add: fdc quickstart #802
add: fdc quickstart #802
Conversation
Doc Tag DiffThis PR makes the following changes to doc tags (0 added, 0 removed, 0 changed): |
| # directory as your app code | ||
| outputDir: "../../movie/lib/dataconnect-sdk" | ||
| # This property tells Data Connect what directory to install the generated SDK to | ||
| # packageJsonDir: "../../movie/lib/dataconnect-sdk" |
There was a problem hiding this comment.
Should we un-comment this?
| connectorId: movie-connector | ||
| # Required. Accepted values are either "PUBLIC" or "ADMIN" (only "PUBLIC" for gated private | ||
| # preview). If "ADMIN", the connector in this directory is an AdminConnector and its operations | ||
| # are gated by IAM. |
There was a problem hiding this comment.
Remove this comment about IAM mode. Will read super confusing to folks.
| # Delete movies with a rating lower than the specified minimum rating | ||
| mutation deleteUnpopularMovies($minRating: Float!) { | ||
| movie_deleteMany(where: { rating: { le: $minRating } }) | ||
| } |
There was a problem hiding this comment.
GQL above don't have @auth.
They aren't accessible by SDK, so would recommend move them either to a separate Connector. Or a README.
Backend probably should reject UpdateConnector with operation with @auth or at least warn them.
|
|
||
| # Remove a movie from the user's watched list | ||
| mutation deleteWatchedMovie($userId: String!, $movieId: UUID!) @auth(level: USER) { | ||
| watchedMovie_delete(key: { userId: $userId, movieId: $movieId }) |
There was a problem hiding this comment.
Yeah, can you add a TODO to rewrite this once key support userId_expr?
Thanks a bunch. Missed this edge case when we implement server values.
There is a few similar cases below.
There was a problem hiding this comment.
@HYACCCINT The next data connect release would support
watchedMovie_delete(key: { userId_expr: "auth.uid", movieId: $movieId })
Can you help update any @auth(level: USER) operations to use the secure server value instead of passing in $userId: String?
[I think searching for "$userId: String" should find all occurrences]
I prioritized this fix to avoid quick starting containing glaring security anti-practices.
|
|
||
| # Get favorite movies by user ID | ||
| query GetFavoriteMoviesById($id: String!) @auth(level: USER) { | ||
| user(id: $id) { |
There was a problem hiding this comment.
Please use id_expr to make it secure.
It should work now.
Same for other lookup below.
There was a problem hiding this comment.
Not done yet~ Though out this page. Security matters
Let me know $id here is supposed to match the Firebase Auth UID.
|
|
||
| This is a sample app for the preview version of the Firebase DataConnect. | ||
| This will not work if you don't have access to the preview. | ||
|
|
|
|
||
| 1. Sign up for early access [here](https://firebase.google.com/products/data-connect) and receive an invitation. | ||
| 2. Upgrade your Firebase project billing to the Blaze plan, you will not be charged for the duration of gated preview. | ||
| 3. Initialize DataConnect in the [Firebase Console](https://console.firebase.google.com/u/0/). |
There was a problem hiding this comment.
Initialize Firebase Data Connect Service
| 1. Sign up for early access [here](https://firebase.google.com/products/data-connect) and receive an invitation. | ||
| 2. Upgrade your Firebase project billing to the Blaze plan, you will not be charged for the duration of gated preview. | ||
| 3. Initialize DataConnect in the [Firebase Console](https://console.firebase.google.com/u/0/). | ||
| 4. Clone this repository to your local machine. |
| 4. Clone this repository to your local machine. | ||
| 5. Update `firebase-tools` with `npm install -g firebase-tools`. | ||
| 6. Enable the DataConnect CLI with `firebase experiments:enable dataconnect`. | ||
| 7. Initialize your Firebase project in the `dataconnect` folder with `firebase init` and select DataConnect. Do not overwrite the dataconnect files when prompted. |
There was a problem hiding this comment.
- Install VS Code
- Download VS Code extension here
- open the folder data connect with VS Code
| 6. Enable the DataConnect CLI with `firebase experiments:enable dataconnect`. | ||
| 7. Initialize your Firebase project in the `dataconnect` folder with `firebase init` and select DataConnect. Do not overwrite the dataconnect files when prompted. | ||
| 8. Replace variables in `.env.local` with your project-specific values. | ||
| 9. Allow domains for Firebase Auth (e.g., http://localhost or http://127.0.0.1). |
There was a problem hiding this comment.
move local dev below as an option: if you want to dev locally, here's the steps:
| 7. Initialize your Firebase project in the `dataconnect` folder with `firebase init` and select DataConnect. Do not overwrite the dataconnect files when prompted. | ||
| 8. Replace variables in `.env.local` with your project-specific values. | ||
| 9. Allow domains for Firebase Auth (e.g., http://localhost or http://127.0.0.1). | ||
| 10. Deploy DataConnect with `firebase deploy --only dataconnect` (this unlocks hidden vectors search). |
There was a problem hiding this comment.
Use vscode button click on Firebase deploy
| 8. Replace variables in `.env.local` with your project-specific values. | ||
| 9. Allow domains for Firebase Auth (e.g., http://localhost or http://127.0.0.1). | ||
| 10. Deploy DataConnect with `firebase deploy --only dataconnect` (this unlocks hidden vectors search). | ||
| 11. Start the DateConnect emulators. |
There was a problem hiding this comment.
I think the latest extension you no longer need this step. it's started by default now
| 11. Start the DateConnect emulators. | ||
| 12. Run `firebase dataconnect:sdk:generate` to generate the SDK | ||
| 13. Navigate to the `movie` directory and install dependencies with `npm i` and start the development server with `npm run dev`. | ||
| 14. Run the four `_insert.gql` files in the `./dataconnect` directory in order. |
There was a problem hiding this comment.
Are these steps needed?
Maybe show an example of how to run a query in graphQL, by clicking on the "run" button on the codelen
and then show the same code generated in the SDK and show how to call in the app.
Or just run the app.
|
|
||
| # Remove a movie from the user's watched list | ||
| mutation deleteWatchedMovie($userId: String!, $movieId: UUID!) @auth(level: USER) { | ||
| watchedMovie_delete(key: { userId: $userId, movieId: $movieId }) |
There was a problem hiding this comment.
@HYACCCINT The next data connect release would support
watchedMovie_delete(key: { userId_expr: "auth.uid", movieId: $movieId })
Can you help update any @auth(level: USER) operations to use the secure server value instead of passing in $userId: String?
[I think searching for "$userId: String" should find all occurrences]
I prioritized this fix to avoid quick starting containing glaring security anti-practices.
|
|
||
| # List movies by the order of release | ||
| query ListMoviesByReleaseYear @auth(level: PUBLIC) { | ||
| movies(orderBy: [{ releaseYear: DESC }]) { |
There was a problem hiding this comment.
style nit: GQL does list coercion, so orderBy: { releaseYear: DESC } behave the same as orderBy: [{ releaseYear: DESC }]
The singular syntax looks a bit nicer for just one order by.
| } | ||
|
|
||
| # User movie preferences | ||
| query UserMoviePreferences($username: String!) @auth(level: USER) { |
There was a problem hiding this comment.
OOC, is this $username supposed to be the Firebase Auth user?
It's not secure here because auth.uid isn't used any where.
|
|
||
| # Get favorite movies by user ID | ||
| query GetFavoriteMoviesById($id: String!) @auth(level: USER) { | ||
| user(id: $id) { |
There was a problem hiding this comment.
Not done yet~ Though out this page. Security matters
Let me know $id here is supposed to match the Firebase Auth UID.
No description provided.