A presentation given at GDG Cape Town about how to build a chat app in a very secure and stable way using Firebase. We used Kotlin and Node.js. From Firebase we used: Realtime Database, Cloud Functions, Notifications, Auth & Storage.

1. Chat Done Right!
With Android & Firebase

2. How is this going to work?
This is NOT a lecture…
‣ Interactive discussion
‣ There is no “questions” slide

3. Our Tools
Android
Kotlin
Firebase
Realtime Database
Cloud Functions
Database Rules

4. What we’re building
A chat app (surprise) that needs:
1. Authentication
2. Users
3. To send messages
4. To show active chats
5. A contact list
6. Send notifications
7. Group management

5. Why Firebase?
Realtime
Database
Serverless
Cloud Functions
Seamless
Synchronisation
Realtime
Notifications
Native SDKs

6. Our Tools
Android
Kotlin
Firebase
Realtime Database
Cloud Functions
Database Rules

7. Write directly to DB from Android
๏ CRUD - You can do just about anything from the client
๏ Persistence and caching to writes to DB
๏ Super super fast
๏ But the are somethings better done with a Cloud Function

8. Database Rules
Insecure rules
(public access)
Default rules
(read/write if authorised)

9. All Messages
chat_id_1 chat_id_2
message_id_1
message_id_2
message_id_3
message_id_4

10. All Chat Previews
user_uid_1 user_uid_2
chat_id_1
chat_id_2

11. All Chat Previews
user_uid_1 user_uid_2
chat_id_1
chat_id_2 But how do we know which
chat previews to update
when a message is sent?

14. But wait, there is!
๏ Unnecessary logic on client apps
๏ Direct write access to DB
๏ Security rules management easily
becomes a nightmare

15. Introducing Cloud Functions
๏ Conditional triggering & throttling
‣ On node changes (has auth object)
‣ Client SDK callable (has auth object)
‣ HTTP Request
๏ Central & Secure
๏ Node.js
๏ Logging
๏ Admin rights on all operations

17. Calling a function
Cloud FunctionAndroid App
https://tinyurl.com/chitchatCloud
https://tinyurl.com/chitchatAndroid

19. Chat Done Right:
Using Cloud Functions
Trigger onWriteSend message
payload
onSendMessage
Function
Realtime DatabaseAndroid App
User 1

20. Why the direct write
๏ Caches the write (local state management)
๏ Avoid response delay
But!
๏ Write access risks
Solution
Only allow message creates (not updates) for
chats that an authorised user is part of.

21. Remember these
Insecure rules
(public access)
Default rules
(read/write if authorised)

22. Database Rules
Adding security: Taking it up a notch

23. Trigger onWriteSend message
payload
onSendMessage
Function
Realtime DatabaseAndroid App
User 1

24. Using Cloud Functions
for Chat
onSendMessage
Function
Chat Members
Node
Fetch
Chat Member
IDs
Write to each
Chat Preview
Chat Preview
Node

25. Using Cloud Functions
for Chat
Android Apps
User 1 User 2 User 3
All user
Chat previews
Updated
Chat Preview
Node
Notifications sent

26. Take Homes
•Cloud functions takes logic off the client
• This avoids repetition between the
platforms
• Easier to think about security
• If you can use a Cloud Function do it
•Writing directly to DB from client
• Firebase handles the persistence
• Caches writes & reads
wisani@nona.digital
adrian@nona.digital
https://tinyurl.com/chitchatCloud
https://tinyurl.com/chitchatAndroid