具有Facebook身份验证和唯一ID的Firebase规则 [英] Firebase Rules with facebook Authentication and Unique IDs
问题描述
我正在寻找收紧我的Firebase规则的一些建议或可能的解决方案.
I'm looking for some advice or a possible solution with tightening up my firebase rules.
这是我在Firebase中的用户树:
This is my user tree in Firebase:
users
|_male
|_uid
|_female
|_uid
创建帐户时,UID将是一个纪元时间戳,它将是一个带符号的整数.
The UID will be an epoch timestamp when the account is created which will be a signed integer.
以下是firebase规则,这些规则基本上可以确保用户在可以读写用户之前已登录Facebook并通过Facebook进行身份验证:
These are the firebase rules which basically ensures the user has logged in and authenticated with Facebook before they can read or write to users:
"users": {
"male":{
".indexOn": ["uid"]
},
"female":{
".indexOn": ["uid"]
},
".read": "auth != null && auth.provider === 'facebook'",
".write": "auth != null && auth.provider === 'facebook'"
},
我只希望用户读取/写入其树,例如:
I only want users to read/write to their tree, for example:
users->male->uid->1233254...
我担心上述规则,它们可能会与其他用户树进行读写.
I'm afraid with my rules above, they could potentially read and write from/to another users tree.
如果我可以将应用程序的UID与Facebook的UID进行比较,那就太好了.我确实在数据库的另一棵树中捕获了此详细信息,例如:
It would be great if I could compare the app UID with the Facebook UID. I do capture this detail in another tree on the database e.g:
user_fbuid
|_fbuid
|_facebook:a1244dxs
|_uid
我确实有更好的规则来检查 auth.uid
:
I do have better rules here that check against auth.uid
:
"user_fbuid": {
"fbuid":{
"$fbuid": {
".indexOn": ["fbuid"],
".read": "$fbuid === auth.uid && auth.provider === 'facebook'",
".write": "$fbuid === auth.uid && auth.provider === 'facebook'"
}
},
},
如果有人有任何想法,我很想听听.谢谢
If anyone has any ideas, I'd love to hear. Thanks
推荐答案
我最终将facebook id属性用作自己的uid和以下规则:
I ended up using the facebook id attribute as my own uid and the rules below:
"$uid": {
// only the user can read and write to their tree
".read": "auth != null && auth.provider === 'facebook' && auth.token.firebase.identities['facebook.com'][0] === $uid",
".write": "auth != null && auth.provider === 'facebook' && auth.token.firebase.identities['facebook.com'][0] === $uid"
},
这篇关于具有Facebook身份验证和唯一ID的Firebase规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!