How to set firebase rules when I use user email as the unique ID?

1
votes

I'm working on an app using Ionic Framework and Firebase. I have the following data structure on Firebase:

Users {
  mary@fb,com: {
    Group: {
      group123: {
        Contacts: {[email protected], [email protected], etc. }
      }
      group456: {
        Contacts: {[email protected], [email protected], etc. }
      }
    }
  }
  [email protected]: {}
  [email protected]: {}
  etc.
}

Users on the app can create groups and invite their friends to a group.

I'm trying to figure out how to give "[email protected]", "[email protected]" etc. access to the path Users/mary@fb,com/Group/group123 using Firebase rules. I'm also having trouble giving mary@fb,com permissions to read and write. How do I use rules like below for using a custom Unique ID like the the User's email?

{
  "rules": {
    "Users": {
      "$user_id": {
        ".read": "$user_id === auth.uid",
        ".write": "$user_id === auth.uid"
      }
    }
  }
}
1
firebasefirebase-security

1 Answers

3
votes

Circumventing use of the user's auth uid as the unique identifier should be discouraged and probably is only going to make you sad. I'd rethink this approach and encourage others not to follow suit.

Assuming you can't avoid this, then the following will be necessary:

  • implement your own auth schema
  • sign your own tokens
  • include email as part of the token data or, depending on your use case (it helps a great deal to share this in the question, see XY Problem) maybe just use an escaped email as the uid
  • refer to auth.email in place of auth.uid in your security rules

Thus, in a server/node/etc script:

// after some auth process to verify 
// the user and obtain the email
var FirebaseTokenGenerator = require("firebase-token-generator");
var tokenGenerator = new FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
var token = tokenGenerator.createToken({uid: uniqueIdOrMaybeEscapedEmail, email: escapedEmailAddress});

And in your rules:

".read": "$user_id === auth.email",