是否只能在Firebase中接受来自我的应用程序的函数调用? [英] Is it possible to only accept function calls from my app in Firebase?
问题描述
我正在Unity中创建一个游戏,用户可以使用关卡创建者系统为关卡做出贡献.
I am creating a game in Unity where the user can contribute with levels using a Level Creator system.
我的应用程序的设置方式是,我只需要使用级别信息调用Cloud Function,它可以处理重复的条目并将其保存到Firestore.所有这些都完美地工作.
My application is setup in a way that I just need to call the Cloud Function with the level info, and it handles duplicate entries and saves it to Firestore. All of this works perfectly.
基本上,我的问题是:我能否仅仅接受我的游戏中的调用? (没有注册我的用户?).
My question, basically, is: can I have my functions only accept calls from my game? (without having my users registered?).
自然,我正在使用functions.https.onCall((data, context) => {}).在 Firebase的文档中,我注意到他们使用context.auth来检查是否用户是否通过身份验证.但是,我将此值记录到控制台中,它似乎是undefined.
Naturally, I am using functions.https.onCall((data, context) => {}). In the documentation for Firebase, I noticed they use context.auth to check whether the user is authenticated or not. However, I am logging this value to the console and it appears to be undefined.
我也对同一行的这一行感到困惑:
I am also confused with this line, from the same link:
对于可调用对象,Firebase身份验证和FCM令牌(如果可用)会自动包含在请求中.
With callables, Firebase Authentication and FCM tokens, when available, are automatically included in requests.
也许未定义context.auth是因为我的游戏尚未在Google Play/Apple Store中出现?有什么想法吗?
Maybe context.auth is not defined because my game isn't yet in Google Play / Apple Store? Any ideas?
推荐答案
不可能将可调用函数的调用限制为仅一个应用程序,并且该应用程序是否发布到任何商店都没有关系.部署功能后,具有互联网连接的任何人都可以访问它.
It's not possible to restrict invocations of a callable function to just one app, and it doesn't matter if the app is published to any stores. Once you deploy a function, it's accessible to anyone with an internet connection.
您能做的最好的事情就是要求您的用户通过您的 Firebase身份验证进行身份验证应用,然后在函数中检查context.auth以确定它是否应该执行用户想要的操作.如果不进行身份验证,则context.auth将是未定义的.如果您的代码确定该功能不应继续进行,则可以提早返回.但是该函数仍被调用.
The best you can do is require your users to be authenticated with Firebase Authentication in your app, then check context.auth in the function to determine if the it should do what the user wants. context.auth will be undefined in the case of no authentication. If your code determines that the function should not go any further, you can return early. But the function is still invoked.
这篇关于是否只能在Firebase中接受来自我的应用程序的函数调用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
