Core Services
| Service | Use |
|---|---|
| Firebase Authentication | User sign-in and identity |
| Cloud Firestore | Application records and operational data |
| Firebase Storage | Profile pictures and uploaded assets where used |
Rules & Deployment
Separate deployment: Cloudflare Pages deploys the frontend only. Firestore security rules must be published in Firebase Console or through Firebase tooling.
- Test rules before production.
- Use least-privilege access.
- Separate demo and production data behavior.
- Never display sample records in production mode.
- Add backup and recovery procedures.
Known Lessons
- “Missing or insufficient permissions” usually indicates Firestore rules or user-role mismatch.
- UI duplicates may not reflect duplicate Firestore records; inspect rendering and listeners.
- Deletion, resources, and reports-to behavior must be tested end-to-end.