Back to work

Backend engineer

Bronirka — backend

Cloud Functions on TypeScript

TypeScriptNode.jsCloud FunctionsFirebase AdminFirestoreStoreKit JWS

Status · Production

Problem

Subscription apps that trust the device for entitlement state get exploited within weeks. The booking app needed verifiable, replay-proof receipts and Firestore-side enforcement of plan limits.

Approach

  • 01Server-side validation of StoreKit 2 signed transactions (JWS) — verifying Apple's signature and replaying receipts against a transaction store before granting entitlement.
  • 02Callable HTTPS functions for privileged actions (refunds, manual entitlement, support overrides).
  • 03Firestore triggers for derived state — counters, search shards, denormalized booking summaries — keeping client reads cheap and consistent.
  • 04Structured logging with redaction; alerts on signature-validation failures.

Outcome

Stable transactional backbone that the iOS app, web client and admin tools share. Zero entitlement-fraud incidents in beta.