Home Android & Kotlin Books Saving Data on Android

19
Securing Data in Cloud Firestore Written by Dean Djermanović

Heads up... You're reading this book for free, with parts of this chapter shown beyond this point as scrambled text.

You can unlock the rest of this book, and our entire catalogue of books and videos, with a raywenderlich.com Professional subscription.

In the previous chapters, you implemented all of the features to the WhatsUp app except the most important one. You haven’t implemented any security rules, which means anyone has access to your data.

In this chapter, you’ll learn what security rules in Cloud Firestore are and how to add them to your database to make your data safe.

What are security rules?

To set up your own security system you’d need to set up your own server that acts as a proxy between your mobile clients and the remote database. That server would need to process all of the requests that are sent to the database and make sure that the client is accessing only the data that it is allowed to see.

Security rules handle security for you. You don’t need to set up your own security system.

How security rules work?

Security rules check the requests that are coming to the database and lets through those that satisfy the criteria and reject the ones that don’t. So for example, if your database only allows writing data to the authenticated client and an unauthenticated user tries to write something to the database, then that request would be rejected.

Getting started

To see how the security rules look like open your Firestore database in the console. You’ll see Rules tab at the top. Click on it. Then click on the Simulator icon to expand the simulator window:

match /databases/{database}/documents
match /{document=**} {
      ...
}
/databases/{database}/documents/posts/{postId}
match /databases/{database}/documents {
    match posts/{postId} {
      ...
    }
}
match /databases/{database}/documents
match /databases/{database}/documents {
    match posts/{postId} {
      match subcollection/{documentId} {
          ...
      }
    }
}

Adding security rules

Your WhatsUp app is still not safe. You’ll add security rules next to restrict the access to data. Open Firestore database in the Firebase console and click on the Rules tab. Add the following rule:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.uid != null;
    }
  }
}

Testing the security rules

You have already seen a Simulator window in the Firebase console. This is a nice feature that Firestore provides that you can use to test your rules.

posts/0gbGvf23YT2xhRpcMxqt

Key points

  • Security rules check the requests that are coming to the database and lets through those that satisfy the criteria and reject the ones that don’t.
  • Security rules consist of two things: 1. Specifying which documents you are securing; 2. What logic you’re using to secure them.
  • In the Rules tab in the Firebase console, you can see your current security configuration.
  • match statement specifies the path to the document.
  • allow expression specifies when the writing or reading the data is allowed.
  • Security rules in Cloud Firestore do not cascade.
  • Cloud Firestore provides Simulator feature that you can use to test your rules.

Where to go from here?

In this chapter, you learned the basics of the Cloud Firestore’s Security rules. Your WhatsUp app now only allows authenticated users to access the data.

Have a technical question? Want to report a bug? You can ask questions and report bugs to the book authors in our official book forum here.

Have feedback to share about the online reading experience? If you have feedback about the UI, UX, highlighting, or other features of our online readers, you can send them to the design team with the form below:

© 2021 Razeware LLC

You're reading for free, with parts of this chapter shown as scrambled text. Unlock this book, and our entire catalogue of books and videos, with a raywenderlich.com Professional subscription.

Unlock Now

To highlight or take notes, you’ll need to own this book in a subscription or purchased by itself.