如何使用管理员权限模拟来自Firebase Cloud Function的数据库身份验证? [英] How to impersonate the database authentication from Firebase Cloud Function with admin privileges?

问题描述

我有一组Firebase函数，可以用作应用程序的API.

I have a set of Firebase Functions that works as an API for an application.

这些Firebase函数以管理员权限连接到数据库，如下所示:

These Firebase Functions connect to the database with admin privileges as this:

const serviceAccount = require(`./config/xxx-firebase-adminsdk.json`);
admin.initializeApp({
  credential: admin.credential.cert(serviceAccount),
  databaseURL: DATABASE_URL,
});

我能够创建自定义令牌，并且正在服务器中接收/解码该令牌，但是由于Firebase函数已通过管理员权限进行了身份验证，因此我无法利用安全规则.

I was able to create a custom token and I'm receiving/decoding it in the server but I cannot make use of the security rules because the Firebase function is authenticated with admin privileges.

访问数据库时，是否可以模拟凭据或通过其他用户?

Is there a way of impersonating the credentials or maybe pass a different user when accessing the database?

推荐答案

您可以使用

如果已经初始化默认实例，则需要

"some-other-name".有关更多详细信息，请参见 initializeApp().

"some-other-name" is required if you've already initialized the default instance. See initializeApp() for more details.

您显然必须知道经过身份验证的用户的UID才能进行此工作.另外，应该清楚的是，每次要与其他用户一起做某事时，都必须初始化SDK，这意味着您将必须在UID可能不同的每个函数调用上初始化.

You obviously have to know the UID of the authenticated user in order to make this work. Also, it should be clear that you have to init the SDK every time you want to do something with a different user, which means you're going to have to init on every function call where the UID could be different.

这篇关于如何使用管理员权限模拟来自Firebase Cloud Function的数据库身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！