Firebase CronJobs - how to allow http triggers from one cronjob site
Since Firebase (Real-time DB) does not support cron-jobs I am using cron-job.org to schedule http triggers. This function should fire once at the end of every day, so at around 11:55pm. The thing is I would like only cron-job.org to be able to trigger the http endpoint and no one else (e.g. someone malicious trying to trigger it many times a day). How can I achieve this in my cloud function?
I have setup the cronjob and this is all the code I have right now:
exports.findAndDeleteSevenDayJobs = functions.https.onRequest((req, res) => {
console.log('req',req);
});
Also, cron-job.org offers this:
And I have no idea how to use it.
To create cron-jobs in firebase RDB use a third party service like cron-job.org
1) CREATING THE KEY
To make everything secure you have to generate a secure key, from now on called YourSelfGeneratedButSecureKey.
You can generate one in your terminal by typing: node -e "console.log(require('crypto').randomBytes(20).toString('hex'))"
2) CREATING CRON JOB
Create a new cron-job that will hit your cloud function end-point and attach the created key as a url-query like so:
https://{projectSpecific}.cloudfunctions.net/{nameOfFunction}?key={YourSelfGeneratedButSecureKey}
Setup the key into your env by using the following command in your terminal:
firebase functions:config:set cron.key="{YourSelfGeneratedButSecureKey}"
3) CLOUD FUNCTION
To make sure everything is maximum security you can install secure-compare by typing npm install --save secure-compare;
Then in your cloud function:
const secureCompare = require('secure-compare');
exports.{nameOfFunction} = functions.https.onRequest((req, res) => {
const { key } = req.query;
if (!secureCompare(key, functions.config().cron.key)) {
console.log('Key in request and in env do NOT match');
res.status(403).send('Security key does not match.');
return null;
}
// DO REPETITIVE STUFF SECURELY
});
- Recommended firebase signInWithEmail method with Deno
- Is it possible to filter on multiple map values in Firestore
- Background notifications not working in release mode - _firebaseMessagingBackgroundHandler is being triggered
- Firestore BatchWrite vs Transactions
- Most ideal way to call firebase getIdToken
- Unhandled Exception: [cloud_firestore/unknown] Unable to establish connection on channel
- Delete a Document with all Subcollections and Nested Subcollections in Firestore
- What is the Character Limit for Message text in Firebase console based notification?
- Firebase hosting showing welcome page after deploying angular 6 app?
- How to add seed data using graphQL mutations in Firebase Data Connect
- How do I get the record count from my firebase collection?
- Does an indexed field in a subcollection have it's own index based on that subcollection (as opposed to the collection as a whole)?
- Avoiding duplicate data in a Realtime Database
- Writing a firestore security rule for "Subscribers" collection
- Firebase Authentication: Where is the token stored in web?
- How can I set notification sound when app is not running in React-Native firebase
- googlesigninbutton doesn't react to click
- Steps to get Firebase Authentication working locally?
- firebase firestore querying based on a property in a map
- React Firebase Anonymous authentication
- @capacitor-firebase/firestore plugin - getCountFromServer equivalent?
- Firebase simulate read denied
- Will Firestore keep reading documents for an onSnapshot listener if the user closes the browser?
- firebase/init.json 404 - While using signInWithPopup for Google Login
- How to Handle UNREGISTERED Tokens When Using Firebase Topics for Notifications
- what is the recommended Cloud Firestore location for Egypt and the middle east countries?
- I am getting Xcode abseil undefined symbol error
- Firebase Emulators: How to emulate specific functions in subfolders
- Firebase iOS, how to detect a user previously signed up through Google when trying to register using Google?
- Firebase Cloud Messaging on iOS not working properly