javascript – How to secure Firestore Database when communicating between Mobile App, Web App, and Node js project?

I have a node js project that tracks data and writes to my Firestore database. The mobile app and web app read the data from the Firestore database and parse to make graphs, etc. Up to this point I haven’t really given the security much thought. I am looking at security rules and App Check. I am looking to have some rules that only the node js project, web app, and mobile app can read and write from the Firestore database. I am in unfamiliar territory and was wondering if anyone could give me some advice on which direction to go.

Currently my rules include:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read;
      allow write: if request.auth.uid == uid;
    }
  }
}

This did not bode over well with my node js project. I got the error:

@firebase/firestore: Firestore (9.23.0): GrpcConnection RPC 'Write' stream 0x86b8ac80 error. Code: 7 Message: 7 PERMISSION_DENIED: Missing or insufficient permissions.
[FirebaseError: 7 PERMISSION_DENIED: Missing or insufficient permissions.] {
  code: 'permission-denied',
  customData: undefined,
  toString: [Function (anonymous)]
}

While I can fix this error, I am not sure I am even going the correct direction. Thanks in advance for any help you can provide.