Hello I have the following rule in Firestore for read if true I recieve email that point anybody can read and my requests can be drained. I need some aproach read action to be allowed only from my app.I don't have authentication in the app is accessable without registration.What can I do to restrict the access only from the app.I read can be set SHA1 key but not quet sure how to imaplement it.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
      allow read: if true;
    }
  }
}

CodePudding user response：

I‘m afraid there’s actually nothing you can do. Since you are using a backend as a service provider you will have to use some sort of authentication if you want to prevent certain people to execute certain actions. This could be classic username/password authentication or a more modern means like oauth.

CodePudding user response：

There is no way to do that but there is a way around just add Anonymously authentication with firebase Auth Ui this way users will not have to create an email and they will be authenticated

another way is: try to make some parts which doesn't require security public for anyone to read .