Firebase

If you like the idea of making serious web apps quickly without spending too much time on the backend, you’ll want to look at Firebase. Even if you don’t end up using it, it’s a great case study for cloud services.

What is Firebase?

Firebase is a platform for running and managing apps on the cloud. It’s a fully-featured “backend as a service” (BaaS) that scales automatically to millions of users. It offers tons of features for development (authentication, database, storage, messaging), user engagement (insights, experimentation, customization), and operations (testing, troubleshooting of stability and performance, feature rollout, and adoption monitoring). You just focus on writing your app and let Firebase manage the infrastructure and most of the tedious operational concerns.

Firebase is part of Google Cloud.

Make sure to get familiar with:

Firebase Products

As of October, 2024, Firebase provides these 21 products:

Authenti-
cation

AboutDocs

Cloud Firestore

AboutDocs

Realtime Database

AboutDocs

Data Connect

AboutDocs

Cloud Storage

AboutDocs

Cloud Functions

AboutDocs

In-App Messaging

AboutDocs

Cloud Messaging

AboutDocs

Machine Learning

AboutDocs

App Check

AboutDocs

A/B Testing

AboutDocs

Dynamic Links

Deprecated

Google Analytics

AboutDocs

Crashlytics

AboutDocs

Performance Monitoring

AboutDocs

Test Lab

AboutDocs

App Distribution

AboutDocs

Remote Config

AboutDocs

Firebase Hosting

AboutDocs

App Hosting

AboutDocs

Extensions

AboutDocs

Exercise: Browse the main page for each of the products and write one or two sentences about what each does.

There are additional sections in the documentation not counted as main products, but are essential to know about:

The documentation also shows how to link other Google products into your Firebase app, such as Google AdMob and Google Ads.

Using Firebase

When developing and managing your project, you use either or both of:

In your app itself, you access Firebase services through either or both of:

The general idea is to first create a project (generally you will do this on the Firebase Console), and add apps and services (and only the services you need).

There is complete documentation for Firebase setup on:

And if you are using Firebase form a server, check the docs for how to get set up with the Admin SDK.

Security

Before we get to our code along, a word about security!

Firebase is part of the Google Cloud, so if you are connecting to Firebase services from a server, or the console, your authentication and authorization will be configured through Google Cloud’s IAM.

But what about that SDK for the web client?, How can a web client talk to...a database 😬? The answer is: security rules. You configure rules that will examine all requests from a client—the same kinds of rules you would put in a server that your write yourself. (These security rules apply only to client SDKs; server, console, and API access use IAM instead).

firebasesecurity.png

It’s a good idea to learn everything you can about security rules, both in terms on the general approach and the specifics for different products:

So, yup, if a web client is talking directly for Firebase, there is no way to hide your database credentials at all, and you must rely on the security rules to prevent all the bad things. You can “do a little more” beyond the security rules, for example, you can:

There are some articles with security tips floating around the web, including How to Keep Your Firebase Project Safe and Secure from everyone.

Getting Started

If you have a Google account and are logged in, you can go directly to your Firebase Console and start exploring. Maybe look at the overview page of the docs and follow links to various guides, code labs and tutorials, quick starts, and samples. The Fundamentals page is a good one.

After browsing the guides, reading about the fundamentals, doing a quick start or code lab, and maybe watching some introductory videos, you will be ready to create a Firebase project of your own from scratch.

Two Playlists

The Net Ninja has a playlist on developing web apps with Firebase, using Vanilla JS. For a playlist that uses React, but fewer Firebase features, try this one from Logicism.

It is possible that they are a little out of date, as things change so fast.

Or want to learn from these notes? Let’s do a code-along!

A Code-Along

Let's build a blog web application using React with Firebase Authentication, Firestore, and Hosting.

Step 0: Prerequisites

There are things to do before we really begin.

Step 1: Get the Starter Code

We don’t need to start completely from scratch. I’ve provided starter code with very, very basic blog functionality using React only (no Firebase). Our code-along is about Firebase, after all, since we’ve already seen Vite and React.

Step 2: Create the Project in the Firebase Console

Firebase time!

