I am building an app with django and firebase. I have built my custom authentication system. And I need secure rules so that only people whom I have authenticated can read/write in the database or storage.
{
"rules": {
".read": true,
".write": true
}
}
These are my current rules, so is their a way to pass a token when I request(read or write on databse) which is first checked. Something like ->
{
"rules": {
".write": "isAuthorized == true",
".read": "isAuthorized == true"
}
}
And when making request to database like- db.child('test').get() I pass this isAuthorized bool
Any help is appreciated, or you can suggest changes.
If you are not using Firebase Authentication, then there's no way you can use security rules solely based on your authentication method. You would have to authenticate users using your way, grant them a custom token which can be generate using Admin SDK and then use that token to log them in through Firebase Auth. So technically you are using your way of authenticating users but also using Firebase Auth to log them into your web app.
The auth flow will be like:
signInWithCustomToken() method.If you don't want to implement this at all, then the only viable way is to disable direct access your database by setting the security rules to false and route all requests through your server. For each request, check if user is authorized to access the resource they are requesting manually and serve it.