12

I would like make writes to my Firebase data from a node.js server but deny all writes to any other client. Any other client should only be allowed read access. What is the best approach for this? Would I need to authenticate from node.js server with a special admin account and setup a security rule for that specific account or is there some better way to accomplish this? Thanks!

nomad
  • 1,699
  • 5
  • 21
  • 35
  • 15
    Use `".write": "auth.uid === "`. See [server guide](https://firebase.google.com/docs/database/server/start) and [service accounts](https://developers.google.com/identity/protocols/OAuth2ServiceAccount). – Kato May 25 '16 at 06:34
  • 3
    This quote rounded it out for me for the security rule examples below: "[_As an admin, the app has access to read and write all data, regardless of Security Rules_](https://firebase.google.com/docs/database/admin/start#authenticate-with-admin-privileges)" – toraritte Sep 01 '18 at 00:03

2 Answers2

7

In your node server use the Admin SDK to log in with service account

and in the database rules use this:

{
  "rules": {
    ".write": "false"
    ".read": "true",
  }
}
Shaytj
  • 71
  • 1
  • 5
  • 3
    By default Admin SDK get Editor's Role that means you can read and write data.You need to create different service account for Reader's role or update the role for the existing service account – Farmaan Elahi Mar 21 '18 at 05:35
  • For reference https://firebase.google.com/docs/database/admin/start#authenticate-with-admin-privileges – Farmaan Elahi Mar 21 '18 at 05:35
3

Just use firebase-admin on your server with a service account. It will have Administrative Privileges by default.

And for your rules, all you need is this:

{
  "rules": {
    ".read": true,
  }
}

or this if you only want logged in users to read

{
  "rules": {
    ".read": "auth !== null",
  }
}
ThadeuLuz
  • 902
  • 8
  • 12