JhaSourav07 · Pranavms09 · Apr 19, 2026 · Apr 19, 2026 · Apr 20, 2026
diff --git a/.env.example b/.env.example
@@ -0,0 +1,11 @@
+# Firebase config (required)
+VITE_FIREBASE_API_KEY=
+VITE_FIREBASE_AUTH_DOMAIN=
+VITE_FIREBASE_PROJECT_ID=
+VITE_FIREBASE_STORAGE_BUCKET=
+VITE_FIREBASE_MESSAGING_SENDER_ID=
+VITE_FIREBASE_APP_ID=
+
+# VITE_ADMIN_PASSWORD has been removed.
+# Admin authentication is now handled via Firebase Auth.
+# Create an admin user in your Firebase Console → Authentication.
diff --git a/.gitignore b/.gitignore
@@ -11,6 +11,9 @@ node_modules
 dist
 dist-ssr
 *.local
+.env
+.env.*
+!.env.example
 
 # Editor directories and files
 .vscode/*

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -89,8 +89,8 @@ VITE_FIREBASE_APP_ID=your_app_id
 # WalletConnect — Get a free Project ID at https://cloud.walletconnect.com
 VITE_WALLETCONNECT_PROJECT_ID=your_walletconnect_project_id
 
-# Admin Dashboard (can be any string for local dev)
-VITE_ADMIN_PASSWORD=any_local_password
+# Admin Dashboard — Authentication is handled via Firebase Auth. 
+# Create an admin user in your Firebase Console → Authentication.
 ```
 
 > ⚠️ **Never commit `.env.local` or any real API keys to the repository.** The `.gitignore` already excludes it, but please double-check before pushing.

diff --git a/firestore.rules b/firestore.rules
@@ -0,0 +1,23 @@
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+
+    // Anyone can submit feedback; only authenticated admin can manage it
+    match /feedback/{docId} {
+      allow create: if true;
+      allow read, update, delete: if request.auth != null
+                                   && request.auth.uid == "ADMIN_UID_PLACEHOLDER";
+    }
+
+    // Users collection — only the owner can read their own doc
+    match /users/{userId} {
+      allow read, write: if request.auth != null 
+                         && request.auth.uid == userId;
+    }
+
+    // Deny everything else by default
+    match /{document=**} {
+      allow read, write: if false;
+    }
+  }
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/lib/firebase.js b/src/lib/firebase.js
@@ -1,5 +1,6 @@
 import { initializeApp, getApps } from "firebase/app";
 import { getFirestore } from "firebase/firestore";
+import { getAuth } from "firebase/auth";
 
 const firebaseConfig = {
   apiKey:            import.meta.env.VITE_FIREBASE_API_KEY,
@@ -14,3 +15,4 @@ const firebaseConfig = {
 const app = getApps().length === 0 ? initializeApp(firebaseConfig) : getApps()[0];
 
 export const db = getFirestore(app);
+export const auth = getAuth(app);