcz ruchu w okolicach 6K użytkowników i o tego stronie statycznej miesięczny koszt to w przybliżeniu 30$.
Porównanie prędkości z najtańszym hostingiem współdzielonym wcale nie powala. Jedynie deploy jest przyjemniejszy #webdev
“Starting November 9th, 2020 end users will no longer be able to grant consent to newly registered multitenant apps without verified publishers.“?!? What the hell?
Ok, I stood up my own Microsoft Entra tenant to get "Login with Microsoft" working but now I need to figure out the #firebase error "auth/account-exists-with-different-credential". I think that linkWithPopup (https://firebase.google.com/docs/auth/web/account-linking) might be the key, here. :blobcatthink:
If you go to https://boilerplate.jws.app/login, you can use "Login with Google" and then "Link with Microsoft Account" so that you can log in using either. If you click "Login with Microsoft" and then click on "Link with Google Account" it seemingly just converts it to a Google account instead, though and I'm not sure the reason why. :blobcatthink:
Est-ce qu'un geek peut me confirmer que l'outil https://ntfy.sh/ peut permettre de se passer de #Firebase pour les notifications sur téléphone #Android ?
Hey devs, I am working on a project that requires restricting a #fastapi API from public access, but data generated from API needs to be made available to clients. So, came up with this workflow, what do you all suggest?
I’ve been confusing Google’s #Firebase with the open source database #Firebird all this time and wondering why so many job descriptions were listing it. I was under the impression that Firebird must be experiencing some new wave of hip coolness among developer communities. 😂
🚀 Release 5.0 of kreait/firebase-tokens, a #PHP library that enables you to verify #Firebase ID Tokens and Session Cookies, as well as to create custom tokens, adds support for PHP 8.3 and drops support for PHP 8.1.
Unless funding is found to continue maintaining the #Firebase Admin SDK for #PHP, maintenance will be halted. This includes the #Symfony bundle and the #Laravel package.
There is a sea of Cloud Auth / Identity management providers.
There was a time I used to roll my own, but as security is getting complicated, it seems for startups & small to medium businesses it is better to use a cloud auth provider.
Please share your thoughts on your experience with this as I look into this area.