Week 3: Building Secure Functions with GCP and Firebase Auth

 June 23–27, 2025

Christian M. Lagarde – 3rd Year Computer Science Student
Bicol University 

Securing the Flow: First Steps into GCP and Firebase Integration

Week 3 marked a shift from setup to system-building. After two weeks of AWS-based backend development and server setup, I was introduced to another critical cloud platform in modern development—Google Cloud Platform (GCP). While the environment and terminology differed from AWS, the underlying architecture felt familiar: serverless functions, secure access, and scalable deployments.

At the center of this learning curve was Google Cloud Functions—a serverless solution that lets developers run backend logic without managing infrastructure. I spent the first half of the week exploring how these functions are deployed, triggered, and monitored in production environments. It was my first real exposure to GCP, and I took time to understand not just the tools, but the philosophy behind Google’s approach to cloud services.

Lodging Flow Begins: Laying the Security Foundation

Midweek, I officially joined the Lodging Flow project—an internal system aimed at managing lodging transactions and operations. My initial assignment was to help establish the foundation: ensuring that the backend functions were secure, CORS-compliant, and protected through authentication and encryption.

The first task was enabling CORS (Cross-Origin Resource Sharing) on our cloud functions. This seemingly small configuration step was critical in ensuring that frontend clients—especially those hosted on different domains or ports—could securely interact with our backend services.

Next came Firebase Authentication integration. Using the modular SDK, I updated key endpoints to require valid ID tokens before allowing access. Functions were now protected behind identity checks—no longer open to anonymous requests. These checks were configured server-side to ensure that sensitive operations, such as booking or editing user information, could only be performed by authenticated users.

Encryption and Decryption: Handling Sensitive Data Responsibly

Data privacy is at the core of any modern cloud system. For Lodging Flow, that meant integrating AES encryption and decryption into our function logic. Any sensitive fields—personal information, room booking details, or financial data—were encrypted before storage and decrypted upon retrieval.

I built out utility functions that handled this process, ensuring each field followed a consistent encryption protocol using a shared secret key stored in environment variables. These functions were tested locally and remotely, confirming they preserved integrity even under edge cases.

Working through this made it clear: cloud functions aren’t just event handlers—they’re guardians of trust. They control access, enforce logic, and protect data. And when configured properly, they form the backbone of a secure application.

Documenting the Workflow: Clarity Through Postman

To ensure consistency across our team, I also began creating Postman documentation for each cloud function. I annotated each endpoint with request samples, expected headers (including Bearer tokens), and sample encrypted response payloads.

Postman became more than just a testing tool—it was now part of our internal documentation strategy. Clear requests. Valid test cases. Reproducible errors. These helped streamline our discussions and validate functionality with mentors and peers.

Reflection: A New Platform, A Familiar Mission

This week wasn’t about building complex new modules—it was about laying a secure and reliable foundation on a new platform. GCP may have introduced new syntax, but the goals were the same: protect the system, enforce access control, and build with scalability in mind.

The Lodging Flow project is just beginning, but it already reflects a real-world mindset: prioritize security early, understand the full request lifecycle, and always document your decisions.

By the end of Week 3, I had contributed to a system that accepts authenticated requests, secures its data, and runs on scalable infrastructure—and I now understood not only how, but why that matters.

Completed Highlights

  • Familiarization with Google Cloud Functions architecture and deployment

  • Joined Lodging Flow project and began backend implementation

  • Added CORS configuration to cloud functions

  • Integrated Firebase Authentication with route-level protection

  • Implemented AES encryption and decryption of sensitive fields

  • Created Postman documentation for Lodging Flow API endpoints


End of Week 3 Narrative

Comments

Post a Comment

Popular posts from this blog

Week 2: Refactoring and Cloud Integration

  June 16–20, 2025 Christian M. Lagarde – 3rd Year Computer Science Student Bicol University  From Local Logic to Cloud Literacy: The AWS Transition The second week of my internship at StraStan Solutions Corp. brought with it a shift in both environment and expectation. Where the first week had grounded me in local backend development using Express.js and Node, this week pulled me into something far larger— the cloud . It started with an AWS setup tutorial that would lay the foundation for everything we were about to build. The transition from developing purely on my machine to understanding infrastructure-as-code was disorienting at first. AWS CDK was no longer just a buzzword—it was the bridge between code and scalable deployment. Node.js Conversion: Building on Familiar Ground While I explored the AWS ecosystem, I was also tasked with converting the Project Task Manager API —originally built in Week 1 using Express.js—into a more modular and cloud-ready Node.js vers...
Read more

Week 1: Orientation and Onboarding

  June 9–13, 2025 Christian M. Lagarde – 3rd Year Computer Science Student Bicol University The Digital Threshold Monday marked the start of a new chapter—not just another academic requirement, but the real-world application of everything I’d been studying for the past three years. As I joined the virtual orientation hosted by Mr. Mohammad Ali Fereydouni, our OJT manager at StraStan Solutions Corp., I was acutely aware of the transition that was taking place. We weren’t just students anymore. We were contributors. The meeting was brisk and purposeful. Mr. Fereydouni introduced StraStan not just as a company, but as a training ground where we would be treated like junior developers, not observers. Expectations were made clear. The workload would be real. And we would be held accountable. I welcomed the challenge. Infrastructure of Independence By Tuesday, we were setting up access to tools and resources. The remote desktop configuration, Chrome work profile setup, and environ...
Read more

Week 7: Frontend Fixes and Collaborative Admin Panel Design

  OJT Weekly Narrative – Week 7 July 21 – July 25, 2025 Christian M. Lagarde – 3rd Year Computer Science Student Enhancing User Experience: Frontend Improvements and Admin Panel Creation Week 7 was dedicated to improving the Jewelry E-Commerce project’s frontend, focusing on both user-facing features and administrative tools. I concentrated on fixing issues in the products section and refining the add-to-cart functionality to ensure a smoother shopping experience. Collaborating closely with a team member, I also designed and developed the admin panel frontend , laying out an intuitive interface for product and order management. This panel will serve as the control center for admins to efficiently oversee store operations. Through these tasks, I deepened my understanding of frontend frameworks and strengthened my teamwork skills, balancing design considerations with functional requirements. Reflection: Frontend Functionality Meets User and Admin Needs This week reminded m...
Read more