https://i.sstatic.net/vim7m.png
During the initial 10 days of working on the project, I noticed a consistent range of reads between 100 - 300 per day while regularly refreshing documents from firestore. Days 11-15 were spent away from the project visiting family. On day 16, I briefly launched the project for fifteen minutes without making any changes (not realizing a spike in activity since it wasn't over quota and I wasn't actively developing or monitoring). However, today while focusing on the project, I suddenly hit my free quota limit due to a spike that occurred within two hours of starting work.
I suspect that the increased reads are originating from the clientList component in my Next.js app:
let unsubscribe;
const Clients = () => {
const classes = useStyles();
firebase.auth().onAuthStateChanged(function (user) {
if (user) {
const db = firebase.firestore();
unsubscribe = db.collection("users")
.doc(user.uid)
.collection("clients")
.onSnapshot((snap) => {
const clients = snap.docs.map((doc) => ({
id: doc.id,
...doc.data(),
}));
unsubscribe();
setClients(clients);
});
} else {
[];
}
});
const [clients, setClients] = useState([]);
return (
<Fragment>
{clients.map((client, i) => (
<Paper className={classes.paper} key={client.id}>
<Typography
className={client.name}
color="textSecondary"
gutterBottom
>
{client.name}
</Typography>
</Paper>
))}
</Fragment>
);
};
export default Clients;
Feeling panicked, I reverted my security details from:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid != null;
}
match /users/{userId}/clients/{document=**} {
allow read: if request.auth.uid == userId;
}
}
}
back to this:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone with your database reference to view, edit,
// and delete all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// all client requests to your Firestore database will be denied until you Update
// your rules
match /{document=**} {
allow read, write: if request.time < timestamp.date(2019, 9, 10);
}
}
}
I made this change until I can verify that my original security rules were sufficient. My last commit to clientList.js was on day 10. Today, while working on the project, I was focused on implementing a feature unrelated to clientList.js or Firestore - specifically showing and hiding a form using a button.
I do not use the firebase CLI currently, and typically have one firestore dashboard chrome window open and one localhost window open during development (similar to the previous ten days when no issues arose regarding quota). There were no unauthorized authenticated users and anonymous authentication is not enabled.
If anyone has suggestions on troubleshooting this issue, I would greatly appreciate it.