firebase-security

问题 I have a SwiftUI application, which uses Firebase as a back end, and my rules are something like this: rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { // This rule allows anyone on the internet to view, edit, and delete // all data in your Firestore database. It is useful for getting // started, but it is configured to expire after 30 days because it // leaves your app open to attackers. At that time, all client // requests to your Firestore database

问题 I am trying to test my security rules using the Firestore emulator. I made a firestore.rules security rule that disallows all reads and writes: service cloud.firestore { match /databases/{database}/documents { allow read, write: if false; } } I started the Firestore emulator from the terminal: firebase emulators:start --only firestore I then initialized my Firestore client: import firebase_admin from firebase_admin import firestore firebase_app = firebase_admin.initialize_app() self.client =

问题 New to Firestore security rules and is trying to understand it. I'm trying to write a security rule that allow only admins in my collection to write data and every one to read it. The collection of admins has document ids as admin names, that is for example, "Mary Lane". Within the documents I've fields: email: "userMailId@mail.com" uId: "firestore_user_Id" The uId is the id of Firestore user id. The data to write is an object Message and is: new Message(uId, title, messageBody, timestamp)

问题 For a side-project that is about to launch, I want to set-up a signup form where people can show their interest in getting an invite. I use Firestore for the application and want to create a new collection where I store all the potential users. As this form is published on the company website, I can not use security rules using authentication, as everybody has to be able to submit the form. For this reason, the write permission is public. Are there any measures I could take to prevent a smart

问题 This, to me, is the most basic authentication scheme for user-generated content, given a collection called "posts": Allow any authenticated user to insert into "posts" collection Allow the user who inserted the document into collection "posts", to read, update, and destroy the document, and deny all others Allow the user to list all documents in collection "posts" if they are the one who created the documents originally All examples I've found so far seem to rely on the document ID being the

问题 I have "groups" in Firestore. Each group has a "members" key. My goal is to write a Firebase Storage security rule to allow "write" only to members of a group: # I want something like this match /groups/{groupId} { allow read, write: if request.auth.uid in get(/database/groups/{groupId}/members); } 回答1: Security rules cannot read from another service, so you won't be able to implement groups in the way you describe here. You'll instead have to encode the knowledge of what groups somebody is a

问题 As far as I can see there are no security rules in the Firebase Storage that could limit the number of downloads per user. I can limit the file size or number of files for writes with a simple trick like this: match /public/{userId}/{imageId} { allow write: if request.resource.size < 5 * 1024 * 1024 && imageId.matches("[1-5]\.txt"); } And according to Google Quotas & Limits: There is an update limit on each object of once per second, so rapid writes to a single object won’t scale. So this is

问题 This question already has an answer here : Firebase: How to structure public/private user data (1 answer) Closed 2 years ago . I can't figure out how to filter data using Firebase database. I've read that rules can't be used for filters. But then how? I'd like a datastructure somewhat like the one below. i.e. a list of posts created by different users due for a specified time (user-id is not included in the layout below as I'm not sure where to put it) posts: { "-LKwbZsfy55d24kwX4t1" : { when

问题 I am trying to set up a firestore security rule to restrict the size of incoming data. service cloud.firestore { match /databases/{database}/documents { match /events/{eventId}{ allow read: if request.auth.uid != null; allow write: if request.auth.uid != null && request.resource.size < 1*1024*1024; } } } Above security rule returns an error FirebaseError: Missing or insufficient permissions. How do I validate the size of the incoming data without the error? Firestore structure firestore_db

问题 I created a Collection of user IDs for each user and I want to set the database rules to read the collection item only if the user ID matches the collection item name. I tried something like: service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read: if request.auth != null; } match /{userId} { allow read: if belongsTo(userId); } function belongsTo(userId) { return request.auth.uid == userId } } } 回答1: Firestore reads documents. There is no concept of