Firebase Functions Security Add-on

Execution your Google Cloud Functions through an RTDB writing.

Add-on Video

Benefits

• Extra security execution layer using Firebase RTDB Writing Rules.
• Prevent functions calls abuse. Which could cause invoice problems by functions calls.

Quick RTDB fields guide

• x - Code of the function to execute & run execution. Removed once execution finishes.
• p - (Optional) Params to attach to the function when executed. Removed once execution finishes.
• r - Result of the last function execution. In case of a result, it will be a link, in case of non-result or error it would be <NoResponse> and <ExecutionError>

• k128 - Encryption key in case of aes128 encryption and userPersonalized
• k256 - Encryption key in case of aes256 encryption and userPersonalized

Installation

1. Introduce the lib folder into your functions folder.
2. Configure the configuration file with your preferences.
3. Include the following line in your index file:

const admin = require('firebase-admin')
admin.initializeApp()

exports["castFunctions"] = require("./lib/functionExecution")

4. (Optional) If you want on new user creation it appears with the functions configuration in your RTDB, include the following line in your index file:

exports["onUserCreation"] = require("./lib/accountCreationAddon")

5. Add request dependency on package.json

Configuration

• paths (Wildcards that will be replaced: {userID}, {userEmail}, {userPhone})

  • userFunctionsPath: Specific user path that you want the library use for work.

• functionsMap: Map that indicates the code (entry point of the execution) as the key and the execution requirements.

  • f: Function to execute reference (It will need to import the functions modules into the configuration module).
  • e: Type of encryption to apply in the function response.

• encryption

  • type: Encryption type for the response. Available types: none, aes128, aes256
  • userPersonalized

    • In case this is marked as false. The key must be stored on the environment on encryption.key128 or encryption.key256 as required.

      To save in enviroment use firebase functions:config:set encryption.key128="THE ENCRYPTION KEY" and deploy.

    • In case this is marked as true. The key will be read IN EVERY FUNCTION CALL (increased response times and reads from RTDB) from userEncryptionKeyPath in RTDB.

Encryption with AES

Key need to be on set on encryption.key128 or encryption.key256 as required or in user space as k128 or k256 field.

Example key generator page

The encryption iv (initial vector) will be generated for each request and will be attached in the text of the response in the following format:

{iv}.{responseText}

Usage

1. (Optional) User must write any map of params necessary by the execution function into the library space in the RTDB in a field with key p
2. To execute the function the code of the function must be written in a field with key x

Now the execution of the function is launched.

3. Once the execution finishes, the response of the function will be return in a link that will be in the r field in the RTDB library space.

Implement new functions

Requirements:

• The function must return a Promise
• Function Promise result could be an undefined, null for no response, a string, or a stringif-able object for a response or an error for console print and no response.

Steps:

1. Add the function javascript file in the Firebase functions directory
2. Add the funtion with the following format:

module.exports = {
    yourFunctionName( paramsMap ) {
        return new Promise((resolve, reject) => {

            ///////////////
            // Your code
            ///////////////

            return resolve('Result')
        })
    },
}

3. Add the reference to this function in the configuration file into the functionsMap with the execution code and the encryption way of your preference
4. Deploy the code into Firebase Functions