Rule of authentication using Firebase Database

I need to establish a rule in my Firebase Database to prevent unauthorized access for reading and writing purposes.
Within my database, there is a collection of words, each containing a "uid" field that corresponds with the uid of the authUser key stored in local Storage.

When making a REST call to Firebase, I include the uid parameter:

const urlByUser = 'orderBy="uid"&equalTo="'+uid+'"';

I have set up the following ".read" rule in my Firebase db, but it doesn't seem to be functioning correctly (I continually encounter unauthorized access even when passing the access token as a URL parameter):

{
  "rules": {
      "words": {
      ".indexOn": ["uid"],
      "$uid": {
        ".read": "$uid == auth.uid"
      }
    }
  }
}

Is there an issue within this rule?
Thank you.

typescriptfirebasefirebase-realtime-databasefirebase-authenticationfirebase-security

Answer №1

When querying a location, the default requirement is that you must have read access to the entire location. This means that data cannot be filtered using rules.

A new feature allows you to write rules that control which queries are permitted in specific locations. For example, you can specify that reading from /words is only allowed if the query includes filtering by auth.uid. This way, you can create a rule that permits appropriately filtered queries and rejects unfiltered or incorrectly filtered listeners.

To learn more about this feature, refer to the Firebase documentation and the Firebase blog post on Introducing Query-based Security Rules. The code snippet below is adapted from those sources:

{
  "rules": {
     "words": {
        ".read": "auth.uid != null &&
                  query.orderByChild == 'uid' &&
                  query.equalTo == auth.uid"
     }
  }
}

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Route user based on login status using router

I want to set up automatic routing to a login page for users who are not logged in. app.module.ts import { RouterModule, Routes } from '@angular/router'; import { AppComponent } from './app.component'; import { LoginComponent } from &ap ...

angulartypescriptauthenticationroutesrouter

Steps for downloading a verified Google Storage URL on a client device

I am facing an issue with generating a signed URL to allow downloading a specific file from my bucket. Here is the code snippet I am using: exports.download = functions.https.onRequest((req, res) => { const userID = req.query.userID; const downloadI ...

node.jsfirebaseexpressgoogle-cloud-functionsgoogle-cloud-storage

Customize the date format of the Datepicker in Angular by implementing a personalized pipe

I am dealing with a datepicker that defaults to the MM/dd/yyyy format, and I need it to adjust based on the user's browser language. For example, if the browser language is English India, then the format should be set to dd/MM/yyyy as shown below. Be ...

javascriptangulartypescriptdatedatepicker

What is the best way to showcase information in Angular?

I am facing an issue where my cards are not displaying data from the database, they appear empty. Can anyone provide a solution to help me fix this problem? Below is the output I am getting, with the empty cards that I want to populate with data. MY TS: l ...

htmlangulartypescript

Navigate to a different page using the A-g Grid router when a row is

Having trouble making the router link interact with Ag grid. When I use the router link ="url", it always takes me to a different page every time I click on anything in the grid. What I really want is for clicking on an individual row to redirect me to an ...

angulartypescriptag-grid

TypeScript perplexed Babel with its unfamiliar syntax and could not compile it

Encountered a problem while attempting to compile typescript. It appears that babel was unable to comprehend the "?." syntax on the line node.current?.contains(event.target) export function useOnClickOutside(node: any, handler: any) { const handlerRef = ...

reactjstypescript

TypeScript does not throw a compiler error for incorrect type usage

In my current setup using Ionic 3 (Angular 5), I have noticed that specifying the type of a variable or function doesn't seem to have any impact on the functionality. It behaves just like it would in plain JavaScript, with no errors being generated. I ...

typescriptecmascript-6ionic3angular5static-typing

Issue found in the file assert.d.ts located in the node_modules directory: Expected '{' or ';' at line 3, character 68. Error code: TS1144

