CODEWITHSUNDEEP
firebasegoogle-cloud-firestore
Nick Pampoukidis
Nick Pampoukidis

Reputation: 742

Discover which user is stressing firestore usage

Is there any way to discover which user is spamming requests on my firestore set up in order to remove them.

The scenario is that a user can make a certain request many times, which it will lead me to hit my daily limit.

I have access to both the client and the firebase, so it it better to do a client approach or use firebase rules/functions approach?

Thanks a lot

Upvotes: 4

Views: 483

Answers (2)

Methkal Khalawi
Methkal Khalawi

Reputation: 2477

Firebase indeed doesn't support per user usage. But you can use firebase functions. the idea is to create a function that invoke upon user action from the client app to read or write a new document on behalf of the user. When the function invokes, you can grap the ip of the caller with request.ip from express. you can use that ip either by saving it to some new database let's say firestore to keep track of how many read or writes done by that user.

exports.trackUsers = functions.https.onRequest((request, response) => {
  console.log(request.ip);
  ....
});

anyway, just using the request ip could not ideal as there maybe users on the same wifi and they have the same ip. so you may need to create some unique identifier like the uid of the user from firebase auth.

Upvotes: 1

Doug Stevenson
Doug Stevenson

Reputation: 317878

The only mechanisms to monitor usage of Firestore are shown in the documentation. There is no provided mechanism to track per-user access, unless you implement that yourself somehow.

Read quotas cannot be implemented fully by security rules. You will definitely need a backend to track that access on your own, and force users to use that backend instead of providing direct client access.

Upvotes: 2

Related Questions