search

polina-c / flutter-auth-ui

flutter-auth-ui is an authentication library for flutter web applications. It uses Firebase auth as security as a service (SECaaS) provider. It implements UI to register user, validate email, sign in, sign out, restore password, access firestore..
https://flatter-auth-ui-demo1.codemagic.app/#/
Apache License 2.0
57 stars 18 forks source link

Recommended database rule setting? #31

Closed MostHated closed 4 years ago

MostHated commented 4 years ago

Hello, Right now I have my furebase db rules setup as seen below, but I am not sure if this is considered sufficient, or what a more secure and typical example might look like that would work for a system like this.

I am wondering if anyone happens to have any sort of recommended database rule set for this/allowing a user to save data to their own "users" document? (/users/{userId})

Thanks, -MH

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.uid != null;
    }
  }
}
polina-c commented 4 years ago

Looks good for me. However, I am not security specialist. I recommend to post this question on stackoverflow, and tag with 'firestore' so that firebase security specialists get nitified.