firebase-security-rules

im currently setting up a dialogflow bot (for faq and contact) and the fulfillment / data storage is being done in firebase firestore using google cloud functions (nodejs). Obviously I would like to have security rules, limiting the access to the database to only dialogflow. Could anyone point me in the right direction how I would go about doing this? The examples I found, were all check regarding something stored in the database, which wouldn't work in my case..? Doug Stevenson Security rules are only relevant when you have a mobile client (Android, iOS, web) directly accessing some data in

Is there a way to check if the request user email is verified in the Firestore security rules? something like: function isEmailVerified() { return request.auth.emailVerified == true; } The correct syntax is: request.auth.token.email_verified If you want to know all claims available in your token, you can decode the JWT in your app or through jwt.io. Some relevant documentation: https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth https://firebase.google.com/docs/reference/security/database/#authtoken (for a list of the claims in there by default) 来源： https:/

Hi I am using Firebase Cloud Storage to develop web application. I would like to set different security rules for setting file from deleting file. It seems that write includes both of them according to the document. Does anyone know how to solve this problem? What I would like to do is this. Anyone can set file if they are loggedin. Only user who set the file can delete it. You can detect that a file is being deleted with request.resource == null in your rule. But there is no property in the file objects (that I know of) to know who created the file. A common approach is to store the files

I am unable to get Firebase Storage work with custom rules and using custom claims. In my Python Admin panel, I do the following to create the user and assign a claim client_id: # Standard Auth import firebase_admin from firebase_admin import db, storage, auth cred = firebase_admin.credentials.Certificate('path_to_cert_json') app = firebase_admin.initialize_app(cred, 'config') bucket = storage.bucket(app=app) # Create User auth.create_user(email=email) # Create custom claims auth.set_custom_user_claims(uid, {'client_id': client_id}) Then for Firebase rules, I try to allow the user to only read

Use Case Summary User A creates a story User A shares story with unknown (to the app) User B via email (sent via cloud function) User B receives an email about the story User B visits app and creates a new account User B sees/reads story create by User A Note: stories can only be seen by whom they been shared with or created by I'm building a role based access system. I've been looking at the role based access firestore documentation and I'm missing one piece. Consider a story that can only be read by a user for which that story has been shared. Most examples including the firestore example

I'd really like to be able to secure my firestore db by allowing only firebase functions to write to the specific collection... how would I go about doing that? Looking at there documentation I do not find anything that might state how you could do that. For instance, I am looking for something like: service cloud.firestore { match /databases/{database}/documents { // Match any document in the 'cities' collection match /cities/{city} { allow read; allow write: if <from firebase function>; } } } Cloud Functions for Firebase code generally accesses other Firebase products using the Firebase