From what I´ve read from the official firebase documentation and after watching this firecast my understanding is that in order to display images on a client there are two approaches:
The first is server based,using functions and writing the SignedUrls to the database.
The second is client based using StorageReference and pointing to the desired path in storage.
I have decided to follow the second approach due to the fact that the Firebase client SDK gives you the ability to directly query a storage photo for additional useful information about the photo (creation date,metadata etc) without the need of creating additional entries in the database
(like in the SignedUrl case by using functions.storage.ObjectMetadata).
My questions are:
1) can the bucket name or the full internal photo path be used in the client code without any security risks?
The path form may be:
gs://myapp.appspot.com/bucket_folder/username/photoname.PNG (non-default bucket)
2) Are there any drawbacks by using the client SDK method over the server-produced SignedUrls?
There are two ways to access items in Cloud Storage through the Firebase SDK:
By using the Firebase SDK methods to access the data.
By using the download URL.
When you use the download URL, the user doesn't have to be signed in. But the user can only ever read the file and (as you discovered) will only have access to the raw payload of the file, not the metadata.
When you use the other methods of the Firebase SDK, your access is controlled by the security rules. So your user may have to sign in.
Related
I am successfully able to upload an image to firebase and retrieve it also.
My issue is,
I want the uploaded image to not be visible in storage section even for the admin.
Is there a method from which i can Encrypt the Image and store in firebase?
or,
Is there any rules that has to changed for it to work like my requirement?
Thanks in Advance
Firebase Storage can be used to store any type of binary data. So if you don't want the images to be visible by a collaborator on the Firebase project, you can encrypt the data on the client that uploads the data and then decrypt the data on any client that reads it.
This requires no changes to the security rules, as those don't access the binary data of the files.
Im using Real-Time database to storage my users Profiles.
Each of the profiles can contain multiple rooms, where each of them contain their own picture creating a quite complex structure.
Here an example:
To make it easier to store the pictures to the corresponding profile, and room I am changing my pictures Bitmap in android to a String before I parse the object into the Database, and then when I get the object back I transform the String back to the Bitmap.
I was just wondering if this comes with any down cost in the future. Or if this implementation is safe where we put more data in the databases.
With your current database structure as-is, you will run into problems.
With the Realtime Database and this structure, everytime you request "user/SOME_ID", you will download all of the data below it - including your serialized images. Consult the database structure guide for information on how to flatten your data out so this doesn't occur.
Furthermore, I would recommend making use of Cloud Storage for Firebase to store your images in their native binary format rather than serializing to Base64 taking up ~30% more space. Like the RTDB, storage can be secured with rules if you store the files in structured locations like "user/SOME_ID/roomImages/ROOM_ID/..." or "roomImages/ROOM_ID/..."
I think that's not safe and bad implementation because u save users data in a third party service even without any encryption rather than storing it in your back-end which you have full control on it.
if I was A user for your app I didn't like that but if this app just for testing something there is no problem.
I was wondering if there is a way to create a standard download URL for the storage items on Firebase, so I won't have to retrieve the URL first and then retrieve the image, since it is a costly operation for energy impact on iOS and Android?
so far i have noticed that the only thing that sets two URL's apart is the token from the end of the URL.
No, you have to use the Firebase Storage API to get the download URL. It can't be derived from the path in the bucket, if that's what you were hoping.
There can actually be more than one download URL per file, they can be used independently, and you can revoke access to any one of those URLs at any time in the console. That's what the token is for, and what makes each URL unique, and this is why you need to use the client API.
I am creating an Android App where Firebase is the backed. In my app, I have some selected images that I have stored inside my Firebase storage by direct uploading (Without coding).
Now I have to view that images in my app through a recycle view. For that purpose, I have to get the download URL of all the images and put them into my Firebase real-time database programmatically so that I can access the URL to my app. Is there any methods available for that?
I have tried to iterate through storage, unfortunately there is no method for that.
There is currently no way to iterate a list of files in Firebase Storage using the Firebase SDKs. Instead, after you upload a file, you should also store its download URL in Firebase Realtime Database (or some other place) that you can query for the download URLs.
I was searching for a proper answer to this question for 2 days. What i found is, There is no proper API or Class in Firebase Storage for the same purpose. If you guys want to do the same effectively, get the files in your code programmatically and upload them to firebase storage through a loop. Through that you can get the download links after uploading of each files. Store it in the Real time Database of Firebase.
You can create a function that can can return a file. You can set up a /link url in the hosting to that function.
I have yet to find any good documentation to tell me how to manage this issue. Is there any guidance someone can reference for this issue?
For an Android app, I have started using Google Firebase Storage along with my realtime Database, and I have a question on how to ensure file uploads and database updates happen in the proper order.
Previously, I was encoding an audio file to a string and uploading it to FB Database along with other related data as a single hash map to ensure consistency. The related data that is being stored is a POJO relating to what users can access the audio, the path where the audio is stored in the database, and more.
My new set up is first to upload the audio file to FB Storage, and, once the file is uploaded, trigger a FB Database update for the related data. Once the database listener indicates completion, the app moves to a different activity.
I am concerned that this two step process is unstable (user leaves the activity before both tasks are done, Storage upload is interrupted and Database update never occurs, etc.). If the Database information isn't updated, the other users won't be notified that the audio file is online and they won't have the path to reference it stored in the database.
What is the proper order for structuring simultaneous Storage and Database uploads in the new Google Firebase?
Thanks,
Andy
Not sure why there are no solid answers for this yet. Anyway, I have faced very similar problems and eventually resorted with nested-updates using completion blocks (exactly how you described in your question).
Very recently, Firebase introduced cloud functions. I am utilizing this to watch the files that are uploaded, and then create a metadata entry into FB Database with the cloud function.
Basically, I use childByAutoId() to generate a key which is used to name the file. For example, profile pictures are saved at "gs://bucket-id/profile_pictures/somerandomkey.jpeg". Then I create a metadata entry into my FB database with cloud functions by utilizing the key from the filename.
I am not sure if there is a better way, but using cloud functions surely seems like a better approach than the nested-updates approach.
You can upload image using Firebase Storage, in success you get a downloadable URL of that image. Then put all the values in the custom object including that image URL and save that object in RealTime Database of Firebase.
And you can use the image URL by retrieving object from RealTime Database.