Skip to content

Instantly share code, notes, and snippets.

@katowulf

katowulf/rules.js

Created Mar 3, 2016
Embed
What would you like to do?
Search for users by email address in Firebase, without exposing everyone's email address to the world in a bulk-readable format.
{
"rules": {
"users": {
"$user_id": {
// email address is required
".validate": "newData.hasChildren(['email'])",
}
},
"emails_to_users": {
// I can't list or search the emails_to_users/ path
"$email_escaped": {
// I can check any email address I already know to find the user id
".read": true,
// I can only change my own email entry and it must match my user entry
".write": "!data.exists() && data.val() === auth.uid && root.child('users/' + data.val() + '/email').val().replace('.', '%2E') === $email_escaped"
}
}
}
}
function uidForEmail(email) {
return new Promise(function(resolve, reject) {
ref.child('emails_to_users/' + escapeEmail(email)).once('value', function(snap) {
resolve(snap.val());
}, reject);
});
}
function escapeEmail(email) {
return email.replace('.', '%20');
}
// try it out!
uidForEmail('katowulf@acme.not.real').then(function(uid) {
console.log('uid for katowulf', uid || '<does not exist>');
}, console.error);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment