Build a Social App With React Native

2.1 Create a Firebase Back-End

Hi, and welcome back to Build a Social App with React Native. In this lesson, we are going to create a Firebase Backend. Firebase was created to provide an easy-to-use and scalable Backend-as-a-Service for mobile and web applications. It features a real-time database that also supports server-sent events, better known as push notifications in a mobile setting. You might have used Firebase before, but it looked completely different. It has been bought by Google in 2014, and was integrated into their developer environment mid 2016. In our class project, we are going to use the authentication system and the database. Firebase has a schema-less database that stores its data in JSON format. If you want to access specific resources that you have defined yourself, you can use a URL that defines a structure, like here with posts. Let's also look at authentication. It supports many popular authentication providers like Facebook, GitHub, or Twitter, as wells as basic email and password authentication, which is what we are going to use. Finally, let's have a look at some security settings. Since it's a full-fledged backend solution, it needs to restrict access to our user's private data. This is done by finding a JSON document that allows and restricts read or write access. By default, the data is restricted to anyone who is authenticated. This means all users have access to the data, but the outside doesn't. Auth is a special variable that holds authentication information about the current user. It contains the provider, the user ID, and the Firebase token that has data depending on the authentication method. The expression for your rules has to return true to allow a certain action. In these examples, those actions are just read and write. The are two more rule types. One is indexOn, that allows you to create database indexes for faster queries. The other one is validate. It verifies that the data has a specific standard. It will be used after .write has allowed access to the user. Before we are finished with the security part of the lesson, there are a few variables that are useful to creating your rules. You already learned about the auth variable that holds authentication data, but there is also newData that contains the data that will be written. If you want to validate inserted data, use newData that has children to verify if attributes are there. There is also now, to get the current number of milliseconds since the UNIX epoch. And finally, there is another special one. It is the location variable. It starts with a dollar sign, but you can have any other name afterwards. This is normally used for collections of data. For instance, if you have a bunch of user profiles where only the user that owns a specific profile should be able to update it. Okay, lets get to the console and create a backend for our app. We just need a name, and the location you're in. I'm going to set up authentication first. We're going to enable the email password authentication. It's literally as simple as flicking a switch. You might also wonder why there's an anonymous option. This allows you to create temporary users to enforce authentication rules without credentials. For instance, if you want a user to interact with the app first, and sign up later. Now that we have authentication down, we need to create our rules. We have two resources that need different access rules. First of all, we are going to allow reading of all data to any authenticated user. Then, let's define the rules for a profile. To be able to write, the user needs to have the same UID as the profile that it's written to. Okay, now on to the post. Here we want to only allow writing if the user is authenticated, and the data doesn't already exist, meaning editing is not possible for posts. We can also allow deleting by ensuring that there is no new data, and the existing data's child has the same user ID as the authenticated user. Now let's validate our posts structure. We want to have three children, user_id, created_at, and image. Then there is a special condition for created_at. We can put it in its own validate function. I want to verify that there are no posts in the future, and it was timestamped in the last ten minutes. Then I want to validate that the user_id is the same as the ID of the authenticated user. This completes the setup for our Firebase backend. We have added authentication, as well as rules to validate the structure and secure the data. In the next lesson, we are going to start with the application by adding React Native elements, as in UI Framework, to the course project. See you there.