Contentrouter - Protect static content via Firebase Hosting with Cloud Run and Google Cloud Storage

Overview

contentrouter

A Cloud Run service to gate static content stored in Google Cloud Storage access via Firebase Auth and Firebase Hosting.

Background

Firestore Hosting is a fantastic web content hosting though it doesn't have direct integration with Firebase Authentication to restrict access to only authenticated users.

In order to restrict access to protected static content, configure Firebase Hosting rewrite rules to route to this content router Cloud Run service to gate access to static content.

Firebase Hosting will be used to serve the sample login/logout pages (and any other public, unauthenticated access pages) as well as rewrite / redirect URLs to be protected to the Cloud Run contentrouter service.

Google Cloud Storage will contain the protected, restricted static content and will only be served via the content routerservice if the Firebase Authentication token provided is valid.

Steps

  • Set up Firebase Hosting
  • Deploy the sample files to Firebase Hosting
  • modify the firebase.json to add the rewrite rule below that routes to the Cloud Run service named contentrouter
  • copy the protected content to a Google Cloud Storage bucket subdirectory
  • Deploy the Cloud Run contentrouter service configured with the bucket name and route map, with an appropriate service account

Detailed steps

Rewrite rule for Cloud Run service

if the Cloud Run service is 1) named contentrouter, 2_ is deployed in the region us-central1 and 3) you'd like to authenticate content under the URI /content, this is what your Firebase Hosting firebase.json should have added to it, for the rewrites rule.

    {
      "public": "sample",
      "rewrites": [
        {
          "source": "/content{,/**}",
          "run": {
            "serviceId": "contentrouter",  
            "region": "us-central1" 
          }
        }
      ]
    }

Deploy contentrouter Cloud Run service

export SERVICE_ACCOUNT=
export PROJECT_ID=
export REGION=us-central1

export SERVICE_NAME=contentrouter
export BUCKET=secret-bucket
export FIREBASEPATH="content/"
export GCSPATH="restricted/"

gcloud run deploy ${SERVICE_NAME} --source . \ 
 --service-account ${SERVICE_ACCOUNT}@${PROJECT_ID}.iam.gserviceaccount.com \
 --set-env-vars "BUCKET=${BUCKET}" \
 --set-env-vars "FIREBASEPATH=${FIREBASEPATH}" \
 --set-env-vars "GCSPATH=${GCSPATH}" \
 --region ${REGION} \
 --allow-unauthenticated

What contentrouter does

The contentrouter service does three things:

  1. Validates the authentication token from Firebase Authentication
  2. Sets the token as a session cookie
  3. Serves content from Google Cloud Storage bucket, with an optional simple rewrite of its own
You might also like...
Container Storage Interface driver for Synology NAS

Synology CSI Driver for Kubernetes The official Container Storage Interface driver for Synology NAS. Container Images & Kubernetes Compatibility Drive

Cloud cost estimates for Terraform in your CLI and pull requests 💰📉
Cloud cost estimates for Terraform in your CLI and pull requests 💰📉

Infracost shows cloud cost estimates for Terraform projects. It helps developers, devops and others to quickly see the cost breakdown and compare different options upfront.

Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.
Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.

Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload. Run tools like masscan, puredns, ffuf, httpx or anything you need and get results quickly!

Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.

Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.

A Cloud Native Buildpack that contributes SDKMAN and uses it to install dependencies like the Java Virtual Machine

gcr.io/paketo-buildpacks/sdkman A Cloud Native Buildpack that contributes SDKMAN and uses it to install dependencies like the Java Virtual Machine. Be

A Cloud Foundry cli plugin that offers a faster and customizable alternative for cf apps

Panzer cf cli plugin A plugin for faster interaction (less API calls) with Cloud Foundry, and choose the columns you want in your output. Instead of "

Lightweight Cloud Instance Contextualizer
Lightweight Cloud Instance Contextualizer

Flamingo Flamingo is a lightweight contextualization tool that aims to handle initialization of cloud instances. It is meant to be a replacement for c

The extensible SQL interface to your favorite cloud APIs.
The extensible SQL interface to your favorite cloud APIs.

The extensible SQL interface to your favorite cloud APIs.

Terraform provider for HashiCorp Cloud Platform.

HashiCorp Cloud Platform (HCP) Terraform Provider Requirements Terraform = 0.12.x Go = 1.14 Building The Provider Clone the repository Enter the rep

Owner
G. Hussain Chinoy
G. Hussain Chinoy
TurtleDex is a decentralized cloud storage platform that radically alters the landscape of cloud storage.

TurtleDex is a decentralized cloud storage platform that radically alters the landscape of cloud storage. By leveraging smart contracts, client-side e

TurtleDev 18 Feb 17, 2021
GoDrive: A cloud storage system similar to Dropbox or Google Drive, with resilient

Cloud Storage Service Author: Marisa Tania, Ryan Tjakrakartadinata Professor: Matthew Malensek See project spec here: https://www.cs.usfca.edu/~mmalen

Ryan G Tjakrakartadinata 2 Dec 7, 2021
☁️🏃 Get up and running with Go on Google Cloud.

Get up and running with Go and gRPC on Google Cloud Platform, with this lightweight, opinionated, batteries-included service SDK.

Einride 21 Sep 25, 2022
Sample apps and code written for Google Cloud in the Go programming language.

Google Cloud Platform Go Samples This repository holds sample code written in Go that demonstrates the Google Cloud Platform. Some samples have accomp

Google Cloud Platform 3.6k Sep 27, 2022
Use Google Cloud KMS as an io.Reader and rand.Source.

Google Cloud KMS Go io.Reader and rand.Source This package provides a struct that implements Go's io.Reader and math/rand.Source interfaces, using Goo

Seth Vargo 4 Sep 23, 2022
Google Cloud Client Libraries for Go.

Google Cloud Client Libraries for Go.

Google APIs 3k Sep 23, 2022
Go language interface to Swift / Openstack Object Storage / Rackspace cloud files (golang)

Swift This package provides an easy to use library for interfacing with Swift / Openstack Object Storage / Rackspace cloud files from the Go Language

Nick Craig-Wood 292 Jun 30, 2022
cloud-native local storage management system

Open-Local是由多个组件构成的本地磁盘管理系统,目标是解决当前 Kubernetes 本地存储能力缺失问题。通过Open-Local,使用本地存储会像集中式存储一样简单。

null 289 Sep 21, 2022
Run the same Docker images in AWS Lambda and AWS ECS

serverlessish tl;dr Run the exact same image for websites in Lambda as you do in ECS, Kubernetes, etc. Just add this to your Dockerfile, listen on por

Glass Echidna 182 Sep 18, 2022
Cloudpods is a cloud-native open source unified multi/hybrid-cloud platform developed with Golang

Cloudpods is a cloud-native open source unified multi/hybrid-cloud platform developed with Golang, i.e. Cloudpods is a cloud on clouds. Cloudpods is able to manage not only on-premise KVM/baremetals, but also resources from many cloud accounts across many cloud providers. It hides the differences of underlying cloud providers and exposes one set of APIs that allow programatically interacting with these many clouds.

null 1 Jan 11, 2022