Firebase security rule - Githubissues

colinhacks / next-firebase-ssr

An Next.js example repo for building authenticated pages with Firebase Authentication, cookies, and getServerSideProps

https://vriad.com/essays/nextjs-firebase-authentication

424 stars 61 forks source link

Firebase security rule #13

Closed zipengyang closed 3 years ago

zipengyang commented 3 years ago

Thanks a lot for sharing this approach! When fetching data from firebase, it works fine without security rule applies, but got stuck when login required, like this: request.auth != null.

colinhacks commented 3 years ago

Without more information I'm not sure what the problem is.

DiegoMcDipster commented 3 years ago

That sounds like an issue i'm having fetching data in getServerSideProps.

I'm able to retrieve data no problem if the permissions on the firebase realtime database are: "rules": { ".read": true, ".write": true }

If however the permission on the realtime database are: { "rules": { ".read": "auth.uid != null", ".write": "auth.uid != null" } }

I get a permission denied message.

Any tips on how to solve this, so that i don't have to leave the database open to the world?

colinhacks commented 3 years ago

getServerSideProps is executed in the server environment, not the client. The Firebase JS SDK is only meant to run on the client, as it integrated tightly with Firebase auth and can automatically detects the currently signed in user. If you want to query Firebase from your server you should be using the Firebase Admin SDK: https://firebase.google.com/docs/admin/setup

To summarize:

to run queries from the client: Firebase JS SDK
to run queries from the server (e.g. in getServerSideProps): Firebase Admin SDK

DiegoMcDipster commented 3 years ago

Thanks @colinhacks ! OK. That makes sense. I can't however get the data fetch to work. I am a noob, so could you help me out and give an example of how you would fetch the data in getServerSideProps please?

So, on authenticated.tsx you wrote: // the user is authenticated! // FETCH STUFF HERE

I went to the documtation (https://firebase.google.com/docs/database/admin/start) and to read data i need to do: var db = firebaseAdmin.database(); var ref = db.ref("blah/blah");

However, i get the error " FirebaseError: Can't determine Firebase Database URL.". Which made me think that the server doesn't see that the app is initialised.
When i do initialize it again i get an error that it's already initialised. So, i seem to be a bit stuck whichever way i go and i'm pretty sure that is a noob mistake i'm making.

Some sample code here, would really help me out.