Security rules: check for null auth

Question

Security rules: check for null auth

For each security rule, always check auth! == null? It seems redundant to do this for every rule for children.

I checked my own Firechat Firebase security rules and enforcement is not compatible. There are rules that use auth.uid but do not check the null auth value.

What happens if auth is null and auth.uid is used in the rule?

And what is the recommended practice of checking auth! == null?

+4

firebase firebase-database firebase-security

Norman cheng Dec 02 '15 at 1:19

source share

1 answer

David East · Accepted Answer · 2015-12-02T02:02:35+0000

auth !== null, , .

auth.uid == $uid, , , . auth == null && auth.uid != $uid, auth.uid == $uid false, auth null. , .

, auth != null , auth.uid != null , .

.

Bolt, .

, . Bolt.

Bolt Firebase. . , .

I Bolt. , , , Bolt.

isCurrentUser(uid) = auth != null && auth.uid == uid;
isAuthenticated() = auth != null

path /users/$uid {
  read() = isAuthenticated() // any authenticated user can read 
  write() = isCurrentUser($uid); 
}

isCurrentUser() . .

Security rules: check for null auth

More articles: