0

I am making this website with simple picture gallery on it. I am trying to add a simple user authentication on it so only one person can add and remove images from the gallery. I know it probably would be simple to do with PHP but i have never used it so i don't know how simple it actually would be for me? I found out that i can do user authentication in firebase so i thought to try that. So far i have this code: 

var ref = new Firebase("https://test.firebaseIO.com");
var authenticate = function(){
    ref.authWithPassword({
        email: $(".email").val(),
        password: $(".password").val()
    }, function(error, authData) {
        if (error) {
            console.log("Something went wrong", error);
        } else {
            console.log("Authenticated with payload", authData);

        }
    });
}

$(".login_button").click(function(){
    authenticate();
});

I am getting authData back as console log so the authentication is working. Now i am wondering. How can i use this to only show content to the authenticated user? Or is it even possible with authentication like this?

Thank you for your patience.

mrjd
  • 35
  • 5
  • This is incredibly broad, so I recommend you first try something and then come back if you're having problems. The most likely problem you'll run into is that Firebase rules can not be used to filter data. See this answer: http://stackoverflow.com/a/14298525/209103 – Frank van Puffelen Nov 05 '15 at 15:11

1 Answers1

0

While this is a broad question, and the detailed answers are on the Firebase website, here's a broad answer.

Firebase has two parts to securing your data (generally speaking)

1) Authenticating the user (via email/pw, Facebook integration etc)
2) Once authenticated, controlling what that authenticated user can access via Rules.

The Rules are what you are looking for as an answer to your question.

Firebase data is initially is wide open; if you create a new app space with the Firebase dashboard, any user (authenticated or not) can access that data.

Once you put a set of Rules in place, that then defines what and who can access that same data.

Here's a rule that ensures that read/write access is only given to a user that has authenticated

{
  rules: {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

This coupled with your authentication would only allow authenticated users to access your data; unauthenticated users would not be able to read or write to it.

Jay
  • 34,438
  • 18
  • 52
  • 81