nudge | notes & friends

n.
sign in to sync across devices & share notes
or use as guest (local only, no sync)
or
guest mode: notes saved locally only, lost on sign in
groups need write access to firestore. go to your firebase console → firestore → rules, and replace your rules with the following:
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    // Users — own data only
    match /users/{uid} {
      allow read: if request.auth != null;
      allow write: if request.auth != null && request.auth.uid == uid;
    }

    // Usernames — anyone authenticated can read; write only to claim your own
    match /usernames/{username} {
      allow read: if request.auth != null;
      allow create: if request.auth != null
        && request.resource.data.uid == request.auth.uid;
      allow delete: if request.auth != null
        && resource.data.uid == request.auth.uid;
    }

    // Friendships
    match /friendships/{fsId} {
      allow read, write: if request.auth != null
        && request.auth.uid in resource.data.users;
      allow create: if request.auth != null
        && request.auth.uid in request.resource.data.users;
    }

    // Friend requests
    match /friendRequests/{reqId} {
      allow read: if request.auth != null
        && (resource.data.from == request.auth.uid
            || resource.data.to == request.auth.uid);
      allow create: if request.auth != null
        && request.resource.data.from == request.auth.uid;
      allow update: if request.auth != null
        && (resource.data.from == request.auth.uid
            || resource.data.to == request.auth.uid);
    }

    // Feed posts
    match /feed/{postId} {
      allow read: if request.auth != null;
      allow create: if request.auth != null
        && request.resource.data.uid == request.auth.uid;
      allow delete: if request.auth != null
        && resource.data.uid == request.auth.uid;
      // Comments
      match /comments/{commentId} {
        allow read: if request.auth != null;
        allow create: if request.auth != null;
      }
    }

    // Messages
    match /messages/{msgId} {
      allow read: if request.auth != null
        && (resource.data.from == request.auth.uid
            || resource.data.to == request.auth.uid);
      allow create: if request.auth != null
        && request.resource.data.from == request.auth.uid;
      allow update: if request.auth != null
        && (resource.data.from == request.auth.uid
            || resource.data.to == request.auth.uid);
    }

    // Notifications
    match /notifications/{uid}/items/{notifId} {
      allow read, write: if request.auth != null
        && request.auth.uid == uid;
    }

    // Groups — members can read/write; anyone authenticated can create
    match /groups/{groupId} {
      allow read: if request.auth != null
        && request.auth.uid in resource.data.members;
      allow create: if request.auth != null
        && request.auth.uid in request.resource.data.members;
      allow update: if request.auth != null
        && request.auth.uid in resource.data.members;
      allow delete: if request.auth != null
        && resource.data.ownerId == request.auth.uid;

      // Channels inside a group
      match /channels/{channelId} {
        allow read, write: if request.auth != null
          && request.auth.uid in get(/databases/$(database)/documents/groups/$(groupId)).data.members;

        // Messages inside a channel
        match /messages/{msgId} {
          allow read, write: if request.auth != null
            && request.auth.uid in get(/databases/$(database)/documents/groups/$(groupId)).data.members;
        }
      }
    }

    // Presence / lastSeen inside users doc (already covered above)
  }
}