What does $uid and auth.uid stand for?

Question

Was going through some articles for understanding Rules & Permissions in Firebase and then came across conditions like this, for write operation :

{
  "rules": {
    "users": {
      "$uid": {
        ".write": "$uid === auth.uid"
      }
    }
  }
}

I went with an understanding that $uid stands for Users Push ID and it applies to all dynamic ID's that are generated for Users node.

Then saw this rule else were :

{
  "rules": {
    "articles": {
      "$article": {
        "title": {
                  ".write": "auth != null",
                  ".validate": "newData.isString() && newData.val() != ''"
        }
      }
    }
  }
}

If $article stands for Push ID for articles node then Push ID for users node also should have been $user. Isn't it? What is the standard naming convention for declaring Push ID, when configuring rules, so that Firebase parses/understands them correctly.

Lastly, what does auth.uid stands for?

Answer 1

Lets start with auth.uid, this stands for the uid of the authenticated user. Next up are $user and $article, these wildcard paths so they can be anything, not only push id's. Check out the docs for more info.

In your first example $uid is a wildcard for user id's. And with the write rule you check that the authenticated user can only write to his own location so it will be something like this (using names instead of uid's for clarity):

"users" : {
    "Henk": {//Only Henk can write here
    },
    "John": {//Only John can write here
    }
}

As for naming of wildcard paths there is no convention as far as i know. Personally i use descriptive names so i know what it is. Always $uid when using the users uid as a path and for the rest something like $objectID for object id's. (These can be push generated or something homebrew)

For the rest I suggest you take some time to read all the docs about security rules.