We’re happy to announce a new feature that gives you more power and flexibility when writing your Security and Firebase Rules! Specifically, we’re expanding the operations you can use for validating string data. You can now use .length, .contains(), .beginsWith(), .endsWith(), .replace(), .toLowerCase(), and .toUpperCase() to examine and manipulate strings. Here are a few examples of what you can do with the new operations:

Ensure only a string of at least 10 characters can be written:

".validate": "newData.isString() && newData.val().length >= 10"

Allow read access only if auth.identifier ends in @company.com:

".read": "auth.identifier.endsWith('@company.com')”

Normalize an email address and check for its existence under /users/:

".read": "root.child('users').child(auth.email.replace('.', ',').toLowerCase()).exists()"

For full details and more examples, see the documentation. And let us know what you’d like to see next!