I would like to be able to have my database only accessible from 3 Google domains. I can access it from one domain but when I try to add more it fails.
The rules I have tried so far:
{
"rules": {
".read": "auth.token.email.endswith('mycompany#gmail.com')"
}
}
I have tried to add an or statement into it but with the second domain I don't get authorised.
Try playing with this syntax instead:
"auth.token.email.matches(/.*#gmail.com$/)"
You can put logical operators inside as well - &&, ||.
More here and obviously here.
Related
I've just simply copy and pasted over a firebase rule from this documentation to implement token revocations. However, the RTDB rule engine does not allow this expression to be published, notice the screenshot below..
I have literally copied this rule from the documentation found here: https://firebase.google.com/docs/auth/admin/manage-sessions#revoke_refresh_tokens
The error is shown in the picture below:
what am I doing wrong here?
Yeah, that looks like it's not going to work. Luckily you can get the same result with a bit more code:
".read": "$user_id === auth.uid
&& (!root.child('metadata').child(auth.uid).child('revokeTime').exists()
|| auth.token.auth_time > root.child('metadata').child(auth.uid).child('revokeTime').val())
So instead of using the || 0 trick to handle the case where there's no revokeTime, this now have an explicit condition for that case.
I also filed a bug to get this fixed in our documentation.
I wrote a simple rule,
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /image/{fileName} {
allow read: if resource != null;
allow write: if false;
}
}
}
Then I added a file in /image folder in the default bucket. Using the Rules playground simulator tries a read request to the file and it failed. It is saying the resource is actually a null.
Any ideas why? From their documentation it seems like it should not do this or am I missing something? Any help will be highly appreciated.
(Update) Following was what I originally tried doing,
--- (Update in response to Franks post)
Hi Frank, I tried exactly what you suggested, still no luck :(. Attaching the screenshot here.
(Update) Frank's suggestion is correct, the file name mismatch was the issue as you originally suggested. The actual file name is scribble.jpg and I typed scibble.jpg in the simulator. After correcting, it was working as expected.
While I thought I could reproduce the problem, after carefully copy/pasting the paths of some existing files, I can now no longer reproduce this in any project/test.
No idea what's going on for you, but I recommend copy/pasting the file names/paths as I did. Especially check for training spaces with in the file name, and in the Location value you enter in the playground, as they are incredibly easy to overlook and will cause the rules to fail.
I have security rule write like this :
/databases/{database}/documents {
match /collection_COUNTRY_EN/{docId} {
allow....
}
match /collection_COUNTRY_ES/{docId} {
allow...
}
}
Where the rule are identical to all the country. Is there a way to implement regex in the match /path to have the same rule for all the collection that start with something and end with a country code ?
Or does i have to structure my data in a different way ?
Thanks for your time.
Security rules do not support regex in the path match. You can only wildcard on the full name of a path segment.
What you might want to do instead is organize all your common top-level collection into subcollections organized under a known document, and apply the same rules to each of them that way:
match /countries/data/{countryCollection}/{docId} {
allow...
}
This would apply the same permissions to all country subcollections organized under /countries/data, which can be an empty document, or even a non-existent document.
I've taken a look at some of the other questions that are like mine, and they all seem to be having little to no trouble with their database rules and nested queries. As a result, I'm a little confused as to why my query isn't working out.
Just for reference, here's my query: curl 'https://----.firebaseio.com/flights.json?orderBy="classes/economy/price"&startAt=2'
Here's what the relevant database structure looks like:
My rules are:
This is the error shown:
Any help would be greatly appreciated.
You need to define indexes at the location where you run the query. Since your query runs on the flights node, you'll need an index on classes/economy/price there.
So:
{
"rules": {
"flights": {
".indexOn": "classes/economy/price"
}
}
}
consider this existing data in a Firebase Realtime Database
db.ref('path/to/child').once('value')
{
"data":{
"this":"value",
"that":"value"
}
}
consider this set operation to the original data
db.ref('path/to/child').update({"data":{"this":"newValue"}})
{
"data":{
"this":"newValue",
}
}
how do we perform an update so that the unchanged data is preserved
db.ref('path/to/child').foo({"data":{"this":"newValue"}})
{
"data":{
"this":"newValue",
"that":"value"
}
}
Right now, your code is telling Firebase to update the entire data child under path/to/child. Instead, you should reference the most deep path to the final child node you want to update:
db.ref('path/to/child/data').update({"this":"newValue"})
Note that I've put data in the reference, instead of the object to update.
I had the same issue but the example above didnt work. I came to the same conclusion based on the docs which also didn't work. It still overwrote the content in "data".
Testing with a slash after data (in my case the object key) worked for me. Maybe I'm still misunderstanding something about how this works, but thought I'd add this incase anyone else hit the same issue. If I'm wrong, please explain.
This did work exactly as I expected.
db.rev('path/to/child/data/').update({"this": "newValue")
// almost exact path I use on some random test data
// path -> root/userid/list/listid/
db.rev('user/2FsJBrxZHQFff61QkMIuTV49KBUcQ2/list/MOwh_FwDmlKbxsfUmZS/').update({"name": "newValue")