Lesson 13

Configuring for Production

Making sure the app works in a production environment


Lesson Outline

Updating Security Rules

At the moment, our Firestore security rules define the admin user as [email protected] (well, mine do - hopefully yours use your own email address) That's not going to work so well for our actual client. If they attempt to authenticate with their own Google account, they aren't going to be able to access anything. We will need to update this to use the clients email address.

Project management

Make sure to create an issue and task branch for this work, e.g:

chore: update security rules with clients email address

Update firestore.rules to use the clients email address (assuming that you aren't actually delivering this app to someone else, you might test this by using a different email address that you own)

rules_version = '2';
service cloud.firestore {

  match /databases/{database}/documents {

    match /{document=**} {
      allow read, write: if isAdmin();

  function isAdmin(){
  	return request.auth != null && request.auth.token.email == '[email protected]' && request.auth.token.email_verified;

Now let's run our Firestore security rules tests to see if this breaks anything:

npm run test:rules

and indeed it does break things:


Thanks for checking out the preview of this lesson!

You do not have the appropriate membership to view the full lesson. If you would like full access to this module you can view membership options (or log in if you are already have an appropriate membership).