As my title states, is it possible to add a new layer above a Cloud Firestore database, so all the changes that are made by users to be not committed directly in the database?
There are 2 patterns to use for this that keep the 'Backend as a Service' experience and don't require setting something like a dedicated VM or Kubernetes cluster; remember, you can always use Cloud Firestore just like a traditional Document database.
Using security rules, only enable only new document creations to a collection called 'write_queue', and to none others:
match /write_queue/{doc} {
allow create: if true;
}
On this collection, configure a Cloud Function to trigger on an create:
exports.myFunctionName = functions.firestore
.document('write_queue/{writeId}').onCreate((document, context) => {
// ... Your code here
});
This function then can take this indirect write from a user and doing any processing you want and finally write it to the actual collection it was intended for in the database.
Rather than letting users write into the database, configure security rules to make it read-only. Use HTTP Cloud Functions as an endpoint that users issue any writes to instead of writing directly to the database. This Cloud Function will do any processing you want and finally write it to the actual collection it was intended for in the database.