firebase to build a basic card game

Question

I recently discovered Firebase and I wonder if it could be used to build a "basic" card game application with the following criterias:

• assign X cards to each players in the game
• each cards must be unique and must be part of a deck
• each players can't know which cards each players have

Here is a deck of cards: [0,1,3,4,5,6,7,8,9,10]

Here is players cards : {player1: [1,6,8],player2:[0,2,3],player3:[9,7,10]}

I have no idea how I can assign cards to each player whithout reveal the cards from one player to another.

As an example : The first player could be the one who assign cards to the other players and then the one who persist the cards in Firebase. As it is the client who is doing this operation, the cards are not kept secret.

My question is : how can we handle such applications (if we can) without an external API using Firebase couple with some client code?

Answer 1

You could make this considerably simpler by simply using a node.js script to assign the cards randomly to players.

However, you could accomplish this fairly well with security rules using the following process:

1. Generate a couple hundred/thousand "random_decks" manually by writing a quick JavaScript to randomly order the cards in each deck (use the push() command in Firebase); simultaneously generate the card_names/ values so the random ids in each deck map to a specific (unknown) card
2. Have the "dealer" pick the next available deck (and move it to a new path where used decks are stored)
3. When players want to draw cards, they remove it from the game_deck to their "hand"; they won't know which card it is until it is placed in their hand
4. Players cannot delete cards from their hand once they are claimed so there would be no way to trade up
5. Only allow the face values of the cards to be read after they have been drawn, so only the owner can read which cards he has until the "reveal"
6. Once the cards are revealed, perhaps all players can read anything in their "deck" to see which cards belong to whom (assuming a reveal is appropriate in the game)

The data structure would look something like this:

/random_decks/$game_id/$random_generated_id
/game/$game_id/deck (move deck here when it is claimed)
/my_hand/$user_id/$game_id/$random_generated_id (once card is here, I can read card_names)
/card_names/$game_id/$random_generated_id (real card name goes here)

The security rules would be things similar to these:

// game_deck/$game_id
// can only be copied from random_decks
".write": "root.child('random_decks/'+$game_id).exists()" 

// game_deck/$game_id/deck/$random_generated_id
// must exist in random_decks/$game_id to create it here
".write": "root.child('random_decks/'+$game_id+'/$random_generated_id).exists()"

// random_decks/$game_id
// can only delete pre-generated decks (should be done after copying to a game)
".write": "!newData.exists()" 

// card_names/$game_id/$random_generated_id
// can only read it if I own the card
".read": "root.child('my_hand/'+auth.uid+'/'+$game_id+'/'+$random_generated_id).exists()"
// or maybe if the game has reached the "reveal" phase
".read": "root.child('game_deck/'+$game_id+'/revealed').val() === true"

Hopefully that will get you started.