I am trying to use firebase anonymous auth + firebase cloud function. The idea is that I have a piece of code that should be run in the google cloud.
firebase.auth().signInAnonymously()
.then(() => {
// Here I call firebase cloud function
})
.catch((error) => {
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
Now, all good, but the actual problem is that malicious user can call my google cloud function the same way and he will be able to execute it, which means too bad for me. Basically, google cloud function should be executable only from my website, not by anyone else. I was advised to use firebase, otherwise what I was doing is simply calling the function in the front-end code.
Does firebase offer the workaround/solution to this problem ? NOTE: I can't really distinguish users from my interface, because with whatever I distinguish, malicious user can get those information anyways.
The reason I am doing all these is that there's a piece of code that only my front-end has to execute and I don't want to implement my back-end service for just this.