When attempting to start the angular application with ng serve, I encountered an error. Below are the project details: Angular CLI: 8.2.0 Node: 14.19.1 OS: darwin x64 Angular: 8.2.0 ... animations, cli, common, compiler, compiler-cli, core, forms ... platf ...

node.jsangulartypescript

Angular class requires multiple class members and validators for MatSelection List to be bound with Formbuilder

Could you please guide me on how to connect the Google Angular Materials mat-selection-list with the FormBuilder? We have the following class and are attempting to utilize Reactive Form Builder for this purpose. While we are aware of how to link data class ...

angulartypescriptangular-material

The entry for "./standalone" in the "@firebase/database-compat" package does not have any documented conditions

Upon running npm run build for my sveltekit project, I encountered the following error generated by vite: 7:55:49 PM [vite-plugin-svelte] When trying to import svelte components from a package, an error occurred due to missing `package.json` files. Contact ...

typescriptfirebasenpmsveltesveltekit

The JavaScript code is executing before the SPFX Web Part has finished loading on the SharePoint page

I recently set up a Sharepoint Page with a custom masterpage, where I deployed my SPFx Webpart that requires certain javascript files. While the Webpart functions correctly at times, there are instances when it doesn't work due to the javascript bein ...

javascripttypescriptsharepointdocument-readyspfx

Although everything appears to be running smoothly in Express, my request is returning null

I am facing an issue with a router in my code. In the main index.ts file, I have the following line: app.use("/api/tshirts", tshirts) And in tshirts.ts file, I have defined the following routes: router.get("/", tshirtsController.getTShirts) router.get("/ ...

javascriptnode.jstypescriptexpress

Updating the main window in Angular after the closure of a popup window

Is it possible in Angular typescript to detect the close event of a popup window and then refresh the parent window? I attempted to achieve this by including the following script in the component that will be loaded onto the popup window, but unfortunatel ...

angulartypescript

Issues with Angular not reflecting data changes in the view after updates have occurred

I have a setup with two components. One is responsible for creating new data entries, while the other one is in charge of listing all the data stored in a database. The issue I'm facing is that even though the creation component successfully adds new ...

angulartypescriptangular-servicesangular-components

Adding a constant to a Vue component

Currently working on developing an application using Vue and TypeScript. I'm focused on refactoring some aspects, particularly moving hard-coded strings from a template to a separate constant. What has been implemented is as follows: export const va ...

typescriptvue.js

Leveraging TypeScript to sort and extract specific elements from two arrays

Given two arrays, I am looking to identify the elements in array2 that match elements in array1 based on a specific property. The arrays are structured as follows: var array1 = [ {"myId": 1, "text": "a"}, {"myId& ...

javascriptarraystypescriptecmascript-6filter

I don't understand why I'm receiving the error message "Unsafe assignment of an `any` value" when I clearly defined the value as a string with a default value

I am puzzled by the 2 eslint errors in this code snippet. The property is declared as a string with a default value: export default { name: '...', props: { x: { type: String, required: true, default: '' } ...

typescriptvuejs3eslint

Create a global variable by importing an external module in TypeScript

I am currently developing a TypeScript npm module called https://www.npmjs.com/package/html2commonmark. This module is versatile and can be utilized in nodejs (via require) as well as in the browser (by loading node_modules/html2commonmark/dist/client/bund ...

javascriptnode.jstypescripttypescript1.7

ionChange - only detect changes made in the view and update the model in Ionic 2

In my Ionic 2 application, I have a feature that allows users to schedule notifications as reminders. The requirements for this feature are as follows: Upon entering the reminder page, it should check if there is a saved reminder. If a reminder is saved ...

androidangulartypescriptionic2reminders

Clearing error messages from a form using the reset button or after cancelling the form

I am having trouble removing the error outline around the input box and error messages displayed below it. When I cancel the form or click on the reset button, the input fields' content along with the error messages should be cleared. However, current ...

angulartypescript