Firestore limit writing access per time

Question

In the firestore security settings you can set conditions for writing/reading data.

Currently I have this piece:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if request.auth != null && request.time < 
                resource.data.timeCreated + duration.value(1, 'h');
      allow write: if request.auth != null;
    }
  }
}

Now I want to limit the writing; a user should only be able to send data every 5 minutes. How can I achieve this?

Answer 1

There is not a native way to do this.

You cannot for non-signed in users in any way that is not trivially bypassed. You could use Cloud Functions to achieve this for signed in users though.

Each user has a profile with next time they can write, along with the id of the document to write next.

• Use Rules on writes to check that the id doesn't already exist and it's >= the allowed time
• Use Cloud Functions on write to update the user profile document with a new allowed time and unique id for the next write