search

howdyai / botkit-storage-firebase

Firebase storage module for Botkit
http://howdy.ai/botkit
MIT License
34 stars 30 forks source link

How do I authenticate with firebase? #7

Open carlows opened 8 years ago

carlows commented 8 years ago

I tried this module with a default firebase security rule and I got Permission denied.

I had to set the rules to:

{
 "rules": {
   ".read": true,
   ".write": true
 }
}

to be able to use it. Am I missing something? How do I authenticate?

jonashaefele commented 7 years ago

I ran into the same issue...

Which is fine for testing but at least once real users chat with the bot any saved data should only be accessible by the user that saved it to make sure we don't leak any sensitive data.

I looked at the code and it seems like there's no way to authenticate a user yet... in my book it would be great if each user chatting with the bot gets their own user_id, something like slack_teamID_userID or messenger_FBuserID and get a custom Firebase Auth token signed with the app ID?

Any data saved in a chat session would be default be saved to something like ref.('user_data').child(user_id). This way we can set the permission on Firebase so that each user chatting with the bot gets their own secured storage.

And we could still use the team/users/channels refs to store general data that bot needs.

Is there already some implementation of this somewhere, or would you accept a PR?