Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "firestore"
Alright, time to do some explanation.
Q: where tf are you bruh
A: in your mo-uhhhhh alright, so I was chosen to be the main developer for an interactive promotional video for my school (every year the school holds something called an open day, where kids from 8th grade can come to the school and have a tour in the school first hand. Because of the coronavirus (just gonna call it “the rona” from here) this is now impossible so we are losing the interest and the first impressions so the school decided to make an interactive virtual one). They asked me if I want to do it and I said yes.
Boy, was that ever a mistake... (hint: it was a huge mistake)
So the guy who talked to me and asked if I wanted to do this was my grade’s manager, and he gave me the phone number of my PM. So we talked and stuff, and then this happened: (bruh = PM)
bruh: I’ll send you the API and documentation for the thing that we are working with! They have lots of examples and stuff and they’re Israeli too!
Me: Okay! What language are we talking about here?
Me: (questioning life choices) Okay!
So, what was the objective for me? Build a Firebase client that sends the user’s score and choices to Firestore after he chooses something in the interactive video (for example, go to chemistry or go to physics) while learning JavaScmeme (ECMEMEScript) as I go.
Deadline? A week and a half.
After working almost 12 hours a fucking day, I made it work. Sorta. In order to reconcile with small exceptions and edge cases in the interactive video, I had to hard-code some IDs in the code. I had no choice, since I couldn’t allow myself to spend more and more time to make my code more dynamic than it was because I simply didn’t have time. The code absolutely STINKS but it works.
Today is the day where we (aim) to finish all of the cosmetic things that we need to fix. All of them are non-essential for everything to work, but we want to make this thing presentable because we want to put this on the school’s website.
So we were making android application for our college festival.. we decided to use Firebase as our primary service for "everything". Decided to use Firestore as database as it wouldn't require much web API call, and mainly as it had a free plan.
We thought that we would never hit the limits of free plan... Needless to say, we started hitting the daily limits about a week before the fest. And it became more of an issue a few days before the fest when we started to hit the limits within 4 hours of the day!!!
But we were lucky enough that the app sustained on the day of festival, lucky enough!!1
Marketing department sometimes are so Fucking annoying in the context of they " just found out certain technology" and try to enforce us to implement.
For example recently this guys just found out firebase(Firestore thingy ) and keep asking us to implement into the app (E wallet app) which our software architect refuse to use firebase( I agree with him) because in the long run , the project will definitely get surprising prices in the invoice.
Also, our DBA had started to implement Apache Cassandra .....
So dear marketing department, why don't you guys shut up and let us do our job and let our software architect do his job? Fuck off!14
LOL XCode....I think they meant "X"tra useless, resembling such as a bag of dicks without handles!!!!
Also, being fucking buried because there's aren't any devs anywhere to be found near me makes me extra cranky!
Ive been hammering away at this Flutter, Java, Swift, Python, and Google maps for just about 36 hours on 3.5 hrs sleep. I just can't stop, I fuckin love this shit!!!
Considering the fact that I'm self taught and just started writing code for real about 7 months ago, I'd say I'm handling this alright for now. Every bit of tech is getting shot out of a cannon at this one- maps, real time tracking, state level auth/Id verification, custom components like ID scans/native desktop applications on custom linux machines, body cams, SIP trunking... all in 3 apps which are 100% multi-platform and scaled up to high end enterprise levels and being groomed for national release. I'm writing the code and doing the tech for ALL of it- even down to custom painted barcode scanners, a wallet system built from scratch, GPS integration, location/geofence based document querying... holy fuck guys I'm gonna fuckin die haha!!!
I went from barely getting websites made in late summer to this very moment, where I am pumping shit out in Flutter, Dart, Python, CPP, Js, Swift, Java, Kotlin, Obj-C, SQL/noSQL, and who knows what else.
