具有Facebook身份验证和唯一ID的Firebase规则 [英] Firebase Rules with facebook Authentication and Unique IDs

问题描述

我正在寻找收紧我的Firebase规则的一些建议或可能的解决方案.

I'm looking for some advice or a possible solution with tightening up my firebase rules.

这是我在Firebase中的用户树:

This is my user tree in Firebase:

users
    |_male
         |_uid

    |_female
         |_uid

创建帐户时，UID将是一个纪元时间戳，它将是一个带符号的整数.

The UID will be an epoch timestamp when the account is created which will be a signed integer.

以下是firebase规则，这些规则基本上可以确保用户在可以读写用户之前已登录Facebook并通过Facebook进行身份验证:

These are the firebase rules which basically ensures the user has logged in and authenticated with Facebook before they can read or write to users:

"users": {
       "male":{
          ".indexOn": ["uid"]
       },
       "female":{
         ".indexOn": ["uid"]
       },
       ".read": "auth != null  && auth.provider === 'facebook'",
       ".write": "auth != null && auth.provider === 'facebook'"
},

我只希望用户读取/写入其树，例如:

I only want users to read/write to their tree, for example:

users->male->uid->1233254...

我担心上述规则，它们可能会与其他用户树进行读写.

I'm afraid with my rules above, they could potentially read and write from/to another users tree.

如果我可以将应用程序的UID与Facebook的UID进行比较，那就太好了.我确实在数据库的另一棵树中捕获了此详细信息，例如:

It would be great if I could compare the app UID with the Facebook UID. I do capture this detail in another tree on the database e.g:

user_fbuid
         |_fbuid
               |_facebook:a1244dxs
                                 |_uid

我确实有更好的规则来检查 auth.uid :

I do have better rules here that check against auth.uid:

"user_fbuid": {
      "fbuid":{
        "$fbuid": {
          ".indexOn": ["fbuid"],
          ".read": "$fbuid === auth.uid && auth.provider === 'facebook'",
          ".write": "$fbuid === auth.uid && auth.provider === 'facebook'"
       }
   },
},

如果有人有任何想法，我很想听听.谢谢

If anyone has any ideas, I'd love to hear. Thanks

推荐答案

我最终将facebook id属性用作自己的uid和以下规则:

I ended up using the facebook id attribute as my own uid and the rules below:

"$uid": {
          // only the user can read and write to their tree
          ".read": "auth != null  && auth.provider === 'facebook' && auth.token.firebase.identities['facebook.com'][0] === $uid",
            ".write": "auth != null  && auth.provider === 'facebook' && auth.token.firebase.identities['facebook.com'][0] === $uid"
        },

这篇关于具有Facebook身份验证和唯一ID的Firebase规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！