How to decrypt the encrypted UID using firestore security rules? [closed]

Question

1. I get the uid, when users login to firebase for the first time using phone number.
2. Then I have encrypted the uid.

3. Then I have created a Collection as users with Document Id uid in the firestore like: users/uid.

4. Now the users want to write into users/userId, if the condition is true like below:

  match /users/{userId} {
     allow write: if request.auth.uid == userId;
  }

Here as I mentioned in number 2 the userId is encrypted, but the request.auth.uid is not encrypted.

So how we can decrypt it here the (userId) ?

If I use hashing sha256, so how can I decode the sha256 in client side ?

I am using crypto-js

Answer 1

According to the documentation, you can use hashed values in security rules. If you are not using one of the hashing algorithms described, then it will not work. You can read about how it works in the release notes:

New hashing and hashing-adjacent methods are:

hashing.crc32()
hashing.crc32c()
hashing.sha256()
hashing.md5()
<ByteValue>.toBase64()
<ByteValue>.toHexString()
<String>.toUtf8()

For example, previously, if the version of an email in Firestore was hashed with SHA-256, you wouldn't be able to compare that email to the plaintext email sent with the auth object. Now you can:

hashing.sha256(request.auth.email.utf8()) == resource.data.ownerEmailHash

Alternatively, if you have a field in a document for users to store their novellas, you may want to have a shorter identifier for that very long string:

match /novellas/{hash} {
 allow write: if hash == hashing.sha256(request.resource.data.
           novella.utf8()) && resource == null
}

Strings are treated as UTF-8-encoded bytes, and the return value is a Bytes type:

hashing.md5("Tag".utf8()) => b"wQEFjn6iG7vypayJMIjpCw=="