Secure HTTP trigger for Cloud Functions for Firebase -

is there way check if user firebase-authorized before triggering cloud function? (or within function)

yes. need send firebase id token along request (for example in authorization header of ajax request), verify using firebase admin sdk. there in-depth example in cloud functions firebase samples repository. looks (made shorter post):

const functions = require('firebase-functions'); const admin = require('firebase-admin'); const cors = require('cors')();  const validatefirebaseidtoken = (req, res, next) => {   cors(req, res, () => {     const idtoken = req.headers.authorization.split('bearer ')[1];     admin.auth().verifyidtoken(idtoken).then(decodedidtoken => {       console.log('id token correctly decoded', decodedidtoken);       req.user = decodedidtoken;       next();     }).catch(error => {       console.error('error while verifying firebase id token:', error);       res.status(403).send('unauthorized');     });   }); };  exports.myfn = functions.https.onrequest((req, res) => {   validatefirebaseidtoken(req, res, () => {     // know they're authorized , `req.user` has info them   }); });