Firebase Rules Tutorial for your Realtime Database! [PART 2]

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys and welcome back to you Nico dev in the last video we talked about firebase rules and we looked into the variables you can use in order to make your rules as secure as possible this is going to be the path to where we talk about the party through the index on rule if you can call it that and also how to publish rules from a REST API if you haven't watched part 1 I strongly suggest you to do so or if you're really confident with rules and just need clarification on this part then you can keep watching no problem if you are new to the channel you can subscribe and also leave a like if you want to see more content like this because it would support me and the channel quite a lot alright let's begin now before starting I need to remind you about one thing which is really important to this next bit which is the rule cascade if you don't know what the rule cascade is let me just throw a simple example right here to call this user 1 and right here we will put true okay all right so you would think that the request on users user 1 will not go through but it will actually go through because this read right here is true we allowed access to the entire branch so then this vid party right here is getting ignored now the same goes also for writing rules naturally so if I do write true and right here we do write fools we are going to get the exact same result meaning that if we do a write request to the same location and we run it we are still gonna get through even if write was false now one thing that is interesting though is that this is not true for the validate so if we actually insert a missing right to use validate it and we use it also right here but we also set it to false and we do publish now you would expect to validate to also go through but it's not so this is something particular about validate is that it doesn't follow the rules cascade meaning that these two values are not an or gate but they are an endgame if you can call them that in fact in the opposite scenario where this is false and this is we are still not going to get through now you might be confused on what validate actually ease and we can test out that it could put the reading to true at example and we do a read request and we run as you can see everything will work smoothly so validate is only cold when there is our written request or when you are setting some data now validate is actually the same as right okay it does the exact same thing just that it doesn't have this rules Cascade property and also it will only be checked once right is available so naturally if you cannot write to the database then it doesn't need to worry about value because you cannot write at all so why is valid it's useful as the name suggests validate can actually you know enforce some style and some formatting to the data so I don't know let's say that let's try to do an example for this okay we're gonna remove this user because we don't need it okay now we need to actually push a user to this database okay our client can push any user he wants but this user needs to have a nickname and some age okay if you don't have these two attributes the database will not work properly so when you push your data you need to specifically have these two attributes so the reading is going to be always true the writing is going to be always through we don't care but right here in the validate we can actually use a variable that we talked about in part one which is new data which is going to give you a snapshot of the data we want to insert and actually now that I think about it we only want to insert data so we can also remove read because you know the client doesn't need to read any data it just needs to send it all right so we can check if the do data as a child which is nickname and it's the nude yeah I will do end if the new data as a child which is age okay oh yeah I always forget the quotation marks okay when you're doing an expression you need the quotation marks because it's actually telling that this is going to be some JavaScript yes and I did yet another mistake Wow okay so we are retrieving the children of the new data we actually need to check if you dentists taste so I have to do it exists and also exists there you go and as you can see if we do a normal request it's going to get denied but if instead of key and value right here I actually put some bigger like nickname and age we said there we go I can put a number I guess and we run it it's still not going to work oh yeah because we're posting to user 1 we only want to post inside the users because this is where we defined our ticketing and as you can see it will be allowed and now we need to test again for no data or actually can we sell null as a data I'm just wondering our simulation could not run ok that's interesting ok let's maybe try to remove the error oh my gosh I'm messing up everything I try to remove the age and run and as you can see doesn't work all right before moving on to the next thing I know a lot of you people maybe I've been wondering and I've been like why instead of notification here what does this notification mean what this is alert and you know I actually wanted to show you because this is like because this is like a little bit meta your project real-time database as insecure rules so this is actually a game that I made and you can see how even I can mess up and forget adding rules to my projects oh yes really secure rules think oh well done you are really the best you're so good at securing rules it is probably an old version of the game this is not the one release I hope ok we talked about the validate now let's talk about indexing our data actually I wanted to see one more thing about the validate is that because it doesn't ask a like the others you could have different validations for different branches so in the users you need to have a user which has a nickname and an age but if we actually do into a default user we could say so we can use the character right here which is user ok you can use this wildcard variable then right here we can put some other conditions like I don't know maybe not inside the user but inside the nickname ok and the nickname actually doesn't have to be estranged but it has to be divided into full name and I don't know full name and last name something like that so right here we could put another validate that is doing that so these two validates are going to stop and both of them need to be true in order for the request to go through so you know this is why there is no rules cascade on the validate if you were wondering okay so also right now we covered all of the rules we covered the validate the right and the read now we actually have something left to cover which is the index on but to think about the index on is that it's not actually a rule so it's