writing Firebase rules

Question

I am a novice using Firebase for first time and received an email regarding my information in database is completely open in internet and vulnerable to attackers and need to write a rule. But the rule I have published is not what I am after. I am after a strong Security Rules that allow my app to function while appropriately protecting my data. Any advice and preferably a code to copy paste to rules is highly appreciated.

I am a novice coder and have no idea how to write Common Expression Language (CEL) code. I read how to write the rules and copy pasted a sample rule and published.

Answer 1

You can start simple in the beginning for example to lock user to write or read or both only when they are logged. It should look like something like this:

 service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
     }
   }
 }

More advance is if you have store UID in firebase then you can lock the user only to view documents which they created, should look something like this:

service cloud.firestore {
  match /databases/{database}/documents {
    // Allow only authenticated content owners access
    match /some_collection/{userId}/{documents=**} {
      allow read, write: if request.auth != null && request.auth.uid == userId
    }
  }
}

You can check more options both beginner and advance rules here: https://firebase.google.com/docs/rules/basics