🖌
Firebase+React_Notes
🖌
Firebase+React_Notes
🖌
Firebase+React_Notes
🖌
Firebase+React_Notes
Firebase React Notes
React + firebase
Firebase - Create React app setup
Firebase React context
Firebase function local dev react
React firebase hooks
Multiple ENVs
Multiple ENVs
Manual setup
Terraform
Firestore
Firestore
Firestore data model
associated Firebase data with Users
Firestore write
Firestore - read
Firestore update
Persisting data offline
Importing json
Auth
Auth
Firebase UI
Firebase Auth with React
Linking auth accounts
Twitter sign in
Google sign in
Database Auth
Custom tokens
Cloud Functions
Cloud Functions
Set node version
Set timeout and memory allocation
Call functions via HTTP requests
HTTPS Callable
Separate Cloud Function in multiple files
Slack integration
Twilio firebase functions
ffmpeg convert audio
ffmpeg transcoding video
Storage
Security
Create
Delete
Uploading with React to Firebase Storage
Getting full path
Firebase `getDownloadURL`
Saving files to cloud storage from memory
Hosting
Hosting
Firebase Admin
Firebase admin
Firebase analytics
Firebase analytics
Google App Engine
Google App Engine
GCP App Engine + video transcoding
STT
STT + Cloud Function + Cloud Task
Other
CI Integration
Travis CI integration
Github actions integration
Visual code
Visual code extension
Electron
Firebase with electron
Pricing
Pricing
Testing
Unit testing
Privacy and Security
Privacy and security
Useful resources
links
Firebase Extensions
Firebase extension
Chrome Extension
Firebase in a chrome extension
Cloud Run
Cloud Run
Powered by GitBook

Security

NoSQL Schema

Recommended schema is having the userId somewhere in the file path, and updating the Security Rules like so:

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/{bucket}/o {
    // Files look like: "user/<UID>/path/to/file.txt"
    match /user/{userId}/{allPaths=**} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

Sub-collections

If you use something like {allPaths=**}, this also includes subcollections. If you have set up conditionals based on the response object, you will need to ensure that the condition exists at every level. For example:

// Grants a user access to a node matching their user ID
service firebase.firestore {
  match /document/{database}/tables {
    match /user/{userId}/{allPaths=**} {
      allow read, write: if response.data.role == "ADMIN";
    }
  }
}

This will expect even subcollections that matched with {allPaths=**} to have a field role. In order to get around this you want to set a full path:

// Grants a user access to a node matching their user ID
service firebase.firestore {
  match /document/{database}/tables {
    match /user/{userId}/{allPaths=**} {
      allow read, write: if get(/document/$(database)/tables/user/$(request.auth.uid)).data.role == "ADMIN";
    }
  }
}

​

​https://medium.com/@khreniak/cloud-firestore-security-rules-basics-fac6b6bea18e​

Cloud Functions - Previous
ffmpeg transcoding video
Next - Storage
Create
Last updated 2 years ago
Contents
NoSQL Schema
Sub-collections