#community-help

Filtering User Access in Typesense with Firebase

TLDR Mateus queries about using Typesense to restrict user view by company ID. Jason suggests using scoped API keys, and generating these keys with Firebase functions. However, Mateus faces challenges with user authorization and Firebase functionality. The issue remains unresolved.

21mo

Join the chat

Apr 22, 2022 (21 months ago)

Photo of md5-059a5ff7a7f13cd050d3311465cc3974

Mateus

01:17 PM

Hi everyone, I have a system that I have different users and these users have different id companies, when I add a document in typesense it shows it to everyone and that can't happen.
How can I filter by user's company ID?

Photo of md5-8813087cccc512313602b6d9f9ece19f

Jason

01:18 PM

You can use scoped api keys to restrict which users have as to specific records: https://typesense.org/docs/0.22.2/api/api-keys.html#generate-scoped-search-key

Mateus

01:37 PM

Can I do this on front-end? something like a filter in hits. I think that is the only way that I can get the company ID. I'm using typesense with firebase

Jason

01:42 PM

You would have to generate the scoped api key with an embedded filter on the backend so you don't expose the parent search key. Then you'd use the scoped api key on the FE

Mateus

01:55 PM

That's the point, we don't have backend 😆, only front-end + firebase.

Jason

01:56 PM

Firebase would be your backend… you'd create these scoped api keys in your Firebase functions

Mateus

02:11 PM

Oh, I see, so the response, do I put the key here?
const typesenseInstantsearchAdapter = new TypesenseInstantSearchAdapter({
server: {
apiKey: // scoped api key
...

Jason

02:12 PM

Correct

Mateus

02:48 PM

I see, I think the only problem is get the company ID when the user log in, because firebase cloud functions doesn't have any trigger to show who is the user who is currently logged in.

Jason

02:58 PM

When the user logs in, you could have the same function that handles the login also create a scoped api key for that user and send it to the frontend. Similarly, when a logged in user loads the page, the function that checks if the user is logged in or not, can also create a scoped api key for the user if they are logged in.

Or may be there's a separate function that just generates scoped API keys for logged in users. The FE makes calls to this function for logged in users

Mateus

03:05 PM

hm, I didn't know that, I'II check out.
thanks for the help dude, I really appreciated that

Jason

03:05 PM

Happy to help!

Mateus

03:21 PM

When you said the same function that handles login, are you talking about that?
https://firebase.google.com/docs/auth/web/password-auth

Jason

03:23 PM

Actually yeah, whatever function that code runs in

Mateus

06:43 PM

Hey again, I don't know if I'm doing it right, but I'm doing it

06:43

Mateus

06:43 PM

and i get this error

Jason

07:25 PM

That method doesn't work in the browser

07:25

Jason

07:25 PM

It will only run in a nodejs environment

Mateus

07:42 PM

Oh, it's because all the solutions you mentioned like the handle login function, or checking if the user is connected, all of them are done by the front end, this is my difficulty at the moment :s

Jason

07:57 PM

Oh I see... Is there no way to check if a user is logged in or not in a Firebase function?

Mateus

08:32 PM

No 🙁

Jason

08:34 PM

Looks like there's a workaround: https://stackoverflow.com/a/56023902/123545

08:35

Jason

08:35 PM

Within that function, once you've authenticated the user, you'd generate a scoped api key for that user

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 3015 threads (79% resolved)

Join Our Community

Similar Threads

Firebase Auth with Typesense Extension for Firestore.

DomijKu seeks ways to handle Firebase Auth with Typesense for Firestore, aiming to restrict search based on user roles and log-in status. Jason provides guidance, suggesting the use of scoped API keys, Google Cloud functions for verifying Firebase Auth, and storing user-specific information in each record.

14mo

Trouble with Scoped Search API Keys in Flutter App

Shane struggled with scoped search API keys in Typesense library for a Flutter app, which returned a 401 error. Jason identified that the error may be a result of an invalid filter within the key, and instructed to create separate keys for different permissions. On implementation, the error was resolved.

5mo

Resolving Issues with Scoped API Keys in Typesense with Golang

Suvarna had problems with generating and using scoped API keys in Typesense with Golang. Several bugs misleading the user were found and fixed by Kishore Nallan.

158

28mo

Issues with Generating Scope API Keys in Python

Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.

19mo

Correct API Key Generation and Usage on Cloud

Tom faced 401 errors while creating keys via the Cloud API. Kishore Nallan clarified the correct syntax and mechanics, and identified a header mislabeling on Tom's part that caused the issue. They also discussed using scoped API keys.

14mo