Challenge - 5 Problems

🎖️

Firebase with Next.js Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ service_behavior

intermediate

2:00remaining

How does Next.js handle Firebase client SDK initialization?

In a Next.js app using Firebase client SDK, what is the best way to initialize Firebase to avoid multiple instances during hot reloads?

Firebase

import { initializeApp, getApps } from 'firebase/app';

const firebaseConfig = { /* config */ };

const app = !getApps().length ? initializeApp(firebaseConfig) : getApps()[0];

export default app;

AInitialize Firebase only on the server side and never on the client.

BInitialize Firebase inside a React component directly without checking existing apps.

CInitialize Firebase once globally and reuse the instance by checking if apps exist.

DInitialize Firebase multiple times in different files without sharing the instance.

Attempts:

2 left

❓ Architecture

intermediate

2:00remaining

Where should Firebase Admin SDK be used in a Next.js app?

In a Next.js app, where is the correct place to use Firebase Admin SDK for secure server-side operations?

AIn static files served to the client.

BInside API routes or server-side functions only.

CDirectly in the browser JavaScript code.

DInside React components rendered on the client side.

Attempts:

2 left

❓ Configuration

advanced

2:00remaining

What is the correct way to protect Firebase API keys in a Next.js app?

Given Firebase API keys are public by design, how should you protect sensitive Firebase operations in Next.js?

AUse Firebase client SDK on the client and restrict sensitive operations to server-side API routes with Admin SDK.

BStore API keys in environment variables and never expose them to the client.

CHardcode API keys in client-side code but obfuscate them with base64 encoding.

DUse Firebase API keys only in serverless functions and never initialize Firebase on the client.

Attempts:

2 left

🧠 Conceptual

advanced

2:00remaining

What happens if you call Firebase client SDK inside getStaticProps in Next.js?

Consider calling Firebase client SDK methods inside getStaticProps in Next.js. What is the expected behavior?

Firebase

import { initializeApp } from 'firebase/app';
import { getFirestore, collection, getDocs } from 'firebase/firestore';

const firebaseConfig = { /* config */ };

export async function getStaticProps() {
  const app = initializeApp(firebaseConfig);
  const db = getFirestore(app);
  const snapshot = await getDocs(collection(db, 'posts'));
  return { props: { posts: snapshot.docs.map(doc => doc.data()) } };
}

AIt causes runtime errors because client SDK depends on browser APIs not available at build time.

BIt fetches data but with slower performance than Admin SDK.

CIt works fine because getStaticProps runs on the server at build time.

DIt fetches data but exposes Firebase credentials to the client.

Attempts:

2 left

❓ security

expert

3:00remaining

How to securely implement Firebase Authentication with Next.js API routes?

You want to verify Firebase ID tokens sent from the client in Next.js API routes. Which approach is correct?

Firebase

import { getAuth } from 'firebase-admin/auth';

export default async function handler(req, res) {
  const idToken = req.headers.authorization?.split('Bearer ')[1];
  try {
    const decodedToken = await getAuth().verifyIdToken(idToken);
    res.status(200).json({ uid: decodedToken.uid });
  } catch (error) {
    res.status(401).json({ error: 'Unauthorized' });
  }
}

ASkip token verification and rely on Firebase security rules only.

BVerify ID tokens on the client side only and trust client validation.

CSend ID tokens to third-party services for verification outside Next.js.

DVerify ID tokens in API routes using Firebase Admin SDK's verifyIdToken method.

Attempts:

2 left