I have a Firebase emulator set up on my local machine, and I've connected JS client and admin SDKs to test the security rules. Reading/writing data seems to be working properly, and requests are allowed/denied in accordance with my local firestore.rules file. However, nothing is being added to firestore-debug.log after data is modified in Firestore, despite debug being added to the rules file. Is there any reason this function wouldn't be working?
firestore.rules (simplified for testing)
rules_version = '2'
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read;
allow write: if debug(request.auth) != null;
}
}
}
firebase.json
{
"firestore": {
"rules": "firestore.rules",
"indexes": "firestore.indexes.json"
},
"emulators": {
"auth": {
"port": 9099
},
"firestore": {
"port": 8080
},
"ui": {
"enabled": true
}
}
}
Related
Problem
Amplify's signInWithWebUI is opening an webview for sign-in, but it opens with empty URL like you can see in the attached images at the bottom. I'm struggling to point out what configuration determines this signin URL. Any hint or help would be very appreciated. Thanks.
More context
I'm trying to implement Social signin with Google in my ios app. I already have AWS Cognito setup for Google signin that is working fine in my web app, so I've added amplify-ios package to my ios, configured and called signInWithWebUI function following these guides.
https://docs.amplify.aws/lib/auth/social_signin_web_ui/q/platform/ios/
https://docs.amplify.aws/lib/auth/existing-resources/q/platform/ios/
Here is how I'm calling the function and Amplify configuration file(amplifyconfiguration.json).
Amplify.Auth.signInWithWebUI(for: AuthProvider.google,
presentationAnchor: UIApplication.shared.windows.filter {$0.isKeyWindow}.first!
)
{
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"IdentityManager": {
"Default": {}
},
"CognitoUserPool": {
"Default": {
"PoolId": "us-east-1_[REDACTED]",
"AppClientId": "[REDACTED]",
"Region": "us-east-1"
}
},
"Auth": {
"Default": {
"authenticationFlowType": "USER_SRP_AUTH",
"OAuth": {
"WebDomain": "https://[REDACTED].auth.us-east-1.amazoncognito.com",
"AppClientId": "[REDACTED]",
"SignInRedirectURI": "myapp://callback/",
"SignOutRedirectURI": "myapp://signout/",
"Scopes": [
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin"
]
},
}
}
}
}
}
}
These are what the app shows when signInWithWebUI is called.
https://i.stack.imgur.com/tmbWB.png
https://i.stack.imgur.com/FnxbN.png
It turned out that WebDomain in the configuration file shouldn't include "https://" part. Now it looks like following and it loads Google's signin page properly.
{
"WebDomain": "[REDACTED].auth.us-east-1.amazoncognito.com"
}
How to configure aws amplify in flutter for an existing user pool? There is no identity pool configured for this user pool. I want to configure it without creating an identity pool. Following is my current amplifyconfiguration.dart file,
const amplifyConfig = ''' {
"UserAgent": "aws-amplify-cli/2.0",
"Version": "1.0",
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"IdentityManager": {
"Default": {
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "**********",
"AppClientId": "**********",
"Region": "**********"
}
},
"Auth": {
"Default": {
"authenticationFlowType": "USER_SRP_AUTH"
}
}
}
}
}
}''';
Every time I try to signIn I get this error with above config,
Amplify.Auth.signIn(
username: 'test#gmail.com',
password: 'test'
);
java.lang.Exception: Federation is not enabled, please check if you have CognitoIdentity configured.
How can I fix this without using a identity pool?
I am trying to deploy Strapi on a Dokku instance on a Digital Ocean droplet. I originally ran into some issues connecting to the mongo database, but after some trial and error and a lot of review of these docs and this issue, I was able to get it to stop complaining about the mongo connection. Here was my final config/environments/production/database.json
{
"defaultConnection": "default",
"connections": {
"default": {
"connector": "mongoose",
"settings": {
"client": "mongo",
"uri": "${process.env.MONGO_URL}",
"database": "${process.env.DATABASE_NAME}",
"username": "${process.env.DATABASE_USERNAME}",
"password": "${process.env.DATABASE_PASSWORD}",
"port": "${process.env.DATABASE_PORT || 27017}"
},
"options": {
"authenticationDatabase": "${process.env.DATABASE_AUTHENTICATION_DATABASE || ''}",
"useUnifiedTopology": "${process.env.USE_UNIFIED_TOPOLOGY || false}",
"ssl": "${process.env.DATABASE_SSL || false}"
}
}
}
}
Here is my config/environments/production/server.json
{
"host": "${process.env.HOST || '0.0.0.0'}",
"port": "${process.env.PORT || 1337}",
"production": true,
"proxy": {
"enabled": false
},
"cron": {
"enabled": false
},
"admin": {
"autoOpen": false
}
}
I believe the original issue was that I was accidentally using the PORT variable for the database instead of the DATABASE_PORT variable.
