I'm currently providing an #OpenSource#PHP library for #Firebase for free. #Funding works as you might expect it: it doesn't. Firebase is a commercial service, so I'm thinking of migrating my library and its future development to a paid one. Does anyone have experience in doing so? I know I could distribute it with private packagist, but is there a an already existing system of processing licenses and payments?
The worst part is that I still hope that these "cries for help" will achieve anything. There are far more capable people with more reach who are not able to receive proper funding, and here I am crying about it. (3/3)
I've seen hybrids, like the code is free, but if you actually want to talk to the dev, gotta pay. GH issues don't get a response unless from a sponsor. Etc. I think that's a reasonable middle ground of communicated properly.
"You want this bug fixed? Here's my hourly rate. You want this pr reviewed? Here's my hourly rate." (Or "here's the github sponsors link," or whatever.)
If someone makes a fuss, link them to some standard explanation then block.
Over the past week, I've been working on a #Vue / #Firebase / #Bulma app that has been sitting in the back of my head for a decade. I'm using composables for every logical object. This would be sooooo much more code with the options API but I can't help but look at a 1000 line view and think that I could make things even better.
@D5V3 Nah, it's for another project I'm working on. It's for talent match-making on tech projects.
The website requests the user's location and then the browser asks the user for permission to report it. There are ways around the bit where the browser asks for permission but it gets expensive.
"900 Sites, 125 million accounts, 1 vulnerability"
"""
TLDR:
Firebase allows for easy misconfiguration of security rules with zero warnings
This has resulted in hundreds of sites exposing a total of ~125 Million user records, including plaintext passwords & sensitive billing information
"""
This past autumn, I started playing around with the Composition API, and at the October 2023 Hack and Tell, I put that knowledge into writing a “Job Tracker“. The job tracker used Vuex and Firebase Authentication to log a user in using their Google credentials. With const store = useStore() on your view, you can do something like Welcome, {{user.data.displayName}} but using this technique you can also use …
… to kick off the authentication of the user. I want to use it to finally finish the State Parks app but I also want to use Pinia instead of Vuex, I wanted the resulting app to be a PWA, and I wanted to allow the user to log in with more than just Google credentials. So, this past week, I wrote my “Offline Vue Boilerplate“. It is meant to be a starting point for the State Parks app and a few other apps that I have kicking around in my head. I figured that this week, we should go over what I wrote.
Overview
The whole point of this “boilerplate” application was for it to be a common starting point for other applications that use Firebase for authentication and a NoSQL database. It uses:
I was using a lot of this stack for work projects, also. It is nice because Firebase is cheap and robust and you don’t need to write any server-side code. Hosting of the front-end code is “cheap-as-chips”, also. The Job Tracker is hosted using Firebase Hosting (which is free on the spark plan) and The Boilerplate App is hosted using Render, which is just as free.
Authentication
I am most proud of how I handled authentication with this app. Here is what the Pinia store looks like:
From your view, you can access {{ user }} to get to the values that came out of the single sign-on (SSO) provider (the user’s name, email address, picture, etc). For this app, I used Google and Microsoft but Firebase Authentication offers a lot of options beyond those two.
Adding Google is pretty easy (after all, Firebase is owned by Google) but adding Microsoft was more difficult. To get keys from Microsoft, you need to register your application with the Microsoft identity platform. Unfortunately, the account that you use for that must be an Azure account with at least a Cloud Application Administrator privileges and it can not be a personal account. The account must be associated with an Entra tenant. This means that you need to spin up an Entra tenant to register the application and get the keys.
The third SSO provider that I was tempted to add was Apple but to do that, you need to enroll in the Apple Developer program, which is not cheap.
Firebase Cloud Firestore
I have become a big fan of Firebase Cloud Firestore over the years (at least for situations where a NoSQL database makes sense). The paradigm that I started playing around with last year involved putting the Firebase CRUD functions in the composable.
Here is an example <script> block from the Job Tracker:
The author of the view doesn’t even need to know that Firebase Cloud Firestore is part of the stack. You might wonder how security is handled.
Here is what the security rule looks like behind the job tracker:
The rule is structured so that any authenticated user can create a new record but users can only read, delete, or update if they created the record.
How I made it into a Progressive Web App (PWA)
This is the easiest bit of the whole process. You just need to add vite-plugin-pwa to the dev dependencies and let it build your manifest. You do need to supply icons for it to use but that’s easy enough.
The Next Steps
I am going to be using this as a stepping-stone to build 2-3 apps but you can look forward to a few deep-dive posts on the stack, also.
Have any questions, comments, etc? Please feel free to drop a comment, below.
Od wielu lat używam #firebase ale nigdy niehostowałem tam żadnego produkcyjnego serwisu. Pierwszy postawiłem dopiero w tym roku. Przy śmiesznym wręcz ruchu w okolicach 6K użytkowników i o tego stronie statycznej miesięczny koszt to w przybliżeniu 30$.
Porównanie prędkości z najtańszym hostingiem współdzielonym wcale nie powala. Jedynie deploy jest przyjemniejszy #webdev
“Starting November 9th, 2020 end users will no longer be able to grant consent to newly registered multitenant apps without verified publishers.“?!? What the hell?
If you go to https://boilerplate.jws.app/login, you can use "Login with Google" and then "Link with Microsoft Account" so that you can log in using either. If you click "Login with Microsoft" and then click on "Link with Google Account" it seemingly just converts it to a Google account instead, though and I'm not sure the reason why. :blobcatthink:
Est-ce qu'un geek peut me confirmer que l'outil https://ntfy.sh/ peut permettre de se passer de #Firebase pour les notifications sur téléphone #Android ?
Hey devs, I am working on a project that requires restricting a #fastapi API from public access, but data generated from API needs to be made available to clients. So, came up with this workflow, what do you all suggest?
I’ve been confusing Google’s #Firebase with the open source database #Firebird all this time and wondering why so many job descriptions were listing it. I was under the impression that Firebird must be experiencing some new wave of hip coolness among developer communities. 😂
🚀 Release 5.0 of kreait/firebase-tokens, a #PHP library that enables you to verify #Firebase ID Tokens and Session Cookies, as well as to create custom tokens, adds support for PHP 8.3 and drops support for PHP 8.1.
I genuinely thought that using ChatGPT to come up with a list of parks in Wisconsin would be easier than it is. I went through this process manually ~2yrs ago and it took entire weekends. Using an LLM, it took a day but you have to give it 3-5 parks to research at a time, limit it to one thing to research about at a time, and sometimes you still get "Come back in an hour. You are using too many resources." errors.