In this post of python django with Google Firebase series, i will continue teaching Firebase database where we will allow only authenticated users to read/write to Firebase Database. If we talk about current scenario we are working Firebase database rules as Public, which means if anybody having your firebase config, can read & write to your database.
So, let’s see step by step guide to work on Firebase database for Python django so, that only authenticated users can read/write to database.
Why there is Firebase Database Rules :
Firebase Realtime Database provides a flexible, expression-based rules language with JavaScript-like syntax to easily define how your data should be structured, how it should be indexed, and when your data can be read from and written to. Combined with our authentication services, you can define who has access to what data and protect your users’ personal information from unauthorized access.
Sample rules :
By default, your database rules require Firebase Authentication and grant full read and write permissions only to authenticated users. The default rules ensure your database isn’t accessible by just anyone before you get a chance to configure it. Once you’re set up, you can customize your rules to your needs.
Default Rules :
 |
| Source : Firebase.google.com |
We get these rules as default in our database and these rules require user authentication for accessing the Firebase database
Public Rules :
 |
|
|
Public rules are for testing purpose only, these rules just require Firebase config for accessing the Firebase database, till now in our series we are just using Public rules for accessing Firebase database.
So, now let’s see how to configure database as default rules with Pyrebase library for allowing only authenticated users to Read/Write database.
Configure Pyrebase for Default Firebase Rules:
If you like videos like this consider donating $1, or simply turn off AdBlocker. Either helps me to continue making tutorials.
Transcript / Cheat Sheet:
For using default Firebase database rules with Pyrebase library we can optionally add a service account credential to our configuration that will allow our server to authenticate with Firebase as an admin and disregard any security rules.
import pyrebase
config = {
"apiKey": "apiKey",
"authDomain": "projectId.firebaseapp.com",
"databaseURL": "https://databaseName.firebaseio.com",
"storageBucket": "projectId.appspot.com",
"serviceAccount": "path/to/serviceAccountCredentials.json"
}
firebase = pyrebase.initialize_app(config)
Adding a service account will authenticate as an admin by default for all database queries, but firstly we need to get our serviceAccountCredentials.json, for that need to get there: Settings > Project Settings > Service Accounts > Generate New Private Key.
Put that key in some desired location and put that location in the “serviceAccount” path.
That’s it, now we are able to read/write to firebase database only for authenticated users & we get rid for Firebase Permission Denied with Pyrebase library error.
Get Whole Django Project Source Code Here.
Hello, we hqve to put the complete path to the json file but when we will upload the app to put it in production we the firebqse CLI will it still be working?
thqnkssss love your tuto
Yes, it will work, just change the path according to prod environment like : $prod_home/file_path
Thank you Kevin, will you do a tutorial on how to deploy django app on for example google cloud plteform or firebase?
Hi I have already created tutorial on that:-
https://hackanons.com/2018/10/python-django-webser-hosting-on-google.html