Firebase route security without AngularFire
I am creating a web application that uses Firebase as a backend for data storage, live updates, and hosting.
Moving most of the client side is pretty smooth, but the security issue is important to the address.
For data access over Firebase, Firebase security rules take care of most things. But using Firebase for hosting, I feel like there is a lack of security for accessing certain routes.
Currently, on page load, I can check if the user is logged in. If the user is not logged in (or if the authentication token is not valid), I can redirect the user to another page (i.e. the login page). But, my problem is , what if there is information embedded in the static html on this page that I would not want an unauthorized user to see?
It seems to me that the first answer I get would be: "The data should be stored in a Firebase variable and loaded only if the authorization is successful." While this is a valid option, I think storing HTML (or even just paragraphs of text) since the Firebase variable is kludgy and there should be a better way.
I originally thought this would be an inherent option in the file firebase.json
, as redirects, headers, etc. can be defined. But it's firebase.json
not safe (in firebase-security.json
) that let me do a check auth
such as:
{
"firebase": "myfirebase",
"public": "app",
"ignore": [],
"rules": "config/security-rules.json",
"routes": [ {
"source" : "/for_authorized_only/",
"destination": "/authorized_page.html",
"auth": true, //Must be authorized
}, {
"source": "/some_public_route",
"destination": "index.html",
"auth": false, //No auth required to access this page
} ]
}
I haven't tried AngularJS or AngularFire, but after a little searching, it seems that the angularFire-seed project includes route safety, however this should be included in Firebase and not rely on a different framework!
Is there something I am looking at that will allow me to do this?
source to share
No one has answered this question yet
See similar questions:
or similar: