cPanel Question posted in
The official documentation can be seen here.

DocumentReference return sensitive data – Firestore – CPanel

I have a “post” and “user” collection, in the Post I attached “userId” as a reference to the user document

Everything works perfectly except the get().data() method I call on the Post document exposes all sensitive data (which I will send to the clients via Express server)

const ref = (await firestore.doc(...).get()).data()
  res.json({
    success: true,
    msg: ref,
  });

This is what I get in the ref variable:

{
  "success": true,
  "msg": {
    "foo": "bar",
    "userId": {
      "_firestore": {
        "_settings": {
          "credentials": {
            "private_key": "-----BEGIN PRIVATE KEY---------END PRIVATE KEY-----n", <--- Big problem
            "client_email": "..."
          },
          "projectId": "cpanel-9ac21",
          "firebaseVersion": "8.9.0",
          "libName": "gccl",
          "libVersion": "3.3.3 fire/8.9.0",
          "servicePath": "firestore.googleapis.com",
          "port": 443,
          "clientConfig": {},
          "scopes": [
            "https://www.googleapis.com/auth/cloud-platform",
            "https://www.googleapis.com/auth/datastore"
          ]
        },
        "_settingsFrozen": true,
        "_serializer": {},
        "_projectId": "cpanel-9ac21",
        "_lastSuccessfulRequest": 1578712168345,
        "_backoffSettings": {
          "initialDelayMs": 100,
          "maxDelayMs": 60000,
          "backoffFactor": 1.3
        },
        "_preferTransactions": false,
        "_clientPool": {
          "concurrentOperationLimit": 100,
          "maxIdleClients": 1,
          "activeClients": {},
          "terminated": false
        }
      },
      "_path": {
        "segments": [
          "users",
          "TXMF00S2PugwdwO5ge3vwQA6pV63"
        ]
      }
    },
    "foo": "bar"
  }
}

I also searched on the Internet but unfortunately didn’t find the answer/solution

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I figured it, so basically firestore will return DocumentReference instance. All I need is to transform to document's path:

    const purifyData = (data) => {
  const purifiedData = Object.keys(data).reduce((accumulator, prop) => {
    const propData = data[prop];
    if (propData instanceof firebase.firestore.DocumentReference) {
      accumulator[prop] = propData.path;
    } else {
      accumulator[prop] = propData;
    }

    return accumulator;
  }, {});

  return purifiedData;
};

  2. 0

    With Firestore, the typical way to separate public from private data is to put them in different collections. So, if you have a post, and you need to divide the public and private data, you might have two collections: “posts-public/{id}” and “posts-private/{id}”. Or you might use subcollections under the same id: “posts/{id}/public” and “posts/{id}/private”.

    Once you have the collections split, you can also protect them with different security rules that allow access to only what the user should be able to see. If you don’t want the user to see any private data at all, then that collection should simply not grant access.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search