Can I lock read and write operations from Firestore of client side? I want that only Firebase Cloud Functions can read and write in Firestore.
I was connect directly from client to Firestore but I want now the client can call only with back-end ( To make some condition and security ) server for avoiding hack data
It's quite simple, you have to deny all access as follows:
// Deny read/write access to all users under any conditions
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}
Since Cloud Functions interact with Firestore through the Admin SDK they completely bypass the Security Rules.