not really defining anything we don't need the rules playground for this what this is basically doing is optimizing our database it's a little bit confusing that is set in our database rules but I guess is a good place to you know put it you know it pretty convenient now basically what this does is imagine that you are or actually I'm just gonna use the example from the documentation so you know we can both enjoy it okay so in the documentation there was this data set now these are not actually rules this is the actual data and just putting it here for convenience alright so basically we have in the data different types of dinosaurs with different attributes like height length and weight now let's say that when our client wants to get these attributes he wants to sort them sometimes we might want to sort them by hate sometimes we might want to sort them by length but never by weight okay we will never sort them by weights because we just don't need them okay we don't do any discrimination on weight okay that was a dumb one but basically we are always sorting by length or by height never by weight now firebase doesn't know this but we could actually tell him exactly what I told you so basically that we are never sorting by weight so that firebase can actually optimize the way that the diet data is ordered so that we get quicker queries and the way you do it is basically with this rule so inside the dinosaur branch okay we're basically telling firebase that were always going to be indexing on so we're only always going to be ordering by height and by but never by weight with this information firebase will optimize the way that the data is stored and will retrieve you a faster query so basically the formatting is in that zone and then whatever the children of that data are that you want to optimize for now if the data doesn't have any children but it's just a value you could actually put right here just dot value dot value yes and I will show you an example of that still taken from the dogs let's say that all of the dinosaurs have different scores and as you can see they have a value which is the score and let's say that we want to sort the data by the score so we can do a scoreboard so firebase can optimize for this ordering and if we go back to our code when we put these two scores this will do exactly that so inside the scores branch every single child will be indexed on its value all right and that's all I have to say about that okay I think we are actually done with the rules themselves now let's learn how to set them and we treat them remotely we can just go on the dog so where it tells us exactly how to do this we can do this by terminal - meaning we're just doing our C URL request to a website and if we do a put request and as the data we put our rules so I think that it is just a JSON and we put it to this website we are just going to push our rules and it the same way if we do our get request we are gonna get our rules back now as you can see right here we do have to set the access token though and the reason why we have to do this is so that you know only the owner of the project can set rules and the other users cannot set them because then it would be down so how do we actually obtain this access token okay I read some more about it so you don't have to do it yourselves basically what you need to do is go to the project settings from here service accounts and then you can generate a new access token there generate new private key and this will basically give you a file and with this file you can actually okay give me a sec let me close this with this file this is actually a test project I know he told me to keep it secret but whatever we are going to get a private key this key can be exchanged with that token I think firebase can actually automatically do this but I actually just want to show you this in action I'm actually in my file manager right here okay and just gonna open a terminal and I'm gonna do I'll be split if I can actually spell there you go and this is actually going to instantiate a firebase project right here on this folder you might actually have to download the firebase command in order to run this but as you can see I have a lot of things that I can actually put here which are the functions from cloud functions and I will actually do a tutorial on cloud function is just waiting to happen it's going to be my next thing but for today we just need to worry about the database so deploy if I this real-time database rules and if we press ENTER we can use an existing project and I selected the tutorial project and then what file should be used for database rules you can just be the default one and there we go so now right here as you can see we have database dot rules and we can just open this file with anything we want we can write the database rules oh I think they interact with you even the rules from the database which were the last one we set and we can update them so maybe make this a real and we make this true there you go all that okay and then we can just go here back in our terminal and do firebase deploy and this is gonna basically deploy your rules and update them into the thingy into firebase now you don't need to actually do this this is just for simplicity but if you have that reason that I showed you before you can make this work with just your terminal but this just does it all automatically which is you know better for me all right so now let's actually go into the rules well then database rules and they should actually be updated boom there you go they are updated it really is true I will link you in the description this page that will talk about how to authenticate with an access token in case you do want to do it you know via terminal or even you know via anything you want by just a rest request but yeah I hope you guys really enjoyed even part 2 of this tutorial video next up I will talk about cloud functions or maybe next video will be on Marshall I'm kinda you know going through one episode or the other of these two series so you can look forward for any new episodes on that if you enjoy the content that you are seeing on this channel make sure to leave a like and subscribe if you are new and yeah thank you ever so much for watching hope you learned something new today and I'm gonna see you guys in the next video see ya
Info
Channel: uNicoDev
Views: 10,637
Rating: undefined out of 5
Keywords: unity, game, gamemaking, tutorial, how to, firebase, firebase realtime database, firebase realtime, firebase database, realtime database, rules, security, firebase rules, realtime rules, secure rules, firebase rules 101, webdev, app development, typescript, javascript, lesson, database, data security, validation, json, data integrity, nosql
Id: -VqsK5RrfZk
Channel Id: undefined
Length: 13min 30sec (810 seconds)
Published: Fri May 15 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.