Firebasecloud~5 mins

Data validation rules in Firebase - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Data validation rules in Firebase help make sure the information saved in your database is correct and safe. They check data before saving it, so mistakes or bad data don't get stored.

When you want to make sure users only save data in the right format, like numbers or text.

When you want to prevent users from deleting or changing data they shouldn't.

When you want to check that required fields are not empty before saving.

When you want to limit the size or length of data, like text length or number range.

When you want to control who can read or write certain parts of your database.

Config File - firestore.rules

firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    // Match all documents in the 'users' collection
    match /users/{userId} {
      allow read, write: if request.auth != null && request.auth.uid == userId;

      allow create: if request.resource.data.keys().hasAll(['name', 'age'])
                    && request.resource.data.name is string
                    && request.resource.data.name.size() > 0
                    && request.resource.data.age is int
                    && request.resource.data.age >= 13
                    && request.resource.data.age <= 120;

      allow update: if request.resource.data.keys().hasOnly(['name', 'age'])
                    && request.resource.data.name is string
                    && request.resource.data.name.size() > 0
                    && request.resource.data.age is int
                    && request.resource.data.age >= 13
                    && request.resource.data.age <= 120;

      allow delete: if false; // prevent deleting user documents
    }
  }
}

This file sets rules for the Firestore database.

rules_version: Specifies the version of rules syntax.

service cloud.firestore: Applies rules to Firestore.

match /databases/{database}/documents: Applies rules to all documents.

match /users/{userId}: Targets documents in the 'users' collection.

allow read, write: Allows only authenticated users to read/write their own data.

allow create: Checks that new data has 'name' and 'age' fields, with 'name' as a non-empty string and 'age' as an integer between 13 and 120.

allow update: Allows updates only if the data has only 'name' and 'age' fields with the same checks.

allow delete: Prevents deleting user documents.

Commands

This command uploads and activates the Firestore security rules defined in the 'firestore.rules' file to your Firebase project.

Terminal

firebase deploy --only firestore:rules

Expected OutputExpected

=== Deploying to 'your-project-id'... i deploying firestore i firestore: releasing rules... ✔ firestore: rules released successfully ✔ Deploy complete!

→

--only firestore:rules - Deploys only Firestore rules without affecting other Firebase services.

Starts the local Firestore emulator to test your rules and database behavior without affecting the live database.

Terminal

firebase emulators:start --only firestore

Expected OutputExpected

i emulators: Starting emulators: firestore ✔ firestore emulator running at http://localhost:8080 All emulators started, it is now safe to connect.

→

--only firestore - Starts only the Firestore emulator.

Runs tests against your Firestore rules using a test file to check if your validation rules work as expected.

Terminal

firebase firestore:rules:test --rules firestore.rules --test-file test.json

Expected OutputExpected

Running Firestore rules tests... All tests passed successfully.

Key Concept

If you remember nothing else from this pattern, remember: data validation rules check data before saving to keep your database safe and clean.

Common Mistakes

Allowing write access without checking user identity.

This lets anyone change any data, risking security and data corruption.

Always check that the user is authenticated and only allowed to write their own data.

Not validating data types or required fields.

Bad or incomplete data can cause app errors or wrong behavior.

Use rules to check data types and required fields before allowing writes.

Allowing delete operations without restrictions.

Users might delete important data accidentally or maliciously.

Restrict delete permissions or disable them if not needed.

Summary

Write Firestore rules in 'firestore.rules' to validate data before saving.

Deploy rules using 'firebase deploy --only firestore:rules' to activate them.

Test rules locally with Firebase emulators to avoid affecting live data.