2


I am currently trying to implement rate limting by checking the timestamp of the last post and then add + 60sec to it and then check if it is smaller(<) then the current Firebase Server Timestamp(now). It somehow always returns true and grants access ?!

These are my Rules:

{
  "rules": {
        "posts": {
        ".read": true,
            ".write": 
"(root.child('users').child(auth.uid).child('lastPost').val() + 60) < now"
      }
  }
}




This is my database structure 

{
    "posts": {
        "-KV70ppGGTEtXY4_Q4UC": {
            "author": "abcdedef-uid-ojifgoöifjgssgd",
            "description": "Thats the post description",
            "title": "Thats the post title"
        }
    },
    "users": {
        "2uy7323nTodMHcVxeEDJzoexH302": {
            "canPost": true,
            "email": "cryptic.pug@firebase.com",
            "lastPost": 14776667681,
            "profile_picture": "https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg",
            "username": "Cryptic Pug"
        }
    }
}
Cryptic Pug
  • 527
  • 4
  • 19

1 Answers1

3

Thanks for your Clue Vladimir!

As I haven't found this kind of soulution anyware I would like to share the answer here officially:

    {
  "rules": {
        "posts": {
        ".read": true,
            ".write": 
"(root.child('users').child(auth.uid).child('lastPost').val() + 60000) < now"
      }
  }
}

Explanation:

When a user posts something you always update the Value in the Database with the Value of firebase.database.ServerValue.TIMESTAMP to the user information. In the Rule language you read the Timestamp of the Last Post is read out of the user who wants to post (auth.uid in FB Rule Language) and add 60 seconds (*1000 as Firebase uses Milliseconds in it's timestamp), which would be the time when the user would be allowed to post again. And Then check if the current server timestamp is higher (<) than the time the user is allowed to post again.

Hope It helped you guys, Happy Coding - Doing Firebase for 3 days and it's great!

Cryptic Pug
  • 527
  • 4
  • 19