apiKey

authDomain

databaseURL

projectId

storageBucket

messagingSenderId

appId

Gain insights into creating and launching full-stack web applications swiftly using Firebase. Learn about Firebase Authentication, Cloud Firestore, Firebase Storage, and Firebase Hosting through hands-on projects.

firebase.tar.gz

RunFirebaseDeploy

In this course, you will learn how to create and launch applications extremely quickly using Firebase. Firebase is a suite of cloud-based services designed to satisfy common developer needs. Known as a BaaS (Back-end as a Service) you get all the benefits of a back-end without the complications of setting one up from scratch. Once you learn how to leverage its services, you are going to exponentially decrease development time. 

During the course, you will build four applications using Firebase. Each app is designed to teach you a different Firebase service including Firebase Authentication, Cloud Firestore, Firebase Storage and Firebase Hosting. Each service can be used by itself or in combination with other Firebase services. 

Well, what are you waiting for? Join me in the course to start learning Firebase today!

Full-Stack Web Applications with Firebase

## Change Your Rules 
For your to-do list, we can set our rules like you see below so that the user who is signed in only has `read` and `write` access to their specific list of *to-do items*.



rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /to-do-lists/{listUID}/{document=**}{
     allow read, write: if request.auth.uid == listUID
    }
  }
}

## Let's Break This Down

### Match the Database
Where you see the `match /databases/{database}/documents {}` is the starting point for any rule you want to add. You can add as many rules as you want between the `{}`.

### Match the List
Inside that you see `match /to-do-lists/{listUID}/{document=**}{}` where inside the `{}` is where we will define access levels for lists.

Now check out the `{listUID}`. This is a wild card basically saying give us access to any list no matter what the ID. If you wanted to give access to a specific list, you could put an actual ID there like this `{WMPlOss0AxQr3xLspfQPJFXqwwu2}`. 

### Define Who Can do What
At the inner part of the code, you see `allow read, write: if request.auth.uid == listUID`, meaning that if your UID matches the list ID, then you can read, and write to that list. The list ID will match up with a user because we made the list ID the UID of the signed-in user for this very purpose. Remember the query that looks like this when we add a to-do item `	database.collection('to-do-lists').doc(uid).collection('my-list').add({})`. You can see that we name the doc after the signed-in users UID by doing this `.doc(uid)`. This is how the magic happens!

## Your Lists are Secure
Your user's lists are now 100% secure because of the rules we implemented. If someone has your publicly available Firebase keys, they are not able to do anything with them that would affect your application.

## Put Your Knowledge to the Test!
Ready to test your knowledge of authorization? Join me in the next section for a quick quiz.







# Change Your Rules 
For your to-do list, we can set our rules like you see below so that the user who is signed in only has `read` and `write` access to their specific list of *to-do items*.



# Let's Break This Down

## Match the Database
Where you see the `match /databases/{database}/documents {}` is the starting point for any rule you want to add. You can add as many rules as you want between the `{}`.

## Match the List
Inside that you see `match /to-do-lists/{listUID}/{document=**}{}` where inside the `{}` is where we will define access levels for lists.

Now check out the `{listUID}`. This is a wild card basically saying give us access to any list no matter what the ID. If you wanted to give access to a specific list, you could put an actual ID there like this `{WMPlOss0AxQr3xLspfQPJFXqwwu2}`. 

## Define Who Can do What
At the inner part of the code, you see `allow read, write: if request.auth.uid == listUID`, meaning that if your UID matches the list ID, then you can read, and write to that list. The list ID will match up with a user because we made the list ID the UID of the signed-in user for this very purpose. Remember the query that looks like this when we add a to-do item `	database.collection('to-do-lists').doc(uid).collection('my-list').add({})`. You can see that we name the doc after the signed-in users UID by doing this `.doc(uid)`. This is how the magic happens!

# Your Lists are Secure
Your user's lists are now 100% secure because of the rules we implemented. If someone has your publicly available Firebase keys, they are not able to do anything with them that would affect your application.

# Put Your Knowledge to the Test!
Ready to test your knowledge of authorization? Join me in the next section for a quick quiz.







In this lesson, we will edit security rules so that only authorized users can make a 'write' request. This protects you​ from potential hackers. 

Introduction

Learn Cloud Firestore Database - Build a Chat Application

Learn Deployment - Practice Concepts on Your Chat Application

Learn Cloud Storage - Build a Image Sharing Application

Learn Authentication - Build a Boilerplate Application

Learn Security - Boilerplate + To-Do List Application

Conclusion

Cloud Firestore Security

Change Your Rules #

Let’s Break This Down #

Match the Database