set a limit number of writes from single ip to firestore?

Question

I have the following function that is connected to a switch on/off is any way to limit a protentional abuse of this switch ? , lets say a malicious user automate a bot that will keep Turing this switch on and off causing a constant writes do firestore, the other part of the problem is I got changes by using real time data so this will cause a snow ball effect. is there a way to reject writes to db if certain number of the requests has been reached or is there some better practice to handle such a case ?

const SetDisplayDay = (type: string, bool: boolean) => {
      const docRef = doc(db, colDynamic(state.user)[0], _authContext.currentUser.uid);
      const setDisplay = async () => {
        await updateDoc(docRef, {
          [type]: bool,
        });
      };
      setDisplay().catch((error) => {
        const errorCode = error.code;
        alert(errorCode);
      });
  };

Answer 1

is there a way to reject writes to db if certain number of the requests has been reached

No, not if you allow direct access from web and mobile clients via security rules.

If you want to fully control access to Firestore, you will need to disable web and mobile access (deny all reads and writes from web and mobile) and force them all through a backend API that you control that makes decisions about whether or not the caller should have access.

See also:

• Can I limit number of reads/writes from user IP per minute/day in firestore?
• how can i restrict access to firestore database to only requests coming from specific domain?