Search code examples
javascriptfirebasegoogle-cloud-firestorefirebase-authenticationfirebase-security

Can you access firestore client-side without firebase auth?

I have a counter in my react front-end that I want to display a document value from my firestore database. However, I can't seem to access the firestore data, the code below results in the following error:

Navbar.js (client-side code)

import { db, app, functions } from "./firebase";
import { getFunctions, httpsCallable } from "firebase/functions";
import { Link } from "react-router-dom";
import "../App.css";
import React, { useState } from "react";
import {
  getFirestore,
  collection,
  doc,
  getDocs,
  onSnapshot,
  getDocFromCache,
} from "firebase/firestore";


async function checker() {
  const querySnap = await getDocs(collection(db, "Count")); //Count is collections name
  querySnap.forEach((doc) => {
    console.log(doc.id, " => ", doc.data());
  });
}

Error Message

Navbar.js:28 Uncaught (in promise) FirebaseError: Missing or insufficient permissions.

I haven't implemented any firebase auth (although feels like I will need to implement before deploying), and I have tried adjusting my firestore rules (shown below, although I know they are too vulnerable).

firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
    }
  }
}

My goals are:

  1. Make a successful read of firestore data
  2. Adust security rules to be more secure
  3. Figure out if auth is necessary to add based on my needs here

Would appreciate any and all advice, I am still new to firebase.

Here is my config file if that is helpful?

firebase.js (in same directory as Navbar.js)

import { initializeApp } from 'firebase/app';
import { getFunctions, connectFunctionsEmulator } from 'firebase/functions';
import { getAnalytics } from "firebase/analytics";
import { getFirestore, collection, getDocs } from 'firebase/firestore';
import {getAuth} from "firebase/auth";


const firebaseConfig = {
  apiKey: //Hiding my data for this post
  authDomain: 
  projectId: 
  storageBucket: 
  messagingSenderId: 
  appId: 
  measurementId: 
};

const app = initializeApp(firebaseConfig);
export const functions = getFunctions(app);
export const db = getFirestore(app);
export const analytics = getAnalytics(app);


export default {app, db, analytics, functions};
Solution

  • Based on your preferred requirements, I would suggest using custom security rules(data validation) if you want to use specific rules in accessing a specific document/collection.

    You can check the sample Firestore rules below wherein it does not require authentication as long as the collection matches the value of the field.

    service cloud.firestore {
  match /databases/{database}/documents {
    // Allow the user to read data if the document has the 'visibility'
    // field set to 'public'
    match /cities/{city} {
      allow read: if resource.data.visibility == 'public';
    }
  }
}

    Let me know if you have questions or clarifications.