Scenario:
I am planning to build a system that has 2 components. A Web App (Angular) that would push some data to Firebase. Before the data gets pushed , I want it to get validated by a server-side Java code. The data getting pushed to Firebase is fed to an Android application that consumes the data from Firebase. The Android user can perform some actions like changing the state of data. Before the data gets changed again there should be a server side code to validate it.
Question:
Where does the server-side code reside? Do we need a third party Web App hosting service other than Firebase?
If my code is in Java 7, what can be the possible options available?
If at all we use a third party server, how does the server communicate with a Firebase server?
Also can you please help me understand (if possible) how can we make sure that the data getting pushed to Firebase server gets validated by the server-side code before getting pushed?
firebaser here
You can interact with the Firebase Database through its Java SDK.
Firebase does not currently provide a way for you to run your (Java) code on our servers. We've covered this many times already, so I recommend reading up here: Server Side Calculation using Firebase
So you'll indeed have to host that code at a third party. Recommending a specific host is off-topic on Stack Overflow, but there are undoubtedly a lot of results of you search for Java hosting.
A common way to have server-side validation before sharing the data publicly is to have two separate lists.
moderationList
-K.....1
title: "how can we add a server side java code in firebase"
body: "Scenario: I am planning to build a system..."
messageList
-K.....2
title: "Firebase and backend logic"
body: "I am parse.com user, and now I look..."
Your users view messageList, but they write their items to moderationList. Your Java server code monitors this list, validates the item and then adds the item to messageList. This is a common queue pattern that we use a lot internally at Firebase.
Related
I have wrote a simple web application with few tables. It has it's administration area where you can manage it's table. Basic CRUD operations.
However, I need to develop an Android application which will retrieve information from this web application trough API. So I am going to write a simple API methods for fetching data. Also there will be sometimes when Android user will save some of its data to database.
Android application needs to be able to list items stored in database and bookmark some of those items over HTTP.
To me problem is how to implement SingIn / SignOut operations using Android's Google account. For example, application GMail is always signed in (at least on my device) and I want my application to be always signed in.
Then, how can I manage what items user bookmarked? Should I create a table android_bookmarked_items (android_user_id, item_id)? But then what should be android_user_id? Do I need to use OAuth?
I am doing this kind off sign in for the first time and I am really confused how to connect this web application with android user and manage bookmarked items per user...
You can make use of Android AccountManager. Check out How to get the Android device's primary e-mail address
I think i have found solution by using Google Sign-In for Android. I get idToken for currently login user before each POST request and verify it on server side. Also from the token I get property sub which is user id and store this in my database...
Auth with a backend server
However, I am pretty new to this stuff, tokens and authentication using google, I would like for someone more experinced to confirm that my solution is fine and secure...
At the current moment, I am trying to understand how to add any data to GA. I read the data from my GA account using Core Reporting API and Managment API without any problems. But now I want to add the data (the number of phone calls) to GA account programmatically. Somebody can explain me step by step - how can I do this?
The Measurement Protocol is how we send data to Google Analytics. The JavaScript snippet that we use in our websites also uses the Measurement protocol as do the SDK's for Android and IOS. Unfortunately there is no (official) SDKs for the other languages like Java for instance.
That being said you can technically code it yourself in any language that can handle a HTTP get or a HTTP post. I have personally done it for C#.
POST /collect HTTP/1.1
Host: www.google-analytics.com
payload_data
The following parameters are required for each payload:
v=1 // Version.
&tid=UA-XXXXX-Y // Tracking ID / Property ID.
&cid=555 // Anonymous Client ID.
&t= // Hit Type.
A few tips to get you started.
Check out validating hits this is very useful in the beginning for debugging your requests.
some of the parameters are only valid for certain hit types. Make sure you check the documentation.
Cid is just a string it can be anything most people send a Guid its basically used by the server to identify a unique session.
if you are doing this for an application google analytics account remember to send screenview not pageview the same goes for web application.
check the realtime report on google analytics to see if your hits are getting recorded.
Update for question in comment:
I recommend while you are getting the idea of this you start with just using HTTP GET in a web browser. Its easer to test your requests against debug that way. For example put this in a browser.
https://google-analytics.com/debug/collect?v=1&tid=UA-123456-1&cid=5555&t=pageview&dp=%2FpageA
DP is document path and I am not sure why it is requiring that you send that.
