如何限制用户根据Firebase规则中的电话号码读写数据 [英] How to restrict users to read/write the data based on phone number in Firebase rules

问题描述

当前，我已经实现了一个类似于下面的项目文件夹结构

Currently, I have implemented a project folder structure similar to the below

项目文件夹结构

我已在代码中添加了电话身份验证.

I have added the Phone authentication in my code.

现在，借助Firebase规则，我想限制我的用户基于经过身份验证的电话号码访问孩子(电话号码1).

Now with the help of Firebase rules, I would like to restrict my users to access the child (Phone number 1) based on authenticated phone number.

例如，如果我使用电话号码"9999999999"登录，那么我想限制用户只能访问Firebase规则中的"9999999999"子级.

For instance, if I log-in with phone number "9999999999" then I would like to restrict the user to access only the child of "9999999999" in Firebase rules.

您能在这里建议我提高这里的安全性吗?

Could you suggest me here to improve the security here.

推荐答案

您可以从

You can access the phone number from the users auth object so using this you can do the limiting in security rules. Below are examples in Firestore, RTDB and Storage

Firestore

Firestore

match /databases/{database}/documents {
    match /users/{phoneNumber} {
      allow read, write: if request.auth.token.phone_number == phoneNumber;
    }
}

实时数据库

{
    "rules" : {
        "users" : {
            "$phoneNumber" : {
                ".read" : "request.auth.token.phone_number == $phoneNumber",
                ".write" : "request.auth.token.phone_number == $phoneNumber"
            }
        }
    }
}

存储

service firebase.storage {
    match /b/{bucket}/o {
        match /users/{phoneNumber} {
            allow read, write: if request.auth.token.phone_number == phoneNumber;
        }
    }
}

这篇关于如何限制用户根据Firebase规则中的电话号码读写数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！