I'm using Firebase right now on quickerquestions.com, but I've run into many problems. Have you had any success implementing a complex security policy for Firestore that does authorization well?
Basically you have two options to implement complex authorizations while staying within Firebase serverless realm:
1) Use callable/HTTPS Cloud Functions to write data to your database and do all checks there + forbid any client writes using Security Rules
2) Optimistically allow client writes with minimal checks using Security Rules + validate and correct data using background triggered Cloud Functions.
I'm using Firebase right now on quickerquestions.com, but I've run into many problems. Have you had any success implementing a complex security policy for Firestore that does authorization well?
Yes, when pairing with another nodejs
dev.to/emeka/securing-your-express...
Thanks! I'm building with node right now so this is perfect.
Yeah I'm in the middle of building an implementation based off this article. It's really working out
Basically you have two options to implement complex authorizations while staying within Firebase serverless realm:
1) Use callable/HTTPS Cloud Functions to write data to your database and do all checks there + forbid any client writes using Security Rules
2) Optimistically allow client writes with minimal checks using Security Rules + validate and correct data using background triggered Cloud Functions.
There is a good post about these patterns: Patterns for security with Firebase: combine rules with Cloud Functions for more flexibility