How could I provide security while signing up users? (example: each username must be different, email must be valid, etc)

Question

I'm making a simple social media app. Now I'm trying to provide security while registering users. I'd like something like. By the way, JUST code for when things go wrong, like if username exists in db, not when things go right for example: Auth.auth().crateUser()

if username already exists in db {
    (dont let user register.)
} else {
    (let user register)
}

if email is not valid {
    (dont let user register.)
} else {
   (let user register)
}

Something like that. I'm thinking maybe using alerts, etc.

Any answer is VERY appreciated...

Answer 1

You can tell Firebase Authentication to only allow a single user with each specific email address to register in your project. You do this by enabling the One account per email address setting in the authentication providers panel in the Firebase console.

If you mean with email validation that you want to ensure the user actually has access to the mail address that they enter, that is called email verification in Firebase. Firebase doesn't require that the user verifies their email address before they can sign in. But if your application requires that, you can tell Firebase to send a verification email from within the app. Then when the user clicks the link in that email, a property is set on their account that you can then check in your code (or in the server-side security rules if you're using the Realtime Database, Cloud Firestore, or Cloud Storage). For more on this flow, see the blog post Email Verification in Firebase Auth.

An alternative to this flow is to use Firebase's newer Email link provider. This prevents the need for the user to enter a password, instead using an email with a link for them to sign in. This automatically then also sets their email address to verified.