Need a better rule for Firebase Realtime database

Question

[Firebase] Client access to your Realtime Database '---------------' expired 7 day(s) ago

You chose to start developing in Test Mode, which left your Realtime Database instance completely open to the Internet. Because this choice made your app vulnerable to attackers, your database security rules were configured to stop allowing requests after the first 30 days. Starting 7 day(s) ago, all client requests to your Realtime Database instance have been denied and will continue to be denied until security rules are updated. Analysis is run daily; if you've modified your rules in the last 24 hours those changes may not be accounted for.

I am still developing my app and this email shows up....can you please suggest a better rule..my app contains user log in and registration and reseting name, passowrd, email..

Answer 1

If you want anyone to be able to read your database but only logged users to write, you can use this:

{
  "rules": {
    ".read": true,
    ".write": "$user_id === auth.uid"
  }
}

where $user_id comes from your user json. This variable doesnt need to be called $user_id. It can be any variable from your user json. ex:

"users" : 
    {
        "user_id":
        {
            "name":"John Doe",
            "email":"email@example.com",
        }
    } 

If you prefer to have your database read only, you can use this:

{
  "rules": {
    ".read": true,
    ".write": false
  }
}

You can read more in Database Security Rules.