Menu
im currently setting up a dialogflow bot (for faq and contact) and the fulfillment / data storage is being done in firebase firestore using google cloud functions (nodejs).
Obviously I would like to have security rules, limiting the access to the database to only dialogflow. Could anyone point me in the right direction how I would go about doing this?
The examples I found, were all check regarding something stored in the database, which wouldn't work in my case..?
665
Since Cloud Firestore backend SDKs running in Cloud Functions have privileged access to Cloud Firestore, they will bypass all security rules.
firestore. rules // is a file used to define the security rules for your Firestore database. firestore.
To set up and deploy your first set of rules, open the Rules tab in the Cloud Firestore section of the Firebase console. Write your rules in the online editor, then click Publish.
Firebase gives direct access to Firestore from an app using the Firebase SDK, and that access is protected by security rules that you deploy to your project.
Security rules are only relevant when you have a mobile client (Android, iOS, web) directly accessing some data in Firestore, Cloud Storage, or Realtime Database. It also applies to unauthenticated access from the REST API. Any other access from a backend, including code you might write for a dialogflow fulfillment hook, isn't subject to security rules. That is to say, accessing these resources from a backend through the admin SDK ignores security rules altogether.
If you only intend to access these products from a backend, just make your your security rules disallow public access from mobile clients.
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
