Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I ensure Firebase database structure using anonymous auth?

Tags:

json

firebase-realtime-database

firebase-authentication

firebase-security

geojson

I have a public-input type app using Firebase, with anonymous auth. The user data is used to create points on a map. Each anonymous user can only edit the data inside the node matching their auth id - via security rules.

However, my app depends on a certain database structure. How do I ensure my database structure/integrity using anonymous auth, since the database url is client-side readable?

I think it is possible with security and validation rules, but I'm not sure. Maybe deny children creation in a node? This would be necessary to ensure the schema is followed.

Each auth node can have many key nodes, but I would want to limit this Firebase-side. And each key node must follow the schema below (so I can pull out the geojson easily). Below is my current setup - wondering what is missing?

"features" : {
    "5AGxfaK2q8hjJsmsO3PUxUs09Sz1" : {
      "-KS3R4sWPdcDkrxyIFX6" : {
        "geometry" : {
          "coordinates" : [ -81.88247680664062, 38.884619201291905 ],
          "type" : "Point"
        },
        "properties" : {
          "color" : "#2be",
          "title" : ""
        },
        "type" : "Feature"
      },

firebase rules

like image 433
malcolm Avatar asked May 18 '26 09:05

malcolm

1 Answers

Authentication and database schema are completely separate topics. You ensure database schema by using a combination of .write and .validate rules in your security doc, not by anything to do with your authentication provider (i.e. Anonymous authentication).

This is described in detail in our database security guide.

A quick summary:

  • hasChildren: specify required fields
  • newData: refer to the data being written
  • data: refer to data already in the database
  • .validate: specify data schema using things like newData.isString() or newData.val() == data.val() + 1

Keep in mind that .validate rules are only run for non-null values. Thus, if you want to try something like !data.exists() (i.e. you can only write to this path once and can't modify it later) or newData.exists() (i.e. you can't delete this data) then you need to specify those in a .write rule.

Refer to the guide for more detail.

like image 175
Kato Avatar answered May 21 '26 00:05

Kato
Sign in to Comment

Related questions

Converting json string of Intent to object of Intent giving exception
Query average point each student
PrimeFaces: JSON and DataTable
JSON object elements listed as undefined (tested both before and after using `jQuery.parseJSON()`)
Google Chrome -- Google search json download

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!