Firebase query (in Swift) to find specific value within all users of an app

Question

I am relatively new to Swift and Firebase and I am looking for a way to query the Firebase database to find a specific value. In the context of the app I am developing, when a user signs up, he must choose a username and we want to verify in the database that no other user already has the chosen username. My database structure looks as so :

Let's say I am registering in the app and I would like my username to be "mike". I want the app to search in all the "username" fields in the database to check if "mike" is already taken, but my Firebase code doesn't work :

let queryRef = FIRDatabase.database().reference().child("users")
    queryRef.queryOrdered(byChild: "username")
        .queryEqual(toValue: self.username.text)
        .observeSingleEvent(of: .value, with: { snapshot in
            if snapshot.exists()
            {
                print(snapshot)
            }
        })

Everything after "snapshot in" doesn't even get executed (it jumps over the instruction set). For now, before doing the actual check, I am just testing to try and print the "snapshot" value but it never gets printed .

I set my DB rules as so since the "username" key needs to be accessible to anyone trying to query it :

{
  "rules": { 
    "users": {
      "$uid": {

        "email": {
          ".read": "$uid === auth.uid",
          ".write": "$uid === auth.uid",  
        },
        "username": {
          ".read": true,
          ".write": "$uid === auth.uid",  
        }

      }
    }     
  }  
}

It is important for me here to keep everything private except for the "username" key. In this example I only have the "email" and "username" keys for simplicity purposes, but in my actual app I have way more (first name, last name, date of birth, phone number, etc.)

Any help at this point will be appreciated. Thank you very much

Answer 1

I don't think this is possible.

From the Firebase Documentation:

Rules are applied in an atomic manner. That means that a read or write operation is failed immediately if there isn't a rule at that location or at a parent location that grants access. Even if every affected child path is accessible, reading at the parent location will fail completely.

In your case as you are trying to filter by the username but there's not rule for the parent node users you will not be able to complete the filtering as it will fail for PERMISSION_DENIED.

You could although access users/a_valid_uid/username as the whole path is accesible.

Something you could do as a workaround for this is having a separate node containing only the usernames and making this available to the public to read.

You can see the complete documentation about Firebase rules here.

Note: You can make use of the Firebase Rules simulator to test your rules before deploying them.