CODEWITHSUNDEEP
firebasegoogle-cloud-functions
imjared
imjared

Reputation: 20584

How can I prevent "Bad request" when calling Firebase's `.onCall()` method?

I've just upgraded to using Firebase Cloud Functions v1.x. According to this answer

Callable functions are exactly the same as HTTP functions

With that in mind, I've tried to convert my pre-1.x mock-code:

export const myHttpAction = functions.https.onRequest((req, res) => {
  try {
    const result = await myHttpActionWorker(req.body);
    return res.send({ status: 'OK' });
  } catch (err) {
    console.error(err);
    return res.status(500).send({ status: 'Server error' });
  }
});

to the following:

export const myHttpAction = functions.https.onCall(async (data, context) => {
  console.log(context.auth);
  try {
    const result = await myHttpActionWorker(data);
    return { status: 'OK' };
  } catch (err) {
    console.error(err);
    return { status: 'Server error' };
  }
});

But upon submission to my endpoint, /myHttpAction, with the same data that I used in pre-1.x, I get the following back:

{
  "error": {
    "status": "INVALID_ARGUMENT",
    "message": "Bad Request"
  }
}

I'm not sure why the request is "bad" since it's exactly the same and Callable functions are "exactly the same". Any idea what gives?

My package.json specifies "firebase-functions": "^1.0.1".

Upvotes: 11

Views: 12384

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317828

You're misunderstanding what was meant by "exactly the same" (and omitting the entire remainder of the answer!). They're the same in terms of security (as the original question was asking), because a callable function is an HTTP function, with extra stuff going on behind the scenes that managed by the callable client SDK. The answer lists out those differences. Those differences don't have any effect on security. But you can't simply swap in a callable for an HTTP function and expect everything to be the same for existing callers.

If you want to invoke a callable function without using the client SDK, you'll have to follow its protocol specification. The documentation on that is forthcoming, but you can get the basics here:

How to call Firebase Callable Functions with HTTP?

Upvotes: 5

Related Questions