Can someone copy my Firebase config data?

Question

I use firebase for authentication on JS. Everything is making in client side. Anyone can look my js files, copy the config datas, can make own project. How can I hide that datas? Because my plan is "pay as you go", If anyone copy that data, i have a big trouble. What should I do?

Maybe Firebase REST API can solve my problem. Is there any example about authentication with REST API.

I tried move codes Node.js but I couldnt handle it. You can see my index.js, It is on functions folder. I deploy it to firebase hosting. Authentication doesnt work.

const functions = require("firebase-functions");
const admin = require("firebase-admin");
const express = require("express");
const config = require('./config.js');
const app = express();
admin.initializeApp(config);

const app2 = initializeApp(config);

const auth = getAuth();
// // Create and Deploy Your First Cloud Functions
// // https://firebase.google.com/docs/functions/write-firebase-functions
//
app.post("/",  async (req, res) => {
  const user = req.body;

  await admin.firestore().collection("users").add(user);
  const mail=user.Email;
  const pass=user.Password;


  createUserWithEmailAndPassword(auth, mail, pass)
.then((userCredential) => {
  // Signed in 
  const user = userCredential.user;
  // ...
})
.catch((error) => {
  const errorCode = error.code;
  const errorMessage = error.message;
  // ..
});
  
  
 });
 exports.widgets = functions.https.onRequest(app);

score 0 · Answer 1 · answered Apr 01 '22 at 22:41

0

You can ensure that your firebaseConfig is stored in an environment variable. You can also secure the app with Firestore security rules and App Check

answered Apr 01 '22 at 22:41

Rafael Zasas

891
8
27

Can someone copy my Firebase config data?

1 Answers1