Reputation: 1
How we set the header values as a authentication in cloud firestore
I have applied the rule in firebase. having added one user in firestore auth and changed rule accordingly.My custom firestore rule is
match /{document=**} {
allow read, write :if request.auth == 'Here user values will add';
From my nestjs code have been added the user as a header in controller class and pash this vales to service layer but when passing this values in our firebase service class this is my below code in firebase service class.
Below is my controller class
@Get('/list')
async getDocumentList(@Headers('user') user: string): Promise<any> {
console.log("controller"+user);
try {
return await this.incidentService.getIncidentList(user);
} catch (e) {
throw new HttpException(e.message, HttpStatus.BAD_REQUEST);
}
}
and firestore service class is :-
async getDocumentList(collectionName: string,user ): Promise<any> {
console.log(user);
const docSnapshot = await firestore().collection(collectionName).get();
const docList = [];
docSnapshot.forEach(doc => {
docList.push(doc.data());
});
return docList;
}
I want to know How I will pass/notify or make condition the user values to firestore so that's make this user values as a admin and apply rule based on this values ?
what will be code in our firestore service class ?
Upvotes: 0
Views: 1813
Answers (1)
Reputation: 599551
The only information that is passed from your read request to the Firestore security rules is:
- The path (and or query) that is being requested.
- The current auth object from the client, including any information that's in its ID token.
You cannot pass other information along and expect that to show up in the security rules.
So if you want to mark specific users as application administrators and give them specific access in your security rules based on that, you will have to embed that information in one of the above items.
The typical approach is to either add this information as a custom claim to the ID token, or to store it in the database itself and look it up based on the UID.
Upvotes: 1
Related Questions
- Can't see value of request headers in firebase?
- how to add bearer token to header get collection data using Angular firebase?
- How to add Auth Custom claims
- Firestore REST API make authenticated request with http-client
- How do I provide auth data for Firebase Firestore rest api call
- Angular + Firebase Firestore authentication
- Pass user auth to Firestore from Cloud functions
- How to authenticate user to Firestore Go SDK?
- Cloud Firestore with Authentication
- Cloud Firestore: setting security rule based on authentication