We are going continue and wrap-up our mini-series on using Firebase Functions in this post. We will put in place one of the most often used patterns for Firebase Functions and that is to expose a REST API.
We are going continue with Firebase Functions in this post. We will start to see the power of Functions and how we can take advantage of them.
We are going to go on a tiny detour here. To this point we have been working in our React application. In this post I want to create some back-end helper functions. To do that we are going to create a new nodejs project.
In the last Media Library post (#21) we addressed client-side authorization. That is, we established how the front-end renders the app based on who the user is, or better said, what the user's role is. You can think of this as a courtesy to prevent the user from doing things they should (will) not be allowed to do. We still need to implement code on the server that similarly controls what the user can do and what data they have access to. This will save naive users from getting into trouble, but also will prevent malicious users from doing things we don't want them to do.
In this post we address the server side of authorization. It might sound strange to say we need to address server side authorization in a serverless application but in fact, authorization, introduces a somewhat unique challenge to serverless applications (like the one we are building).