In the answer at link its sugested that to keep a count of users: when a client creates a user in the promise of that function to return a transaction that updates a count.
Here is a similar snippet in firebase 3.0
the DB structure is:
- users
-- someuid
--- displayName: 'Dale'
- usersCount
-- count: 1
-- users
--- someuid : true
<script src="https://www.gstatic.com/firebasejs/3.6.1/firebase.js">
</script>
<script>
// Initialize Firebase
var config = {
..
};
firebase.initializeApp(config);
function createNewAccount() {
return firebase.auth().signInAnonymously()
.then(createUserAccountData)
.then(updateUser);
}
function updateUser() {
console.log('update user count');
var user = firebase.auth().currentUser;
var ref = firebase.database().ref('/usersCount');
var uid = user.uid;
return ref.transaction(function(post) {
if(post) {
if(post.users && post.users[uid]) {
} else {
post.count++;
if(!post.users) {
post.users = {};
}
post.users[uid] = true;
}
}
return post;
})
}
/**
* @return {User|fasle}
*/
function getUserObjectForDb (user) {
console.log('get user obj');
if(!user) return false;
return {
displayName: user.displayName || user.uid || false,
email: user.email || false,
arbitraryData: 'foo'
}
}
/**
* Create a user account given a firebase user object.
* @param {Object} result
*/
function createUserAccountData(result) {
console.log('create user account data');
var uid = result && result.uid || false
if(!uid) return false;
var user = getUserObjectForDb(result);
var path = 'users/' + uid;
var ref = firebase.database().ref(path);
return ref.set(user);
}
</script>
<button onclick="createNewAccount()">Create new account</button>
User creates an account with firebas.auth Then a transaction adds the user details to the user and increments the usersCount
How can something like this be made secure. How can a client be trusted to update a counter at all?
