This is not a full proof way to validate but it will ensure that only a specific UID can. Make sure that you install via Bower angular-local-storage
- Link it in the HTML
- Add
'LocalStorageModule'
to your App (dependency)- Pass
'localStorageService'
to any controllers that need to get the user- set
let currentUser = localStorageService.get("currentUser");
in the controller.
- Local Storage is used to cache the user locally since Firebase does not keep them logged in on a refresh
My rules copied from Firebase.
{
"rules": {
".read": true,
"post": {
".indexOn": "date",
"$post": {
".write": "auth.uid !== null && newData.child('uid').val() == 'SUPER_SECRET_KEY' || data.child('uid').val() == 'SUPER_SECRET_KEY'"
}
},
"users": {
".indexOn": "uid",
"$uid": {
}
}
}
}
The first issue we will tackle is "auth.uid !== null"
This is very simple form of auth, but it will ensure a user is logged in.
- In the factory that you are making a post/put add the following.
'localStorageService'
as an argument to the factorylet currentUser = localStorageService.get("currentUser")
in the factory- In the post function
let accessToken = currentUser.stsTokenManager.accessToken
(This needs to be in each post as the access token has a timer / changes)- In the http request you will need to add
?auth=${accessToken}
. Here is what my string looks like relative to my data$http.post(`${FirebaseURL}post.json?auth=${accessToken}`
* I am using $http.post as my intial (newData) post to Firebase.
The UID check is relatively simple. You can set your uid to the object by referrencing the currentUser
we defined earlier.
- In the data you are posting to firebase be sure to include
uid: currentUser.uid
- In the data you are "putting" also make sure it includes a
uid: currentUser.uid