Step 3: Authentication

Let’s wire in the authentication. Even though this is probably your first run through this topic, we are not going to take any shortcuts, but rather do things in an organized, disciplined manner, with, um, lots of little files. It will look like more work than necessary, but this code-along strives to teach proper separation of concerns. Our goal is a layered, modular architecture. Here’s the overview:

firebase_layers_auth.png

The big idea: Components never talk to Firebase directly. Only the services do. You will notice that the services hide the complexities of Firebase from the components.

Step 4: Add Firestore

Time to replace the mock blog data with data from a real database. In a previous step, you should have added the Cloud Firestore product, created a database, and initialized the security rules. If you did not do those things, don’t worry, you can do them now. After your database is created, continue with the following steps:

Step 5: Enable Writing

Step 6: Commit

Let’s get our work saved.

Step 7: Deploy

Now we want the world to run it.

Step 8: More Security!

Step 9: Make improvements

Keep working on the app to make it nice. There is so much we can improve.

A few things come to mind:

(This list is not exhaustive.)

When ready to deploy changes, you just need to do firebase deploy (since you have already logged in and initialized the project).

CLASSWORK
What else?
You will want to test on localhost

When doing development, you will likely be testing on localhost so that you don’t have deploy after every single change.

While testing this way, you’ll jump back into your Authorized Domains section and re-add localhost.

Learning More

This was a super basic introduction.

There are many more things to learn about Firebase. We used Firebase Authentication and the Cloud Firestore database. But we did not learn about them deeply. It’s worthwhile visiting the documentation and studying these products in depth.

Exercise: Visit the documentation for Firebase Authentication and Cloud Firestore. Read the overview and the getting started guides. Make sure you understand the concepts and the code examples.

After tackling Authentication and Cloud Firestore, consider learning about:

Recall Practice

Here are some questions useful for your spaced repetition learning. Many of the answers are not found on this page. Some will have popped up in lecture. Others will require you to do your own research.

  1. Firebase is part of what major cloud?
    The Google Cloud
  2. What is Firebase?
    A platform for running and managing apps on the cloud.
  3. What are the three main database products in Firebase?
    Firestore, Realtime Database, and Data Connect
  4. What are the two messaging services in Firebase?
    In-App Messaging and Cloud Messaging
  5. What are the two hosting products in Firebase?
    Firebase Hosting and App Hosting
  6. What are two ways to manage your Firebase products?
    The Firebase Console and the Firebase CLI Tools
  7. Within your application, how do you access Firebase services?
    Through SDKs or REST APIs
  8. Suppose you wanted to access a Cloud Firestore database from within a JavaScript application. What import statement do you use?
    import { getFirestore } from 'firebase/firestore'
  9. Firebase not only supports web apps, but also other kinds of apps. Name some.
    iOS, Android, Unity, Flutter, and others
  10. What mechanism is used most prominently for security on the client side for Firebase apps?
    Security Rules
  11. What mechanism is used for security on the server side for Firebase apps?
    Google Cloud IAM
  12. Which Firebase product is helpful for your application security?
    App Check
  13. To get command line access to firebase, what command should you first run?
    npm install -g firebase-tools
  14. When creating a JavaScript-based Firebase project the web, what two things should your do in your project folder?
    Run npm install firebase and store the configuration data in a JavaScript object.
  15. What function on the auth object are you most likely to determine whether a user has logged in or out?
    onAuthStateChanged
  16. How do you sign in a user with Google in a Firebase web app?
    You call signInWithPopup on the auth object.
  17. How do you organize your data in Firestore?
    You have collections, each containing documents.
  18. When fetching documents from a Firebase collection, what do you get back?
    A snapshot of the documents.
  19. Suppose your user id was 123. What do you add to your security rules to ensure only you can write to certain documents?
    allow write: if request.auth.uid == '123';
  20. If you want to host your app on Firebase, what three commands do you need to know about?
    firebase login, firebase init, and firebase deploy

Summary

We’ve covered:

  • What Firebase is
  • Basic Concepts
  • Setup and Security
  • Building and hosting a small React app with authentication and a database