ScreenView hit type VS PageView hit type.
There are two types of Google Analytics accounts ones for applications like android applications or sometimes web applications, and web sites. Application Google analytics accounts are meant to be used with ScreenView hit (the user checks a screen in the application) type and web accounts use PageViews (the user views a webpage). If you send a Pageview to an application Google Analytics account it will accept the hit but there will be no way for you to see the data. If you send a ScreenView to a web Google Analytics account it will again accept the data but you wont see it.
I'm new to Firebase and Android programming, I have some questions regarding Firebase custom authentication.
I build an android application of social report (for broken public infrastructure) which needed simplest solution for automatic authentication. Since it is a social report app in which users shouldn't be bothered in registration process by inputing any kind of data. So I decided to use Android uuid as an identifier of user instead of email/user name/etc. I loosely implement user authentication and registration. It only need Android device uuid to register/authenticate (don't even need a password). Although, I think I've secured user data in firebase security rules well enough.
I've successfully created a custom automatic authentication/registration server with Go language which mints and store the data from the Firebase itself. These are my current workflow:
The Android client automatically sends a request to my auth server. The request data contains Android uuid and several other data. I'm going to put it in onCreate activity. So every time user opens the application up, it will request for a token.
My auth server checks whether that particular uuid is stored in my Firebase. If it is, then generate a JWT. If not, my server will automatically create a new user data entry in my Firebase and send back a new JWT.
Someway save the JWT within the client app, and use that to do data transaction with firebase.
I managed to learn the Firebase library for Android, it is great and very simple. I found a lot of Android http request libraries (two of them are retrofit and volley). Yet, I still uncertain of the best way to send the auth request from the Android client.
What is the preferred/simplest way to send custom auth request in the client app, based on the requirements and workflow I've specified above? Do I need to use http request library to simplify the code? sample/snippet of code would be very helpful. What is the best way to store and use the JWT in the client app? Is my current workflow good enough? Evaluations are much appreciated.
As a side note, this is my school final project, not a production application. So I don't mind elaborate cases like whether user is having more than one phone, or buying second phone which ought to have same uuid with the previous owner, etc. Also, please spare my weird grammar/non-idiomatic language as I'm not a native english speaker.
The easiest way with Android is to use signInWithCustomToken() on a Firebase auth object (FirebaseAuth).
Here is the reference in the docs, including sample implementation code:
https://firebase.google.com/docs/auth/android/custom-auth
Good luck with the project.
I want to be able to get a user's friends and then store them inside of my database. The issue is with javascript sdk the friends would be sent to the client and then the client would send me the list of friends.This data can obviously be manipulated now so how do I guarantee these two people are really Facebook friends? I know of the php sdk, but I am using complete java for back-end and we have no plans to ever use php.
Just call Facebook API from your Java back-end server.
There are few libraries you can use:
http://facebook4j.org/en/index.html
or
http://restfb.com/
On my web server I will be creating a custom XML file for a client app to access. This means I must authenticate the client and then give the client the XML file.
I believe the client application will need to post data (login, password) to the server and once a connection is established, it will receive the XML file from the server (most likely PHP).
If you have any advice, it would be most welcomed: particular classes to look at and any potential dangers.
I found something relevant in C#, however I am limited to Java as the app will be for Android.
Android lets you pull in external jar's, so I would use HttpClient for performing your POST operation with login info.((EDIT: Per Samuh in the comments, this is already a part of the android SDK, no need to include the external version))
Once you have the XML data in your application, you can parse it however you see fit. I would create a SQLite database for your application to store the data parsed in from the XML file. Then, when you run your app, (or the user clicks refresh), pull the XML file down, populate the SQLite DB with the data from it, and hook the UI controls to the database as done in the Notepad tutorial
The advantages of this setup are that you can always have a local copy to show the user if they are offline, and the user can quit, pause, or leave the app open or closed and not lose the information. You should implement both a refresh on demand and a regular refresh with Alarm's setInexactRepeating() so the application will update automatically in the background in a battery life maintaining way.
That should be enough to get you started.