Firebase Setup
Steps:
- Create a Firebase project and enable Authentication providers (Google, Email link if desired).
- Create a service account (Editor) and download JSON. Base64-encode it and set
FIREBASE_SERVICE_ACCOUNT_BASE64in your web env. - Configure Firestore in Native mode. Add indexes as needed later.
- Install Firebase CLI and set default project.
Cloud Functions:
- Runtime Node 20, initialized once via
config.js. - Use scheduled functions for token refresh (
ytRefreshSweep,ttRefreshSweep).
Cloud Tasks queues:
- Queues must be created before enqueuing jobs. Use your Functions region (default shown is
us-central1). Create only the queues you need; you can add more later.
REGION=us-central1
# Orchestrator queue
gcloud tasks queues create orchestrate-posts --location="$REGION"
# Provider publish queues (create what you use)
gcloud tasks queues create publish-facebook --location="$REGION"
gcloud tasks queues create publish-instagram --location="$REGION"
gcloud tasks queues create publish-threads --location="$REGION"
gcloud tasks queues create publish-x --location="$REGION"
gcloud tasks queues create publish-tiktok --location="$REGION"
gcloud tasks queues create publish-youtube --location="$REGION"
# Metrics queues
gcloud tasks queues create tiktok-metrics --location="$REGION"
Optional tuning example (align with provider rate limits):
gcloud tasks queues update publish-x \
--location="$REGION" \
--max-dispatches-per-second=10 \
--max-concurrent-dispatches=5 \
--max-attempts=5 \
--min-backoff=10s \
--max-backoff=600s
Security rules: ensure users/{uid} and subcollections are secured; server writes come from Admin SDK.
Storage:
- Create the default Cloud Storage bucket (choose region).
- Set bucket CORS to allow uploads from your web origins. Create your own
cors.jsonfile locally (keep it out of source control) using the example below and replace the origins with your actual domains:
cors.json
[
{
"origin": [
"http://localhost:3000",
"http://127.0.0.1:3000",
"https://<your-vercel-domain>",
"https://<your-custom-domain>"
],
"method": ["GET", "HEAD", "PUT", "POST", "DELETE"],
"responseHeader": [
"Content-Type",
"Authorization",
"x-goog-meta-*",
"x-goog-resumable",
"x-goog-upload-*"
],
"maxAgeSeconds": 3600
}
]
This snippet is illustrative only; update origins/methods to match your deployment.
Apply with:
gsutil cors set cors.json gs://<your-bucket>
gsutil cors get gs://<your-bucket>
Storage rules (restrict per-user reads/writes for videos):
storage.rules
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /users/{uid}/videos/{file=**} {
allow write: if request.auth != null && request.auth.uid == uid;
allow read: if request.auth != null && request.auth.uid == uid;
}
match /{allPaths=**} {
allow read, write: if false;
}
}
}
Deploy rules:
firebase deploy --only storage