I just set the rules of my Firestore project to only allow authenticated users to read/write to my database for added security. However, I also have an exterior Node.js webscraping script that runs in the background and needs to read/write to my Firestore database. There is no authentication involved, meaning it no longer has access to my database. Is there a way to allow the Node.js script to bypass the Firestore rules?
My rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
CodePudding user response:
You can use the Firestore Admin SDK for Node.js to do your reads and writes. Security rules do not affect calls made by the Admin SDK's.
It is important that this webscraping script is not user-controllable. Make sure to deploy it in an environment where only you, and not your app's users, have access.