data.val().unique()
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/f0b93be2-35a6-43dd-86bd-f88a87dfaa3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
"profiles": {
".read": true,
".write": "auth !== null",
"$uid": {
"username": {
".validate": "data.unique()"
}
}
}
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
while basicly every database out there has some kind of "uniqueness" flag in their schema.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/361e5966-3d18-4572-90f2-b03fca886bad%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/361e5966-3d18-4572-90f2-b03fca886bad%40googlegroups.com.
Well, if simple is the goal, using Functions can make this very straightforward:
// Listens for changes to /users/<user id>/username and stores them in an index
// for testing uniqueness
exports.indexUsernames = functions.database.ref('/users/{userId}/username')
.onWrite(event => {
// Grab the current username written to the /users path
const username = event.data.val();
const uid = event.params.userId;
// store it in the index
const indexRef = event.data.adminRef.parent.parent.parent.child('username_index').child(username);
return indexRef.set(uid);
});
Now my security rules can simply consist of something like this, depending on your specific needs:
"users": {
"$userid": {
"username": {
".validate": "newData.val() === data.val() || !root.child('username_index').child(newData.val()).exists()"
}
}
}
You may also want to consider how much effort you need to put into perfection here. There’s a lot you can do to enforce username uniqueness and most of it’s unnecessary unless there’s actual benefit to gaming the system (i.e. it’s Twitter or Candy Crush).
If you’re in need of more and really determined to make this a production, you can add the following to make sure people can’t write multiple usernames, based on Jacob’s rules:
"users": {
"$userid": {
"username": {
// I cannot change my username, preventing me from creating multiple usernames in the db
".validate": "newData.val() === data.val() || (!data.exists() && !root.child('username_index').child(newData.val()).exists())"
}
}
}
"username_index": {
"$username": {
// I can only write my own username to the index
".validate": "root.child("users").child(auth.uid).child('username').val() === $username && newData.val() === auth.uid"
}
}
Hopefully you can work the rest out from here.
☼, Kato
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/5973444d-9461-4cfc-a967-047b5db93f28%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/5973444d-9461-4cfc-a967-047b5db93f28%40googlegroups.com.
> Are you certain your solution is not prone to race conditions though?Since the username can only be set once, according to the rules example I provided, and the function only triggers after it is written, not sure what you mean by race conditions.
> Also, with regards to locking things down further, I'm hoping to find a solution that allows people to change their username as well, so long as it's unique.I think you need to pick one. They can have multiple usernames or they can't. Also, what happens after I change a username? Does the old one become available for others to use? If so, spoofing is a problem here. This gets very complex, very quickly. Allow multiples or prevent creating multiples, but don't attempt both unless you have some specific, highly proprietary needs here.But yes, you could do something like allow them a certain number of usernames and track how many they've created, or even doing a rolling window and allow them based on time period. All possible, some assembly required. Well, lots of assembly.
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/e79244c7-07b1-454f-9968-2c9e17472a9d%40googlegroups.com.