5

System Design question:

I'm using firebase for my mobile app with firestore as the DB and firebase functions as the backend.

Do I:

  1. Access firestore directly from the mobile app
  2. Only allow indirect access via a middleware/backend server(e.g. firebase functions)

I'm looking for guidance from a system design standpoint which of the two alternatives is better. Traditionally I think accessing the DB directly from the client would be frowned upon but in the official firestore documentation google seems to actually encourage direct access without any backend server in between.

deekay42
  • 616
  • 1
  • 6
  • 19

2 Answers2

3

I'm looking for guidance from a system design standpoint on which of the two alternatives is better.

IMHO, the question shouldn't be asked, which is better because each one of those products, Cloud Firestore and Cloud Functions for Firebase are two totally different products with different mechanisms but the same purpose.

As also Jack Woodward mentioned in his answer, the first solution can help you keep your data in-sync across client apps. As in the case of Firebase Realtime database the main feature is the real-time feature. In both bases, your data is stored as JSON and synchronized in real-time to each connected client.

Regarding the second option, as in the official documentation:

Cloud Functions for Firebase lets you automatically run backend code in response to events triggered by Firebase features and HTTPS requests. Your code is stored in Google's cloud and runs in a managed environment. There's no need to manage and scale your own servers.

If you are simply asking what can you do with Cloud Functions, please see the use cases of Cloud Functions:

  • Notify users when something interesting happens.
  • Perform Realtime Database sanitization and maintenance.
  • Execute intensive tasks in the cloud instead of in your app.
  • Integrate with third-party services and APIs.
Alex Mamo
  • 130,605
  • 17
  • 163
  • 193
1

Both Firebase database products are designed to be used on the client. One of its killer features is the automatic realtime syncing of changes. So definitely its meant to be consumed from the client. Thats not to say you cant consume from the server as well. But its all about setting up your rules effectively so that you can query from the client. You will need to use Firebase Auth if you want to secure your database. Some links to relevant docs.

Firestore Security Rules Example of some Security Rules for querying

Firebase Auth

And incase you already have an authentication method in place and cant migrate to Firebase Auth you can use Custom Auth where when you authenticate the person you issue them with a Firebase Token which you can login them in with in the app.

Jack Woodward
  • 991
  • 5
  • 9