Firebase Authentication Moralis Extension firestore.rules

junkseeker · May 3, 2023, 2:33pm

I have authenticated Firebase through the Moralis extension. How do I get the user’s wallet address in the firestore.rules? I want to limit users to only modify their own document (defined by the lower case of their wallet address) in the users collection. Here’s my code snippet

match /users/{userId}/{document=**} {
allow read: if true;
allow write: if request.auth != null && request.auth.token.name.toLowerCase() == userId;
}.

But it doesn’t work. The error I encounter is not sufficient permission when I try to write to the collection. The error is at request.auth.token.name.toLowerCase() == userId

Any help is much appreciated.

error_undefined · April 30, 2023, 5:26pm

I ran into a similar issue in a different firebase related matter ages ago. I need the users wallet address which was stored in a user entry in my users collection.

Each entry has its own unique id but its always random on creation there was no way that i could see to have a users id be predetermined that way you could kust have there wallet address be there doc id and use this to access your user as you already know thete wallet address from the client

So what you can do if your using react or next is make a state variable called encryptedId or something and when u have query uswr by their wallet address and fetch their doc you can set this state variable to theor doc Id and have access to it on ypur client for whenever u need it for different queries etc.

This worked for my situation at the time. I do t use firebase have used it in ages so not the most familiar with it and bot sure if this trick can work for your situation but might be worth a try

saifi · May 2, 2023, 11:07am

Firebase Authentication and Moralis are both popular solutions for building authentication systems in web and mobile applications. Firebase Authentication is a comprehensive authentication service provided by Google, while Moralis is a blockchain-based backend solution that offers a range of features including authentication.

One advantage of Firebase Authentication is its ease of use and integration with other Firebase services. It provides a variety of authentication methods including email and password, phone number, and social media logins. It also offers user management and security features like two-factor authentication and account verification.

junkseeker · May 3, 2023, 2:22pm

@johnversus, hi john, just curious if you could share some insights on this topic?

johnversus · May 3, 2023, 4:18pm

Hi @junkseeker

Here is an working example of rules from one of my old code that lets the user to read or update only his data. Hope this helps.

match /cryptoUsers/{cryptoUser} {
    
    allow delete: if false;
    
    allow list: if request.auth != null && resource.data.profileId == request.auth.uid;

    // My database collection has users profiled value so I am using resource.data.profileId for comparing with uid
    allow read, update: if request.auth != null && resource.data != null && resource.data.profileId == request.auth.uid;

    allow create: if request.auth.uid != null;
}

junkseeker · May 3, 2023, 4:39pm

Extremely helpful as always. Appreciate it!