However, now that I have that worked out I am getting this error:
error Error: listen EADDRNOTAVAIL: address not available <my-host-ip>:5000
I thought maybe there was some wrong port being cached somewhere, but regardless of what I do, I can't seem to get it to work. Do I need to enable ssl? and then add a letsencrypt cert to my domain? am i using the wrong ports? set a proxy in the server.json?
PS. I am using Dokku Mongo. Didn't think that would be an issue considering the dynos don't go to sleep like they would on heroku. Is that an incorrect assumption?
Also, there are other apps running on the droplet. Maybe a proxy problem?
I am creating a web application using MongoDB and Go, which includes role based access control. I am storing the information regarding this in 2 collections, permissions and roles.
This is how these two collections look like.
Permissions
{
"operation": "create",
"resource": "project"
}
{
"operation": "read",
"resource": "project"
}
{
"operation": "update",
"resource": "project"
}
{
"operation": "delete",
"resource": "project"
}
{
"operation": "create",
"resource": "user"
}
resource is something on which an operation is performed. So if there is some operation which cannot be performed on some resource, then, I needn't store it. For example user can only be created hence only create user need to be stored.
Currently there are only 4 operations(create, read, update, delete) in the scope of the application, but could increase, like upload could come into picture.
Roles
{
"role": "admin",
"display_name": "Administrator",
"permissions": [
{
"operation": "create",
"resource": "project"
},
{
"operation": "read",
"resource": "project"
},
{
"operation": "update",
"resource": "project"
},
{
"operation": "delete",
"resource": "project"
}
]
}
Roles contain role, the name of role to be displayed on UI and the set of permissions that role has.
I need to send this information to UI using a REST API in a specific format, which would describe whether a specific role can perform an operation on a resource or not using the checked flag and whether a specific operation on a resource is editable or not by using the flag isEditable.
For example the permissions collection doesn't contain an operation delete on resource user, so it should not be editable, hence flag is set to false. Similarly user can be created, hence it is set to true.
{
display_name: "System Administrator",
role: "admin",
permissions: [
{
resource: "user",
privilages: {
create: { checked: false, isEditable: true },
delete: { checked: false, isEditable: false },
update: { checked: false, isEditable: false },
read: { checked: false, isEditable: false }
}
},
{
resource: "project",
privilages: {
create: { checked: true, isEditable: true },
delete: { checked: true, isEditable: true },
update: { checked: true, isEditable: true },
read: { checked: true, isEditable: true }
}
}
]
}
Is it possible to perform this using mongo aggregations? Or do I need to make modifications in my schema, If yes, then what modifications should I make.
I was able to solve the problem in 3 steps:
Include all the permissions for every role and add a flag called checked. This increased data redundancy but that wasn't a big issue.
Do a group by on resource field in roles collection.
Populate the missing privileges for every resource with isEditable set to false on server side.
I had to traverse the data on server side, but this was the most efficient way I could think of.
I am using REST API to query Firebase.
Rule is set as below :
{
"rules": {
".read": true,
".write": true,
"user": {
".indexOn": "type"
}
}
}
When querying the below URL using GET method
https://exampleurl.firebaseio.com/user/9001.json
Response :
{
"name": "Rohit",
"person": {
"-KLk3p3kUWg2j9p16kTw": {
"mobile": "9002",
"name": "Adarsh",
"type": "D"
},
"-KLk4x2V_hfZwlsh6PMo": {
"mobile": "9003",
"name": "Manas",
"type": "D"
},
"-KLk5-UPefdSMarC5VCQ": {
"mobile": "9004",
"name": "Sagar",
"place": "thane",
"type": "C"
}
}
}
I get error when using filtering query in GET method
https://exampleurl.firebaseio.com/user/9001.json?orderBy="type"&startAt="D"
Response :
{
"error": "Index not defined, add \".indexOn\": \"type\", for path \"/user/9001\", to the rules"
}
I tried using below rule. But firebase does not allow me to save.
{
"rules": {
".read": true,
".write": true,
"user/9001": {
".indexOn": "type"
}
}
}
Another question speaks about listening on change. While my question is on Indexing.
After searching and spending quite a time on the problem, was able to figure out the solution for indexing 2nd node in Firebase.
Firebase supports wild card for indexing.
New Rule, which solved my problem:
{
"rules": {
".read": true,
".write": true,
"user": {
"$person":{
".indexOn": "type"
}
}
}
}