Firebase Console Configuration - niklasgolf/unique-postcard GitHub Wiki

πŸ” Firebase Authentication & Firestore Configuration

This page documents how authentication and data security are implemented in the Unique Postcard app using Firebase.

πŸ”‘ Authentication Setup

I opened the Firebase Console, navigated to:

Build β†’ Authentication β†’ Sign-in method

Then configured the available providers. Only Google sign-in is enabled.

βœ… This setup ensures users must authenticate with their Google accounts.

πŸ”₯ Firestore Rules

In the Firebase Console, under:

Build β†’ Firestore Database β†’ Rules

I defined the security rules for accessing user data and postcards:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    // βœ… Allow reading user list
    match /users/{userEmail} {
      allow read: if request.auth != null;
      allow write: if request.auth.token.email == userEmail;
    }

    // βœ… Allow reading postcards for any user
    match /postcards/{userEmail}/postcards/{docId} {
      allow read: if request.auth != null;
      allow write, delete: if request.auth.token.email == userEmail;
    }
  }
}

πŸ”’ What These Rules Do:

  • βœ… Only authenticated users can read any data
  • βœ… Users can only write to their own users/{email} and postcards/{email}/postcards/{docId}
  • βœ… Any logged-in user can view public postcards from any user

βš™οΈ Firebase Configuration

To connect the app to Firebase, I created a Web App inside the Firebase Console and copied the generated config object into a local file.

This configuration authorizes communication with Firebase services including Authentication, Firestore, and Analytics.

The configuration looks like this:

const firebaseConfig = {
  apiKey: "######",
  authDomain: "unique-postcard.firebaseapp.com",
  projectId: "unique-postcard",
  storageBucket: "######",
  messagingSenderId: "######",
  appId: "######",
  measurementId: "######"
};

This configuration was saved in a file named:

firebase.js

It is used to:

  • Initialize Firebase
  • Enable Authentication
  • Access Firestore
  • Set up Analytics (optional)

πŸ” Note: Only authDomain and projectId are safe to leave visible in documentation.
Other keys are hidden here out of good habit, even though they are technically safe in frontend code.

πŸ‘‰ URL till Readme Tillbaka till fΓΆrstasidan