There is a lot you can do w/ cloud functions; the limit is really up to your imagination--https://cloud.google.com/functions. In short, this makes sense, but you are introducing a middle man unnecessarily. You might find that the query through the CF is slower and doesn't necessarily make the data any more protected.
As I understand it from your explanation, the only way a CF can call your backend without the authorization token is if you update the PHP application. Otherwise, no matter who is making the HTTP request, the server will be mostly blind to this and will still require the exchange of a token for each request. Your CF would still be returning JSON data and you should note that a CF is a backend service not a client side service. There are other ways to ensure the scalability of your PHP backend, but putting a CF between your client and the service that actually does the work to query the data may not be the best approach. You could consider replacing or converting your PHP backend to a CF and handle all the database queries from there. You would then have a simple client-to-CF-to-DB architecture. Char On Thursday, October 10, 2019 at 10:22:42 AM UTC-4, Alex Gillis wrote: > > Th is is a repost from > > > https://stackoverflow.com/questions/58201107/firebase-cloud-functions-on-client-vue-js-to-access-back-end-api-data-hosted-o > > I had not answer and I wonder if either i asked on the wrong place or my > question is not formulated correctly, hence i riposting it here. > > > I have a web app hosted in Firebase in vue.js. The app access to the > organization's main database via API to a back-end server developed in PHP > (laravel) hosted in GAE. I'd like to know if using Firebase Cloud Function > on the client (js) to make calls to a back end API (PHP) would help me to > protect data and be more efficient authenticating calls from the client to > back end. > > > *Currently*: Users login into the client using Firebase Auth and the > client sends the resulting token to my back-end server on each API call. > Then the back-end verifies the token received via HTTPS using FB Auth API > and then if verified, the backend would return the request data via JSON > back to the client-side via HTTPS response. > > > My 2 biggest concerns are: > > 1) would this approach scale well with more users. 2) for large > extractions of data, i.e. 1000+ rows. I'd like to avoid to have JSON > objects being "downloaded" on the client. > > > *New Scenario:* The users would still log in on the client (vue.js) using > FB Auth, but the Client would use FB Cloud Functions to make the calls to > the Back-End API data hosted on GAE and then return the data as an array. > > The advantages I hope to utilize are: - The client will not have https > traffic with data as this would be handled by FBCF and send to the client > via socket (?). - Save verification auth calls from the server, *IF* there > is a way for FBCF to make calls to GAE without the need to pass the token > (maybe using endpoints?) > > > Does this make sense or am I introducing a middle man unnecessarily? > > > Thank you, Alex > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/0f83c739-7808-4ee3-baa6-eccbabf7082a%40googlegroups.com.