1

I want to use Firebase to setup a 2 person chat. The users will be able to chat when they 'liked' each other. I'm handling the 'liking' on my own SQL server but I want to use Firebase for the chat.

This is dummy data, it wil look like this eventually.

{
  "admins": {
    "chat1": {
      "user_id_1": {
        "active": true
      },
      "user_id_2": {
        "active": true
      }
    }
  },
  "chats": {
    "chat1": {
      "messages": {
        "random_id": {
          "message": "first message",
          "sender": "user_id_1"
        }
      }
    }
  }
}

These are my rules:

{
  "rules": {      
    "admins": {
      "$chatAdmin": {

      }
    },
    "chats": {
      "$chat": {
        ".read": "root.child('admins').child($chat).hasChild(auth.uid)",
        ".write": "root.child('admins').child($chat).hasChild(auth.uid)"
      }
    }
  }
}

So what I want is that every time two users are a 'match', so they 'liked' each other. I want to create their chat in /chats/{sha1(uid1 + uid2)} and give only those 2 users access to it, read and write.

Community
  • 1
  • 1
Dirk
  • 3,095
  • 4
  • 19
  • 37
  • 1
    Hey Theo. From a quick scan your structure looks perfect for the requirements. What problem are you having with it? – Frank van Puffelen Dec 19 '16 at 00:59
  • Well, everyone can make an admin row now. I only want to create 2 records per chat for the users – Dirk Dec 19 '16 at 06:59
  • Ah OK, got it. That's indeed trickier. The closest I can quickly think of is an approach similar to what Andre describes [here](http://stackoverflow.com/questions/36124804/firebase-data-cap-on-children/36149277#36149277) or keeping a separate counter as I describe [here](http://stackoverflow.com/questions/37954217/is-the-way-the-firebase-database-quickstart-handles-counts-secure/37956590#37956590). – Frank van Puffelen Dec 19 '16 at 15:32
  • @FrankvanPuffelen I don't really get your solution. I thought of a solution where I update the rules on every match, via my custom server. But that is against the Firebase design patterns... – Dirk Dec 19 '16 at 17:26
  • Once you have a custom server, things get a lot easier. With your current rules, the users can't update the `admin` node while the server *can*. So that ensures security. How would that be against "the Firebase design patterns"? – Frank van Puffelen Dec 19 '16 at 17:42
  • @FrankvanPuffelen thanks. When I read my question again I actually don't know why I said that. – Dirk Dec 19 '16 at 18:06
  • Has a Admin user (server side) always access to everything in a Firebase project? – Dirk Dec 19 '16 at 18:10
  • @FrankvanPuffelen is it possible to access the facebook id in firebase rules? – Dirk Dec 19 '16 at 21:03
  • When you use our Admin SDK, the code indeed defaults to having full access to all data. – Frank van Puffelen Dec 19 '16 at 21:38

1 Answers1

0

thank me later, hack >

a long as firebase doesn change uid format

export async function sendMessage(myUid, otherUid, content) {
    const conversationId = createConversationId(myUid, otherUid)
    const data = { content, timestamp: new Date().getTime(), authorUid: myUid }
    await firebase.database().ref(`conversations/${conversationId}`).push(data)
    return
}

export function createConversationId(uid1, uid2) {
    return uid1 > uid2 ? `${uid2}${uid1}` : `${uid1}${uid2}`
}

also see

https://gist.github.com/katowulf/4741111

Nikos
  • 7,295
  • 7
  • 52
  • 88