如何在Firestore上以有限的权限使用Admin SDK? [英] How to use Admin SDK with limited privileges on Firestore?
问题描述
我在使用Cloud函数和Firestore规则时遇到了一些麻烦. 我想在Firestore上使用具有有限特权的云功能并给 仅具有安全规则中定义的访问权限
I have some trouble with Cloud function and firestore rules. I would like use cloud function with limited privilèges on Firestore and give only has access as defined in the Security Rules
它在RTDB上正常运行,但在Firestore上却没有问题.
It's working without problem on RTDB but not on Firestore.
我尝试使用此规则
service cloud.firestore {
match /databases/{database}/documents {
match /init/{ID=**} {
allow read, write: if true;
}
match /test/{ID=**} {
allow read, write: if false;
}
}
}
还有
const admin = require('firebase-admin');
const functions = require('firebase-functions');
const FieldValue = require('firebase-admin').firestore.FieldValue;
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: 'https://******.firebaseio.com',
databaseAuthVariableOverride: {
uid: 'my-worker',
},
});
const db = admin.firestore();
exports.onTestRights = functions.firestore
.document('init/{initID}')
.onCreate((event) => {
const initID = event.params.initID;
return db.collection('test').doc(initID).set({'random key': 'random value'}).then(()=>{
console.log('working');
return;
}).catch((err) =>{
console.log('error: ', err);
return;
});
});
但是它仍然在写,所以应该拒绝权限"
But it's still writing so whereas it should be "permission denied"
有人知道这是正常的(还是尚未植入)在消防站上,还是我误解了某些东西?
Anyone know if it's normal(or not yet implanted) on firestore or I have misunderstood something ?
修改:
当然,我的最终目标不是使用此规则,而是仅使用(allow read, write: if request.auth.uid == 'my-worker';)
Of course my final goal is not with this rules, but only give write/read access on some documents/collections using (allow read, write: if request.auth.uid == 'my-worker';)
Edit2: 我想使用安全规则像处理事务一样检查交易,如果在使用此模型的过程中使用
I would like use the security rules for checking like a transaction if no change during process using this model
推荐答案
您已经注意到databaseAuthVariableOverride仅适用于实时数据库.现在,没有什么可以让您在Admin SDK中对Firestore进行相同的操作.
As you've noticed databaseAuthVariableOverride only works for the Realtime Database. There is nothing right now that allows you to do the same for Firestore in the Admin SDK.
如果要限制服务器代码上的访问权限,可以使用的一种解决方法是使用Client JS SDK而不是Firebase Admin,然后使用自定义令牌登录用户.这是执行此操作的示例代码:
One workaround you could use if you want to limit the access rights on your server code is to use the Client JS SDK rather than Firebase Admin and sign the user-in using a custom token. Here is a sample code to do this:
// Configure Firebase Client SDK.
const firebase = require('firebase/app');
require('firebase/auth');
require('firebase/firestore');
firebase.initializeApp({
// ... Initialization settings for web apps. You get this from your Firebase console > Add Firebase to your web app
});
// Configure Firebase Admin SDK.
const admin = require('firebase-admin');
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
});
// Create Custom Auth token for 'my-worker'.
const firebaseReady = admin.auth().createCustomToken('my-worker').then(token => {
// Sign in the Client SDK as 'my-worker'
return firebase.auth().signInWithCustomToken(token).then(user => {
console.log('User now signed-in! uid:', user.uid);
return firebase.firestore();
});
});
// Now firebaseReady gives you a Promise that completes with a authorized firestore instance. Use it like this:
exports.onTestRights = functions.firestore
.document('init/{initID}')
.onCreate(event => {
const initID = event.params.initID;
return firebaseReady.then(db => db.collection('test').doc(initID).set({'random key': 'random value'}).then(() => {
console.log('working');
return;
}).catch((err) =>{
console.log('error: ', err);
return;
});
);
});
这篇关于如何在Firestore上以有限的权限使用Admin SDK?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
