By - DiLocoNacho
Hi, firebase uses rules to prevent users from accessing things they shouldn't.
You can have a look at this article, I'm not the author.
3rd Bullet Point is talking about setting a rule for authenticated users.
// Only authenticated users can access/write data
“.read”: “auth != null”,
“.write”: “auth != null”
Here is the link, other bullet points are very interesting to see what you can do with this rules system.
Thanks for the replay and article! Do you have any experience with implementing this with Nuxt SSR? From what I have read so for, the what you mention is not possible?
No problem, happy to help. Where do you see that it's not possible? I'd like to read about it.
It should work, because the rules are on the firebase console side, not in your code. I use it without ssr, but I'm pretty sure you can with ssr on.
In the link above it says:
This does not authenticate the Firebase Client SDK on the server. While you will be able to know if a user is logged in or not and have access to its simplified properties, you won't be able to do authenticated calls on server-side.
This means that all calls on server-side (e.g. fetching data via Firestore in fetch-hooks), which are protected by security rules, will still fail with insufficient privileges.
Reason for this is that the Firebase JS SDK is a client-side library that is not built for authenticating multiple users. See steps 4 and 5 for an experimental approach to solve this issue.
I see, sorry about that.
You can still authenticate your user and do requests from the client side once you're authenticated. Do not use the fetch() hook, since the doc says you won't be authenticated and it request will fail. You can only do requests where you are authenticated ( the client side).
So do you think that writing to the RTDB will work?
Yeah, because you're authenticated client side,
And also, I think otherwise this plugin nuxt/firebase would be totally useless with ssr if you can't perform a single read or write.
So, make a method that makes an axios call to your firebase RTBD. If you're authenticated it should work.
I use nuxt/firebase daily, and I love it, but not nuxt SSR.