Firebase Security Prevent Save Data From Other User

Question

I got firebase database structure like this:

database
   - chat
        -user1
             -user2
                -chat1
                   -message : a
        -user2
             -user1
                -chat1
                   -message : a
             -user3
                -chat1
                   -message : a
         -user3
             -user2
                -chat1
                   -message : a

The question is, how do I prevent user (in case user1) to write chat message to user2 from user3.

example:

Im user1 with javascript command

firebase.database().ref("chat/user2/user3/chat2").set({
     message: "HAHA"
});

Command above said that me as user1 to write new chat for user2 from user3 with message "HAHA". I want to prevent this case with firebase rules. can someone help me how to write the rules and sign in method should I use?

Thank You.

Frank van Puffelen Frank van Puffelen · Accepted Answer · 2016-08-11T18:34:49

It looks like you have a structure as follows:

chats
    $recipientUid
        $senderUid
            $chatMessageId

Securing that only the sender can write would be:

{
  "rules": {
    "chat": {
      "$recipientUid": {
        "$senderUid": {
          ".write": "auth.uid == $senderUid"
        }
      }
    }
  }
}

It is more common to store the messages between specific users in a chat-room like structure though. See Best way to manage Chat channels in Firebase

Firebase Security Prevent Save Data From Other User

2 Answers