Firebase Data Structuring - angularjs

we are building two Ionic apps at the startup I work for. We saw the benefit of rapid development that Firebase offers and we decided to use it as our backend. We are building hotel booking apps for users (people that want to search and book hotels) and for the hotels so that they can manage their bookings. The first app for the users is done and we have all our data and authentication rules stored at a Firebase Data URL. We are about to start building the second app meant for the hotels and we have some serious questions:
Should we use the same Firebase Data URL for the hotel app or should we create another one? If we use the same Firebase Data URL, that means data for the hotels and the users will be mixed and the URL will handle authentication for the entities.
Please we would really appreciate your input and opinions on best practices on how to do this. Thank you.

There's no reason why you cannot use the same URL
myHotelAppRootNode
Users
someUser
someUser
Hotels
someHotel
someHotel
Then set up the rules to restrict access.
We have data and users in the same url in our beta app and it's not causing any mixing of data; as long as the rules are correct (which can be a bit challenging).
Using two URL's may slightly uncomplicate the rules per, but then you have multiple authentication points since it's two URL's. So say, once a user authenticated with a single URL model, they would then have access to hotel data directly whereas with two you have to auth them once, and then the app would need to auth them again to the second URL.

Related

Is OAuth 2.0 required for accounts.locations.reviews.list "My Business API"?

I have a React Application which is going to leverage Google My Business API to get review data of a business.
I was expecting to use the API-KEY via REST approach however Authorization Scope mentions that OAuth 2.0 is required to use this API.
After I read more about OAuth's purpose, it seemed like it is more for application's which require access to a user's data and therefore would required a consent screen verified by google.
For my use-case however, all I need is access to all google reviews for a business and nothing related to the visiting users.
Can someone recommend an approach for this? (I don't want a pop-up/consent request when a user visits as I don't need user data.)
After much research, it seems that if you want to retrieve ALL REVIEWS for your business you will have to use Google's My Business API. This API requires you to use OAUTH2 for authentication which means (although you will not be querying a visiting user's data) visiting users will be required to provide consent pop up screen.
This leaves you with the places API as the next best option:
REST GET endpoint maps.googleapis.com/maps/api/place/details/json?placeid={your place ID}&fields=review&key={YOUR API KEY}
Although this only returns google's top 5 "most helpful" reviews, its pretty much the only way to get reviews without a consent screen unless you want to scrape data which is not ideal for many reasons...

Storing API search results in local database

Every time someone hits an API route I want to store that information in database, connected with req. IP.
Afther I would like to find some association rules based on similar searches.
Should I store some information in cookies or to use local dartabase?
Example on some hotels site:
I want to store info that i got a lot of request for cheap hotels in some specific area.
Thnaks.
Definitely in a database. Cookies wouldn't make sense because
You cannot rely on cookies for persistent data. They can expire, be cleared, etc.
Cookies can hold a very limited amount of data (4093 bytes usually)
Cookies are stored locally on your client's browser, you want information across all of your clients.
Tracking user behavior data is very common web feature. You may want to use a web analytics service such as Google Analytics rather then implement your own.

Multiple tokens (for multiple services) for single user in mobile application

I am making a hybrid mobile application, using Ionic and Cordova, for which I would like to give the user the possibility to sign up/log in with Facebook, G+, Linkedin and Instagram, and email account. I would indentify everyone by their email (to check if it's the same person, it is not a pk in the database but just an index).
I have been looking around for information about OAuth2 and looking into the documentation for the services APIs. I have understood what I have to do in the front, but I have some questions on the whole process:
[BACK] How do I check the tokens provided by the services APIs? Let's say when a user logs in with Facebook, I get a token which is stored in the user's phone. Then, on every HTTP request, I have to attach the JWT to verify the user indentity. How do I verify it? Against what do I have to test it?
I want to be able to get information from the user's G+ account but also the user's Linkedin account (example). How do I manage this properly?
Do I just store both (or more) tokens (in local storage) and use them to authenticate? I want to do this as my app will have "friends lists", so the user will be able to log into external services and the app will get the user's friends/contact list from those apps.
As of now, I think about including an auth_method field in my database to store available authentication methods (a JSON string or something like that), and just add four fields (one for each service) default null where I would store the token created for the user.
I can show you my code but it do not think it would help as these are more of theory and not specific to a language.
Thank you for all the help!

How to (approach) building user profiles / areas

**edit: I realise this is a somewhat general post, I am merely looking for some guidance, examples etc.
I have just set out with the goal of (self)learning some deeper web development and have started with Angularjs. I have realised that I learn better when building towards a set project.
With that in mind, I set out to build a relatively simple web app where by users (mainly aimed at Professional chefs) can log in, access their profiles /user area. Users can then add items to a food ingredient database which may include variables such as weight, quantity,price etc. They can then add recipes, drawing from the ingredient database, with the app returning their food cost, tax breakdown as well other predefined calculations.
I have already built the bare bones of the application with Angularjs handling He various front end routes and layout.
I have wired the app to use Firebase for the purposes of User authentication and registration components.
As I mentioned, I am mostly self learning and I'd like some pointers on how to implement a user profile area with Angularjs, using Firebase as the back-end database.
I'd like to achieve the following:
after user login, direct to a user specific page
The user page/area should have abilities such as: profile photo upload, change email, change password etc (usual user operations)
Once the above is achieved:
seperate pages where users can add to their database of ingredients
seperate page where users can create recipes utilising database items, returning cost breakdown etc.
The user operations page / area is my main concern for the moment.
Thanks in advance.

Google API service account in Angular app

This sounds like a popular scenario, but I can't find direct answer nowhere...
I want to plot Analytics data in my app's admin area.
This area is used by multiple users of the company, and they have to authenticate to access this area. I plan to use GA service account, but 'browser-key/domain' option seems only available for public api.
Can I use server auth (through node API), get the token, and pass it to user while logging in? Will the token be valid? Can I have multiple valid tokens simultaneously for all the users?
Or maybe there is some other way to do it?
Okay, I've tested it myself and the answer is:
YES, you get universal (max 60min) token with every request - so you can have many of them, and dispose to you client-side apps as needed.
I have now embedApi widget in my Angular.js dashboard for every user, without login.

Resources