Ilja Ilja -4 years ago 102
Node.js Question

Allowing write access only to Cloud Functions for Firebase

How can we secure database via the rules that only allow Cloud Functions for Firebase to write data to certain locations, previously there was an option to add uid to admin client

and use that uid in rules section, but now we initialise via
so I’m not to sure about how to add additional params in.

is it a good idea to initiate with certificate for this instead? i.e

credential: admin.credential.cert("/path-to-cert"),
databaseURL: "database-url",
databaseAuthVariableOverride: { uid: "some-id" }

What benefit does
have over above and where is
actually getting data from, isn't this just a node module?

Answer Source

Normally, at the top of your Cloud Functions code, you have:

var functions = require("firebase-functions");

As part of the firebase-functions node module, you have access to a functions.config().firebase which is just an object which has everything you need to initialize the Admin SDKs, including your Database URL and a credential implementation (based off of Application Default Credentials). If you console.log(functions.config().firebase) in your code, you will see it just is an object with these properties and a few other ones you may want to use in your code.

You can add databaseAuthVariableOverride to this object to limit the Admin SDK's privileges. You can just overwrite the object itself:

var firebaseConfig = functions.config().firebase;
firebaseConfig.databaseAuthVariableOverride = {
  uid: 'some-uid',
  foo: true,
  bar: false

Or you can use something like Object.assign() to copy the relevant details to a new object:

var firebaseConfig = Object.assign({
  databaseAuthVariableOverride: {
    uid: 'jacob',
    foo: true,
    bar: false
}, functions.config().firebase);
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download