Firebase Security rules for an app with multiple chat rooms -


i having trouble imagining security rules application looks this:

  • one firebase multiple chatrooms.
  • a moderator authenticates via separate php application.
  • moderators have permission modify own chat room, can read, write, update, , delete within chat room.
  • guests arrive , authenticate via separate php application.
  • guests have read , write access, may not delete anything.

my questions right these:

  1. is possible configure rules meet these requirements? or there requirements cannot possibly met?

  2. to extent php server have communicate firebase, in notifying firebase of existence of users?

first of all, check out gist, example worked time ago multiple chat rooms.

  1. yes. it's possible.
  2. php server? don't need no server! :)

the data structure follows:

# chats equal "rooms" /chats/chat_id/users/...  # timestamp of when each participant last viewed room /chats/chat_id/last/...   # messages sent /chats/chat_id/messages/...

the security rules self documenting. here's local copy referential integrity.

{   "chat": {      // list of chats may not listed (no .read permissions here)       // chat conversation      "$key": {           // if chat hasn't been created yet, allow read there way           // check , create it; if exists, authenticated           // user (specified auth.account) must in $key/users         ".read": "auth != null && (!data.exists() || data.child('users').haschild(auth.account))",          // list of users authorized participate in chat         "users": {            // if list doesn't exist, can create            // if exists, users in list may modify            ".write": "!data.exists() || data.haschild(auth.account)",            "$acc": {               // value 1, later read/write/super privilege               ".validate": "newdata.isnumber()"            }         },          // timestamps recording last time each user has read chat         "last": {            "$acc": {               // may written authenticated user , if user in $key/users               ".write": "$acc === auth.account && root.child('chat/'+$key+'/users').haschild($acc)",               ".validate": "newdata.isnumber()"            }         },          "messages": {            "$msg": {               // write message, must have 3 fields (usr, ts, , msg)               // , person writing must in $key/users               ".write": "root.child('chat/'+$key+'/users').haschild(auth.account)",               ".validate":"newdata.haschildren(['ts', 'usr', 'msg'])",               "usr": {                  // may create messages myself                  ".validate": "newdata.val() === auth.account"               },               "msg": {                  ".validate": "newdata.isstring()"               },               "ts": {                  ".validate": "newdata.isnumber()"               }            }         }      }   }  }

a moderator authenticates via separate php application. use custom login module create firebase token admins. apply security rules according data store in token.

moderators have permission modify own chat room... should pretty self explanatory extending user permissions above.

guests arrive , authenticate via separate php application. use custom login module create firebase token admins. apply security rules according data store in token.

(or scrap php app , use firebase's baked in authentication!)

guests have read , write access, may not delete anything. use newdata.exists() or newdata.haschildren(...) inside ".write" rule prevent deletion.

guests cannot spoof other guests. authentication tokens prevent this


Comments

Post a Comment

Popular posts from this blog

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

vb.net - Virtual Keyboard commands -

i wondering difference between virtual these keyboard commands is: keyeventf_extendedkey , keyeventf_keyup is. everywhere have looked gives me description based off integers , not want know each of them does. you've tagged question vb.net, these have nothing @ vb.net. they're constants defined in windows header files, use win32 api functions. as far difference, can't tell looking @ values. individual values not particularly important, that's why named identifiers used. what's important used , documentation functions tells mean. the first one, keyeventf_extendedkey , used keybdinput structure (which used along e.g. sendinput function) pass information synthesized keyboard input. if flag used, means scan code should interpreted extended key. technically, means scan code preceded prefix byte value 224 (&he0 in hexadecimal notation). the second one, keyeventf_keyup , 1 of flags available use structure. means key being released (going up)...
Read more

c++ - End of file on pipe magic during open -

i have c++ application in starting process(wireshark) following. if (fp == null){ fp = popen(processpath, "r"); //processpath process want start if (!fp){ throw std::invalid_argument("cannot start process"); } fprintf(fp, d_msg);//d_msg input want provide process } else if(fp != null){ fprintf(fp, d_msg); } the problem when execute c++ application, start wireshark error end of file on pipe magic during open what should avoid that? also tried using mkfifo create named pipe , execute it. used this: if (fp == null){ system("mkfifo /tmp/mine.pcap"); fp = popen("wireshark -k -i /tmp/mine.pcap", "r"); if (!fp){ dout << "cannot start wireshark"<<std::endl; throw std::invalid_argument("cannot start wireshark"); } input = fopen("/tmp/mine.pcap", "wb"); fprintf(input , d_msg); fclose(input)...
Read more