Home > Software design >  configure db authentication to allow sign up only to known email addresses
configure db authentication to allow sign up only to known email addresses

Time:11-02

I want to build an app (in react js) for myself, my family, and some close friends ( /- 40 people). But having this app live, anyone could go on the apps web address and submit a sign up form, and yes I can write db rules that would prevent reading and mutating the data. But still the unknown user would have an empty account created. And yes if they login they would see nothing, but I don’t want them to even have an account. My idea is have a table/document with known e-mails, and only allow sign up to users if their e-mail match the one in this table/document. As the way I understand this would filter out any possible unknown “user” actors from having an account on my app. Another implementation I’m thinking of doing is when I add the e-mail to this list the e-mail owner would receive an e-mail that contains an invite link to sign up.

Now my question are:

Is this doable ?

If so how can I do this utilizing supabase with prisma ? And or can this be done in firebase ? I know these are 2 different worlds, but at the moment these are my only db options.

If y’all can point me in the right direction, what to research, or what step I should take; I would more than grateful.

I tried googling, but found nothing so far.

CodePudding user response:

On Firebase you can use the new'ish blocking Cloud Functions to determine whether somebody can create or sign in to an account. With these you write your own code that determines exact who/what is allowed and who/what isn't.

For more on this, see the Firebase documentation on extending Firebase Authentication with blocking Cloud Functions

CodePudding user response:

You can definitely do this with Supabase. There are a few ways to create this type of environment.

  1. You invite the users just from the server i.e inviteUserByEmail().

  2. If you want to have a fixed list, then you can create an RPC function to auto-delete unwanted users:

create trigger on_auth_user_created
  after insert on auth.users
  for each row execute procedure public.handle_new_user();

Then, you can create a function handle_new_user() that drops the user if they don't belong to your list. Example:

create function public.handle_new_user() 
returns trigger as
$$
  begin
  where not exists
--    (QUERY to filter your approved users here)
    delete from public."User" where id=(old.id::text);
    return old;
  end;
$$
language plpgsql security definer;
  • Related