0

So I am trying to make a spam control so users can't create that many requests to my database. For now, I have only implemented timeout on the frontend, but who knows how long it will take to bypass... I search pretty much everywhere and didn't find anything... does anyone here know?

My firebase rules code

wajaap
  • 273
  • 3
  • 20
H7KZ
  • 1
  • 4
  • So one can send message every 5 seconds only? – Dharmaraj Mar 20 '22 at 10:52
  • no, the function canSendMessage does NOT work... – H7KZ Mar 20 '22 at 11:15
  • Do you have a createdAt field in the document? Have you tested these rules in the playground? – Dharmaraj Mar 20 '22 at 11:16
  • I have tested it. With and without that function. In both cases I could spam the database with requests to create new document – H7KZ Mar 20 '22 at 11:27
  • Please don't post screenshots of your code, or other textual content. Instead post the actual text, and use the formatting tools of Stack Overflow to mark it up. Also see: [Why not upload images of code/errors when asking a question?](https://meta.stackoverflow.com/questions/285551/why-not-upload-images-of-code-errors-when-asking-a-question) – Frank van Puffelen Mar 20 '22 at 14:20
  • The rules you shared seem similar to the ones from my answer on [How do I implement a write rate limit in Cloud Firestore security rules?](https://stackoverflow.com/a/56487579/209103) What isn't working about these rules for you? Can you show the code of how you're testing them? – Frank van Puffelen Mar 20 '22 at 14:26

0 Answers0