Reputation: 17777
Enforcing user quota in Firebase
What is the best way to enforce per-user quota on data stored in Firebase?
My users will be able to create documents with a unique id on the following path:
/documents/id/contents
The id will be uniquely generated using a transaction. The id will be reserved by using a verification rule (contents.id == auth.id)
However how do I prevent a user from spamming the db (by randomly allocating ids to themselves)? Can I have a rule which counts the number of ids allocated to a user and rejects them if the count is too high?
Upvotes: 4
Views: 823
Answers (1)
Reputation: 10185
There's currently no good way to do this.
In some cases you could fully enumerate the children that are allowed to exist (child1, child2, etc), and grant read / write for each one. This won't work for large numbers though or for ids you don't know beforehand.
We do have plans to built features to restrict the number of allowed children and to provide other features to enforce quotas on users.
Upvotes: 1
Related Questions
- How can I set limit on the amount of storage that each user can upload to Firebase Storage?
- Security rule to limit storage space used in Firebase Storage?
- Firebase rate limiting in security rules?
- Limit the number of user in Firebase Realtime database
- How to limit the number of authenticated users with Firebase
- Limit concurrent logins by an authenciated user in Firebase
- Firebase - limit write to authorized user
- Firebase User Porperties quotas
- Firebase plans and usage quotas
- How to limit size of the data on the server side a user can fetch in Firebase?