I want to build an app (in react js) for myself, my family, and some close friends (+/- 40 people). But having this app live, anyone could go on the apps web address and submit a sign up form, and yes I can write db rules that would prevent reading and mutating the data. But still the unknown user would have an empty account created. And yes if they login they would see nothing, but I don’t want them to even have an account. My idea is have a table/document with known e-mails, and only allow sign up to users if their e-mail match the one in this table/document. As the way I understand this would filter out any possible unknown “user” actors from having an account on my app. Another implementation I’m thinking of doing is when I add the e-mail to this list the e-mail owner would receive an e-mail that contains an invite link to sign up.
Now my question are:
Is this doable ?
If so how can I do this utilizing supabase with prisma ? And or can this be done in firebase ? I know these are 2 different worlds, but at the moment these are my only db options.
If y’all can point me in the right direction, what to research, or what step I should take; I would more than grateful.
I tried googling, but found nothing so far.
2
Answers
On Firebase you can use the new’ish blocking Cloud Functions to determine whether somebody can create or sign in to an account. With these you write your own code that determines exact who/what is allowed and who/what isn’t.
For more on this, see the Firebase documentation on extending Firebase Authentication with blocking Cloud Functions
You can definitely do this with Supabase. There are a few ways to create this type of environment.
You invite the users just from the server i.e inviteUserByEmail().
If you want to have a fixed list, then you can create an RPC function to auto-delete unwanted users:
Then, you can create a function
handle_new_user()that drops the user if they don’t belong to your list. Example: