Reputation: 171399
How to validate timestamp in Firebase?
In my chess app I use Firebase.ServerValue.TIMESTAMP to record the time of a move, e.g.:
{
from: 'e2',
to: 'e4',
playedAt: Firebase.ServerValue.TIMESTAMP
}
How could I validate that playedAt is Firebase.ServerValue.TIMESTAMP and not an arbitrary timestamp like 1408663907743?
I expected Firebase Security Rules to have a method like isTimestamp() that would work similarly to isNumber() and isString(), but I couldn't find one.
Upvotes: 3
Views: 2650
Answers (2)
Reputation: 2618
You can use now special keyword it is equal to epoch time (millisecond)
"playedAt": {
".validate": "newData.isNumber() && newData.val() === now"
}
If you are generating time from another source, you can convert it to millisecond and use something like this (10 - 20 second clock drift)
"playedAt": {
".validate": "newData.isNumber() && newData.val() - 10000 < now && newData.val() + 10000 > now"
}
Upvotes: 0
Reputation: 13954
Timestamps in Firebase, like the one that corresponds to the server side macro Firebase.ServerValue.TIMESTAMP are stored like any other number. No additional type information is stored that makes them special. So, isTimestamp() would be equivalent to isNumber().
If you'd like to further validate that the timestamp matches the current server time, see this related answer.
Upvotes: 7
Related Questions
- Timestamp validation Firestore
- Handling a time-stamp in Firebase
- Firebase data validation based on timestamps
- Firebase firestore timestamp based security rules
- How to work with Timestamps in Firestore Security Rules
- Firebase allow insertion within TimeStamp
- Timestamp calculations at Firebase server
- How to validate servertimestamp is less than a certain value in Firebase itself?
- How do you use security rules to prevent a user from faking Firebase.ServerValue.TIMESTAMP?
- Use TIMESTAMP in Firebase Security Rules