2

How would you use Firebase's simple login to allow users to upload music files.

As I understand it, it doesn't make sense to even think about storing audio files in Firebase's database which is why I would like to be able to store them on an external PHP server.

So, the question revolves on whether I can use Firebase's simple login system to allow users to authenticate to an external server.

I have seen Using NodeJs with Firebase - Security ... which gives some great insight, but then how would you enable the large file upload to the external server?

Community
  • 1
  • 1
Joseph
  • 1,076
  • 10
  • 22

1 Answers1

4

The technique from the answer you linked will work for your situation too, you just need to translate it into PHP and the Firebase REST APIs. Additionally, since the REST API isn't real-time you must add some kind of task queue that it can poll.

Your program would flow something like this:

  1. User logs in to Firebase with Simple Login
  2. User write to only a place that they can (based on security rules). The user also writes an entry into a task queue.
  3. Your PHP server connects with a token that allows reads of all of the user's secret places.
  4. Your PHP server polls the firebase every once in awhile to look for new tasks. If there's a new task, it validates the user and allows that user to post data to it.

All that being said, this is going to be pretty complicated. PHP's execution model does not lend itself well to real-time systems, and

I strongly recommend you consider some other options:

  • You're using a cloud platform, Firebase, for your realtime stuff, so consider a cloud service for your binaries too, like filepicker.io
  • If you really want to host the files yourself, use something that's more real-time like node.js. It'll save you the effort of constructing that task queue.
Community
  • 1
  • 1
mimming
  • 13,974
  • 3
  • 45
  • 74
  • Thanks for your reply, but I am still confused. Where/when would the user actually submit the music file and how would the security rules affect the user interacting with the music on a remote server? ...in short how would the external service receive the music files? – Joseph Sep 12 '14 at 18:52
  • Part of my confusion is that on firebase you don't have server side code. So, in order to provide the server side code you need another server to interact with which brings up the part about wanting to know how the external server would know that the user is authenticated. Assuming you go with the answer given... where would the music files be stored while you are waiting for the external server to connect. In the example the information for the email was stored in the firebase database, but, if I understand correctly, that won't work for audio files. – Joseph Sep 12 '14 at 18:58
  • Well, you can directly store binary content into Firebase by encoding it. It's not really designed for it, but it does work. You can learn more about that here: http://stackoverflow.com/questions/13955813/how-can-i-view-and-store-images-in-firebase Beyond that it comes down to what part do you want to secure: writes or reads. If it's just reads, you'd allow anyone to write and then store the unguessable CDN URLs in your firebase securely. For securing writes, it gets a little more complicated and depends on the provider. – mimming Sep 12 '14 at 20:02
  • Thank you Jenny. That makes a lot more sense. Is there a way to secure writes using the firebase simple login even if it's complex? – Joseph Sep 12 '14 at 20:08
  • This is starting to get outside my area of expertise, but the gist of it is you have to find a way to mint tokens during runtime that you can send along with requests. Your file storage then needs the ability to validate these tokens before accepting upload. Doing this seamlessly, as in no double login, appears to be outside filepicker.io's capabilities, but using Amazon S3 directly looks viable using more advanced features of IAM: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access.html – mimming Sep 12 '14 at 20:22
  • Thank you for your help thus far :) How would you go about minting a token then? Are you talking about encoding the user info together and then validating it? ...that's kinda the final piece to answering my question :) – Joseph Sep 14 '14 at 05:08
  • That depends on the service you use for file storage. It's beyond my expertise in Amazon S3, but it might be worth asking as a new question on Stack Overflow. – mimming Sep 16 '14 at 02:56