mobile ecommerce development

How to create firebase security rules example.

Find below Firebase secuity rules. Be sure to change the default or anyone who knows your databse address can change, delete or modify the database.

Step 1 These rules give anyone, even people who are not users of your app, read and write access to your database. During development, you can use the public rules in place of the default rules to set your files publicly readable and writable. This can be useful for prototyping, as you can get started without setting upAuthentication. This level of access means anyone can read or write to your database. You should configure more secure rules before launching your app.

// No Security
{ 'rules': { '.read': true, '.write': true }
}

Step 2 Full Security These are the default rules that disable read and write access to your database by users. With these rules, you can only access the database through the Firebase console

// Full security
{
'rules':
{ '.read': false, '.write': false
}
}

Step 3 Only authenticated users can access/write data

{
'rules':
{ '.read': 'auth != null', '.write': 'auth != null'
}
}

Step 4 User Authentication from a particular domain

{
'rules':
{ '.read': 'auth.token.email.endsWith(‘@example.com’)', '.write': 'auth.token.email.endsWith(‘@example.com’)'
}
}

Step 5 User Data Only

// user's ID from the Firebase auth token
{
"rules":
{
"users": {
"$uid":
{
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
}
}

Step 6 Validates user is moderator from different database location

"{
“rules”:
{ "posts":
{ "$uid": { ".write": "root.child(‘users’).child(‘moderator’).val() === true"
}
}
}
}"

Step 7 Validates string datatype and length range

{
“rules”: {
“posts”: {
“$uid”:
{ “.validate”: “newData.isString() && newData.val().length > 0 && newData.val().length <= 140” }
}
}
}

Step 8 Checks presence of child attributes

{
“rules”: {
“posts”: { “$uid”:
{ “.validate”: “newData.hasChildren([‘username’, ‘timestamp’])”
}
}
}
}
Get in touch