What is the best way to stop an attacker from triggering a Cloud Function repeatedly, causing a huge bill or causing the project to run into quota limits?
Some ideas:
Check my answer here.
Short breakdown of items from my answer :
Hope it helps :)