ESC
React Native Starter AI logo
Menu
On this page

Features > Database

React Native Starter AI uses Firebase Firestore as its database. To set it up, you only need to activate the Firestore service on your Firebase project. The configuration of collections will be done automatically.


Firestore Setup


If you haven't done yet, enable Firebase Firestore like below on Firebase Console:


Firebase dashboard enable firestore

Collection Schemas


Below you can find the basic data schemas come with the boilerplate, which required for a generic AI app. Using the user collection, you can check whether users have subscriptions and manage their credit amounts. The chat collection allows you to store conversations between users and the AI assistant, enabling users to continue their chat sessions later.


User schema

/user
1type User = { 2 credit: number; 3 isPro: boolean; 4 // imageCreated: number; 5}

Chat schema

/chat
1type Chat = { 2 conversation: { 3 date: string; // timestamp 4 message: string; 5 role: string; // assistant or user 6 }[]; 7 isWaitingAiBot: boolean; 8}

RevenueCat schemas

Schemas revenuecat_customers and revenuecat_events collections are created and managed by RevenueCat Firebase Extension.


Security Rules


Many developers new to Firebase or similar serverless services often make the mistake of not properly defining database rules. This can lead to data breaches or data loss issues.


To avoid such issues, itโ€™s crucial to define strict security rules for your Firestore database. But with React Native Starter AI, you don't need to worry at all! Just check the react-native-starter-backend/firestore.rules


If you are going to create extra collections, you can follow the same idea in the existing firestore.rules and new rules for your new collections.


Below there are two most common ways to secure your app and your users.


firestore.rules
1... 2 match /user/{uid} { 3 allow read: if request.auth.uid == uid; 4 } 5 6 match /chat/{uid} { 7 allow read, write: if request.auth.uid == uid; 8 } 9...

To ensure security, a user should only have read-only access to their own user document. This is because the user document contains sensitive information such as credits and subscription details, which should only be modified by the backend. Otherwise, a malicious user could give themselves unlimited credits or update their subscription status without payment.


However, for the chat documents, allowing users to write to their own documents does not pose a significant risk since they cannot sabotage the application with these changes.