Firebase matters

Firebase Auth sample

• YouTube Flutter Web - Firebase Authentication for your web apps. Github link used in this video.

Firebase Auth articles

• Cross-Origin Resource Sharing (CORS) article, Do you really know CORS?.
• Using function api- How to Build a Role-based API with Firebase Authentication, sources in github.
• Controlling Data Access Using Firebase Auth Custom Claims (Firecasts)

Email link sign in

• Article Firebase Email Link Authentication.
• Article Working with Firebase Dynamic links.
• We have to whitelist dynamic link domain, article Firebase says “Domain not whitelisted” for a link that is whitelisted

Google sign in

Enable the google sign-in in the authentication tab in firebase console for the project. In the enable dialog, expand the web SDK config. Copy the Web client ID and save setting. Lets say this value is somerandomstuff.apps.googleusercontent.com. Now copy the client ID value into the web/index.html file in a meta tag.

<head>
  ...
  <meta name="google-signin-client_id" content="somerandomstuff.apps.googleusercontent.com" />
  ...
  <title>my awesome pwa app</title>
  <link rel="manifest" href="/manifest.json">
  ...
</head>

Stack Overflow

• Google api problem Firebase: 403 PERMISSION_DENIED

Firebase security videos

• Security Rules
• Firebase Database Rules Tutorial
• Youtube Firestore Security Rules - How to Hack a Firebase App
• Firestore Rules Testing with the Emulator - New Feature
• Security Rules! 🔑 | Get to Know Cloud Firestore #6

Firebase database rule generator

• bolt

Cloud Firestore rule generator

• fireward

Firestore

• Firestore Security Rules Cookbook

firestore rules common functions

service cloud.firestore {
  match /databases/{database}/documents {

    function isSignedIn() {
      return request.auth != null;
    }
    function emailVerified() {
      return request.auth.token.email_verified;
    }
    function userExists() {
      return exists(/databases/$(database)/documents/users/$(request.auth.uid));
    }

    // [READ] Data that exists on the Firestore document
    function existingData() {
      return resource.data;
    }
    // [WRITE] Data that is sent to a Firestore document
    function incomingData() {
      return request.resource.data;
    }

    // Does the logged-in user match the requested userId?
    function isUser(userId) {
      return request.auth.uid == userId;
    }

    // Fetch a user from Firestore
    function getUserData() {
      return get(/databases/$(database)/documents/accounts/$(request.auth.uid)).data
    }

    // Fetch a user-specific field from Firestore
    function userEmail(userId) {
      return get(/databases/$(database)/documents/users/$(userId)).data.email;
    }


    // example application for functions
    match /orders/{orderId} {
      allow create: if isSignedIn() && emailVerified() && isUser(incomingData().userId);
      allow read, list, update, delete: if isSignedIn() && isUser(existingData().userId);
    }

  }
}

firestore rules data validation

function isValidProduct() {
  return incomingData().price > 10 && 
         incomingData().name.size() < 50 &&
         incomingData().category in ['widgets', 'things'] &&
         existingData().locked == false && 
         getUserData().admin == true
}