search

GodotNuts / GodotFirebase

Implementations of Firebase for Godot using GDScript
MIT License
517 stars 74 forks source link

[BUG] after authentication Firestore still return 403 on get_doc() (4.x) #376

Closed thiscris closed 6 months ago

thiscris commented 6 months ago

Describe the bug

My code

# Anonymous login
Firebase.Auth.login_anonymous()
await Firebase.Auth.signup_succeeded
# Connect to collection
var collection = Firebase.Firestore.collection("users")
print_debug(collection.auth.idtoken) #to be tested externally
print_debug(collection._base_url + collection._extended_url + collection.collection_name) #to be tested externally
# Get document
var document = await collection.get_doc("1")

Returns 

  [Firebase Error] >> Action in error was: 4
  [Firebase Error] >> Missing or insufficient permissions.

Is Firebase set up correctly? I assume so, because when I use the access token printed out from collection.auth.idtoken in a browser javascript console test, I receive the requested document.

This is what I use in my JS console test:

const accessToken = '[TOKEN_FROM_GODOT_PRINT_DEBUG]'; // Replace with the access token you obtained

// Firestore REST API endpoint for reading a document
const firestoreEndpoint = `https://firestore.googleapis.com/v1/projects/${projectId}/databases/(default)/documents/${collectionPath}/${documentId}`;

// Make the Firestore document read request
fetch(firestoreEndpoint, {
  method: 'GET',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${accessToken}`,
  },
})
  .then(response => response.json())
  .then(data => {
    // The document data is available in the 'fields' property of the response
    const documentData = data.fields;
    console.log('Document Data:', documentData);
  })

The uri in the second print_debug matches what I am fetching in JS . The auth.idtoken is generated by the godot request. The only thing that I haven't tried yet is to reduce the number of warning messages I have such as "[Firebase] >> The value for databaseURL is not configured. If you are not planning to use it, ignore this message." I would expect that the error wouldn't be 403 if it was missing that URL

To Reproduce Steps to reproduce the behavior:

  1. Add GodotFirebase 4.x addon to a Godot project
  2. Create .env file an populate it with what is available in your firebase project (this step could be described in more details)
  3. Add the code snippet given above to a script file that you can execute in a scene
  4. Run the scene

Expected behavior A clear and concise description of what you expected to happen: "var document = await collection.get_doc("1") should not return an error"

Screenshots If applicable, add screenshots to help explain your problem.

Environment: OS: Ubuntu broswer: Fitefox (?) Godot: v.4.1 addon branch: 4.x

Additional context This is my first attempt to run Firestore with Godot, so I might be missing something basic.

WolfgangSenff commented 6 months ago

Can you show me a pic of your Firestore, like where the document exists and stuff? Don't need to see the url or anything like that, just the inner part, and no contents of the document. I assume since it's just "1" it's not important, but you never know! It is possible also that you do need permissions setup correctly in your Firestore - what do your Firestore rules look like?

thiscris commented 6 months ago

Hi @WolfgangSenff , thank you for your quick response. It is just a test database, so I can share some screenshots firestore-database

My rules are (will be made more strict after making it work)

rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
        allow get: if request.auth != null;
    }
  }
}

firebase-auth

I am not using "App Check" which is probably the only thing remaining in Frestore that could be missing. My thinking is that if I can simulate a get through the browser with a token received by Godot, then I should look in Godot.

WolfgangSenff commented 6 months ago

I can't recall exactly the circumstances, but last I remember, there was an error with that specific rules version with the REST API. But regardless of that, you may want to download our integration tester, found here: https://github.com/GodotNuts/GodotFirebaseTestHarness/tree/4.x (note the branch), and run the Firestore tests. It should help determine what's wrong, though if others were having the same issue, we would definitely have heard about it, so I suspect it's just whatever you have. If that doesn't work, try opening up the rules completely just for a minute to retest.

WolfgangSenff commented 6 months ago

Oh, obviously with the tester, you have to fill in your own info for the .env file.

thiscris commented 6 months ago

So after multiple attempts including with the tester project that you linked to, I found that the problem was using the word "get" instead of "read" in my rules as @WolfgangSenff suggested earlier. Strangely both the firestore rules playground and the js fetch test were able to work with the 'get' rule , but the addon not. I would close the bug if you are not interested in investigating further. Thank you very much for the support.

WolfgangSenff commented 6 months ago

That's pretty weird! I may ask the Firebase team to see if that's a known issue, because we don't do anything with the rules on our side.