Firebase Firestore / Realtime DB: allow write to only a specific admin user

Question

I have set up a basic client app with form fields to enter some data. I use only vanilla js and firebase SDKs from CDN in frontend without any kind of backend. I managed to create signin / signup with email/password and I can send data to RealtimeDB and get Data back.

Now, I would like to configure rules to enable only write access to the db with my specific admin user (me), that I registered before with my email. Is there some way to configure rule for my email only? Or maybe for some tokenID? When I login, I get back an idToken (that contains my mail and I guess identifies me uniquely). Can I check for either my mail or that tokenID on the Backend Database rules configuration somehow? And how would I do this?

Here is my register/login code:

$("#register").submit(function(event) {
    event.preventDefault();
    let inputs = $("#register :input.form-control");
    console.log(inputs);
    var values = {};
    inputs.each(function() {
            values[this.name] = $(this).val();
    });

    axios.post(
        "https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=XXXX",values)
    .then(res => console.log("auth result:",res))
    .catch(err => console.log(err));
})

$("#login").submit(function(event) {
event.preventDefault();
let inputs = $("#login :input.form-control");
console.log(inputs);
var values = {};
inputs.each(function() {
        values[this.name] = $(this).val();
});
console.log("values:", values);
axios.post(
    "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=XXXX",values)
.then(res => console.log("auth result:", res))
.catch(err => console.log(err));

})

get: (same set) but without idToken atm:

axios.get("https://XXX.firebaseio.com/XXX.json")
.then(result => console.log(result))
.catch(err => console.log(err));

and btw, what is the right url to make requests with tokenID?

Answer 1

Edit: I Try to post my own solution, as I am using specific REST routes from google to enable login and register, I could only use the login with my already registered admin-only email. Then, I get back an idToken which I could decode client-side, so I get back an user.uid and I could hardcode that uid in my frontend (to always check for that uid, and only then enable client-side formular editing for example), which I could use to pass the uid along with the data. Then, on the firebase backend, I can check if that uid matches the request uid (but I am not sure how that is sent, maybe automatically with the request?).

Secondly, I would have to use the auth SDK which is probably simpler, but then I would have to show my firebase config in frontend, but maybe that does not matter if I restrict writes only to me, and maybe ready only to registered users? But that config could be used to create any arbitrary new collections, is that right? Is there anybody who knows the solution?