I don't even know what the hell I just said haha I hope everyone has a great day!
so i have read over a 100 so questions trying to understand how authentication / authorisation / sso / security...etc etc work and i am almost clueless.
My end goal is to create a login system for this client for which am surely gonna use firebase/firestore/some 3rd party logins, but i thought of learning about these stuff anyways.
So back to my question , here is some basic but secure(i guess?) authentication system that i vaguely understood, kindly let me know if it has some vulnerabilities:
1. REGISTRATION: When user opens the app, it will ask for user details(say name, email password, gender). then it will create a rest based post request to some endpoint say https://server/create/ . on the server, the code will receive the entries encrypt the code via some function ECTR, which will work in the following manner:
$> password----->ECTR---> encr_pass+ hash
the encrypted password(aka encr_pass) will be stored in the database while the hash will be returned back to user for automated login.
For next time, the user's device will be able to access any info if it either sends user email +password or the hash . the 2 paths would work like this:
1. if user's device sends hash, then hash will go through a new function on server DCTR along with original encr_pass to generate the original password. this password would again be passed through ECTR and should be generating the original encr_pass and hash. if both of these matches, the login is authorized else a malicious attack. i.e:
$> hash+encr_password(from the server)--->DCTR-->password
$> password---->ECTR---> encr_pass2+ hash2
$> check(encr_pass2 == encr_pass) and check(hash==hash)
most of the times this route will be followed for accessing any resources since hash is stored in the app securely and won't make user login again and again
2. if user's device sends email + password, the password would again go through ECTR function and matched from the server stored password. i.e
$> password--->ECTR--> encr_pass2 + hash
$> check(encr_pass2== encr_pass)
this would happen when the user had manually logged themselves out and trying to log back in
We can make the ECTR and DCTR more secure by using multiple attributes/timestamp/stuff idk for generating encrypted password and hash
So is it a correct implementation? Does it have any vulnerabilities? I would like to read some case studies/ research papers on this if possible7
Just built a solid desktop app for MacOS with Flutter that's worthy of shipping. I gotta say I'm pretty stoked about it, even if it isn't nearly as dope as LOIC. Haha chargin muh lazers!
I'll get some screenshots up soon!!
I also wrote a comple CLI interface for Firebase management using Python. Advanced auth abilities, CRUD capability, full json import/export, verification/password resets, you name it. Well, except full Firestore/mobile OTP features but it's still a win. Actually dicked around and made a cool little Firebase chat program in the terminal with the Python interpreter.
Finished up my first apps in React, React-Native and Ember, my 2nd with Electron, and also got my first Firebase hosted site up and running. Solid day!!! Cheers to that. And cheers to all of you amazing bastards!3
Anybody here work with Firebase before?
I have a web app (react) that writes to a Firestore DB and a mobile app (react-native) that reads from the DB. As of right now, in my Firebase console I have the project set up as a web app project. Is this ok even though I’m reading the DB through a mobile app? Let me know if I’m not clear at all. Thanks!8
How are you all controlling your smart home? Has anyone else experience with self-coded controlling?
I have made very good experiences with ioBroker and a sync to Firestore. I am currently able to controll everything neatly with Google Home and Assistant, log my entire home's state periodically to BigQuery, from where I can analyse everthing later on an controll everything via an Progressive Web App. You can check it out here: https://smart-connect-demo.web.app/6
Any Firestore experience willing to help me ?
I got 3 big collections let's say they are 1:1:n how should I save them in 🔥 so I can query them efficient when I have parameters for each of them in a query
I have almost no experience in TDD and have to use it in a uni course where I build an Android app connecting to Firebase. I have googled for I don’t know how long and found no examples or got repos with unit test using Firestore.3
So if only one query on a firestore collection returns 1000 documents, this is considred as 1000 read ?
Or only one ?
Docs say 1000 !
And since the cache os 30min long, if the user came to the same and open it 30sec later, ill be charged for 1000 reads ?
Well well well !2