2 apps with the same database in Firebase - database

My project is to create an app similar to Uber.
There are 2 APPs, one for partners and the other for clients and I saw that I can create more than one app within the same Firebase project,that way I can use the same database for both APPs.
What I did not understand, how to do is differentiate the partners and the clients?
In the "Auth" menu, I would have to differentiate them with a Boolean.
Can I do this using Firebase? If not, does anyone know show me another way to do? or another database?
Another question I have is in relation to part of the payment, How I store the data of the credit card at Firebase? It support for this? Does anyone know show me a library to make payments straight through the app?

I don't think you can do that from the "Auth" Menu. This "Auth" function is only there for the sole purpose of letting user signup and login to your app.
You just need to implement the user category in your Real time database.
Store the user's uID, with key:value "userType":"client" or "userType":"partner".
And whenever the associated uID logs into your app succesfully. you need to read from the Real Time database to determine whether this user is a "client" or "partner" and show the appropriate functionality accordingly (or direct them to a different View controller eg: ClientViewController / PartnerViewController). Or if you have 2 entirely separate apps. Then this can act as a verification, just to make sure if this user is indeed a partner / client.
I'm not sure what to do with the payment system. But you can look at library like Braintree or something.

Related

Chat with React and Realtime database firebase. Do I need backend? How can I structure my data?

I'm working on a project using React 18 with Firebase Authentication and Realtime Database.
The project is a real-time chat between two users, I wan't this project to be very secure and protect messages/conversations. I have the following "cases" or "rules" to specify this chat functions:
User with profile Volunteer can chat with maximum 10 users with the simple-user profile.
Volunteer can see previous messages or the "history" with a registered simple-user but simple-user can't see previous messages. I need to protect chats for simple-user.
All the active "chats" between one volunteer and maximum 10 simple-users have to be seen just for the Volunteer profile. The simple-user just send and receive messages with a random Volunteer.
I search on the Internet which database fit better with my project model and Realtime Database looks like the better option. But now I would like to have your opinions about how can I handle the database to get the data and connection that I need according to the previous rules I wrote.
I know Firebase is a No-SQL database, but I create this diagram to know if the data structure for this chat could work.
If I store different information like the image above, could I get the information I need from each chat?
Turn is the working shift time that "volunteer" is working on the chat platform.
Session is the information of the turn of that volunteer and simple-users that they talk.
Chat is the "conversation" or the instance to generate messages between two different users.
My questions are:
Do I need a backend project such as nodejs? This backend would be for store the endpoints to firestore and apply some logic rules for queries this way I can have a React project without logic
If I structure my database like the image above, can I be able to get the information to achieve the "rules" that I need?
Do you have any suggestion to build a chat like this? In the future this project could be huge with a lot of data store and multiple users chatting with each other. Right now I have just the UI code and firebase connection. No other code yet.
Thanks for your contributions!

Custom permissions for different user types django rest framework

For Django-reactjs project, I have a user model in django which has 3 boolean fields (is_admin, is_moderator, is_normal_user), and I also have 3 other models, I want to set permissions for each user type. The user can only create objects for 1 model only, the moderator is the only one that can edit a certain model field, and admins can do everything.
It might be a trivial question but I am a newbie in Django and React so If you could please tell me how can I handle it with custom permissions(some steps to follow) and also how these permissions are handled from React.
Thanks in advance!
You need to check if the user has permission every time he is making an action, so when the React app calls your Django API, it will provide an authentication token right? That tokens corresponds to a unique user, so you can just do an if statement:
if request.user.is_admin:
do_everything()
elif request.user.is_moderator:
do_other_stuff()
While in the react app you would need the information if the logged in user is a moderator, admin or a normal user, so you can display the pages accordingly. To get that info, you may want to implement a '/me' endopoint that returns info about the logged in user, containg his status.
If you have no idea what Im talking about, I strongly recommend you to take a look at this video: https://www.youtube.com/watch?v=0d7cIfiydAc
The whole subject is too long for a stackoverflow answer.
Contact me if you still have any doubts.

User Roles / Permissions on Frontend - React / GraphQL / Apollo Client

Recently started working with React / Apollo Client / Auth0 / Hasura and have some questions on handling frontend permissions. I'm using Auth0 to handle my authorization on whether a user is logged in and have my backend setup to check as well when handling mutations / queries. My question is now how to handle it on the front end.
A user can create a team that will store the info in my "teams" table and also create a record in my "team_staff" table as either a manager or coach. That was all straight forward. What I'm looking to do now is when a user visits, for example: www.mysite.com/team/update/1 to check if the user exists in the "team_staff" table and if not show them an error message or even a redirect. Also looking to hide certain buttons when viewing a team based on whether they are a staff member or not.
Should I handle this at the login and do a query for all the teams that user is a staff member on and store in a session / cookie or have a query / check inside that component each time it's called? Or am I way off and should do it another way?
Hopefully this question makes sense. Thanks!
This question makes sense, I believe many developers would have some similar problems.
TLDR;
Make API request in componentDidMount to get the right permissions (after signed in of course).
For this question, we have many solutions, and which is the best, depends on your infrastructure, your team and so on. Basically you need to call API to check the permission because your permission stored in the backend. Never store permission on the frontend storage like session, cookie, etc.
I can give some approaches.
First, call API right after signed in to get permission information, for example:
Get list of permitted routes, then, whenever user browse to a specific route, check to make sure that route in list of permitted routes.
Get list of permitted team like array of team ids, then in each route, get team id, check if that that team exist in above list.
But I'm sure you will realize they're almost the same, just different the data you get and how to process them. And two solutions totally depends on you.
All API request should be placed in componentDidMount of page component, because you will want to make sure the permission should be applied correctly as soon as the backend has changes.
Happy coding!

How to have a safe admin handling with reactjs and firebase

I would like to add functionalities depending on whether or not the user logged in is the administrator but I don't really know which condition (for conditional rendering with delete buttons etc) I should use to check if the user is the admin or not. Is it safe to do it based on the id of the user ? In the first place, I thought about testing the user in every component I want him to have functionalities, with a state called "user" using recoiljs to get access to the user in the whole app but I'm afraid people could change the state with the react tool extension and then pretend they are the admin and so delete articles and stuff... What's the best way to test if a user is the admin or not using firebase authentification in a react project ?
It's never safe for client code to assume admin responsibilities without absolute enforcement from your backend. It's unsafe because client code can be compromised and might not work the way you expect. And it's running on a device that the user controls fully.
Client code can check some indicator to see if the user is admin (in whatever way you find suitable), but the final check needs to happen on your backend, either through security rules (if you're using Firebase products like Realtime Database, Firestore, or Cloud Storage), or in code running on a secure backend, including products like Cloud Functions.

user management with Firebase and React

I was wondering if this is possible using Firebase and React.
I want to create a admin panel where the admins can add new user and assign roles. The moderators should also be able to login and make a new post (the new post part i have figured out).
However i dont want any users to be able to register on their own, just the admin to add them to the site.
Is this possible and in that case, how? Grateful for input and thoughts
Yes its possible, just create and Interface which is able to send data to firebase.
Here you have a little example.
I've just create and APP which connects to firebase. Firebase saves a lot of time becase you dont have to control the Auth and the Users SingUp, it has functions to do it.
I will sugest you to use it with ReactForm (to send the data) abd the ReactRedux to control states and the LogIn, LogOut and SignUp.
https://medium.com/firebase-developers/how-to-setup-firebase-authentication-with-react-in-5-minutes-maybe-10-bb8bb53e8834
Fore more info check Google Documentation.
https://firebase.google.com/docs/auth

Resources