Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions firestore-semantic-search/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## Version 0.1.11

docs: correct the query function App Check and Firebase Auth claims (the Callable Function does not enforce either by default)

## Version 0.1.10

chore: bump runtime to Node.js 22
Expand Down
2 changes: 1 addition & 1 deletion firestore-semantic-search/POSTINSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ The response contains** only document IDs**, not the full data, since the extens

## Example client integration

Now that you have an index with data in it, you can run text similarity search queries directly from your client application. Note that this Callable Function is protected by App Check and requires that you are signed in with a [Firebase Auth](https://firebase.google.com/docs/auth) call the Function from your client application.
Now that you have an index with data in it, you can run text similarity search queries directly from your client application. Note that this Callable Function does not enforce [App Check](https://firebase.google.com/docs/app-check) or [Firebase Auth](https://firebase.google.com/docs/auth) by default, so any client with your Firebase project configuration is able to call it. The function only ever returns document IDs (never document contents), so your Firestore Security Rules continue to govern access to the underlying documents. If you need to restrict access to the query function itself, enable App Check enforcement and/or add your own authentication checks.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if instead of declaring that it's not enforced, we just remove the text saying that it is enforced? The changelog can reflect the clarification. Outside of that, users wouldn't automatically assume that it is enforced, so it doesn't seem relevant to document that it's not enforced.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah that's fair


```js
import firebase from "firebase";
Expand Down
2 changes: 1 addition & 1 deletion firestore-semantic-search/PREINSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Once installed, the extension does the following:
2. Provides a secure API endpoint to query similar documents (given an input document) that can be used by client applications
3. (Optional) Backfills existing data from target collection(s)

The query API endpoint is deployed as a Firebase Callable Function, and requires that you are signed in with a Firebase Auth user to successfully call the Function from your client application.
The query API endpoint is deployed as a Firebase Callable Function. Note that this function does not enforce Firebase Authentication or [App Check](https://firebase.google.com/docs/app-check) by default, so any client with your Firebase project configuration is able to call it. The function only ever returns document IDs (never document contents), so your Firestore Security Rules continue to govern access to the underlying documents. If you want to restrict who can call the query function itself, enable App Check enforcement and/or add your own authentication checks after installing the extension.

### Embeddings models

Expand Down
2 changes: 1 addition & 1 deletion firestore-semantic-search/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Once installed, the extension does the following:
2. Provides a secure API endpoint to query similar documents (given an input document) that can be used by client applications
3. (Optional) Backfills existing data from target collection(s)

The query API endpoint is deployed as a Firebase Callable Function, and requires that you are signed in with a Firebase Auth user to successfully call the Function from your client application.
The query API endpoint is deployed as a Firebase Callable Function. Note that this function does not enforce Firebase Authentication or [App Check](https://firebase.google.com/docs/app-check) by default, so any client with your Firebase project configuration is able to call it. The function only ever returns document IDs (never document contents), so your Firestore Security Rules continue to govern access to the underlying documents. If you want to restrict who can call the query function itself, enable App Check enforcement and/or add your own authentication checks after installing the extension.

### Embeddings models

Expand Down
2 changes: 1 addition & 1 deletion firestore-semantic-search/extension.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: firestore-semantic-search
version: 0.1.10
version: 0.1.11
specVersion: v1beta

icon: icon.png
Expand Down
Loading