Firebase:存储房间密码的方法 [英] Firebase: approach to storing room passwords
问题描述
我正在使用 Firebase 和 Angular5 构建一个网络应用程序.我想创建/加入私人房间(受密码保护).
I'm building a web application with Firebase and Angular5. I want to make possible to create/join private rooms (protected by password).
目前我正处于设计数据库的阶段,无法真正了解如何检查用户输入正确的房间密码而不实际从 firebase 数据库中检索它(从而使其完全不安全).
Currently I am at the stage of designing the database and can't really see how I can check user entering the correct room password without actually retrieving it from the firebase database (thus making it completely insecure).
我是否应该为此使用云功能.或者可以直接使用 firebase 完成而我遗漏了什么?
Should I employ cloud functions for that matter. Or can it be done directly with firebase and I'm missing something?
推荐答案
您可以在 firebase 中执行此操作.
You can do this in firebase.
假设您的数据库的一部分布局如下:
Suppose part of your DB is laid out like :
/chatRooms/$roomID/password = $PASSWORD
/chatRooms/$roomID/password
的读/写权限被授予聊天室所有者.
Read/write permission to /chatRooms/$roomID/password
is granted to the chatroom owner.
要成为聊天室的成员,您必须将文档添加到:chatRooms/$roomId/users/$userId
使用以下验证:
To become a member of a chatroom, you must add a document to:
chatRooms/$roomId/users/$userId
with the following validation:
条目的 userId 必须是当前用户,并且密码字段必须等于密码.验证规则可以访问数据库中的任何数据,即使用户无法访问数据.
The entry's userId must be the current user, and the password field must equal the password. A verification rule can access ANY data in the database, even if the user cannot access the data.
下面是一个(未经测试的)示例,将展示基本原理.
Below is an (untested) example that will show the basic principles.
简而言之:
- 只有聊天室管理员可以设置密码.没有人可以阅读它.
- 如果用户的 uid 在成员集合中,则用户可以读取聊天数据
- 要将成员添加到集合中,他们必须输入密码,等于(当时)房间密码
代码:
"chatrooms" : {
"$room_id" : {
"chat data" : {
".read" : "root.child('/chattrooms/' + $room_id + '/members/' + auth.uid).exists()"
},
"password": {
".read": "false",
".write": "root.child('/chattrooms/' + $room_id).child('admin').val() == auth.uid"
},
"members" : {
"$user_id" : {
".validate": "$user_id == auth.uid && newData.val() == root.child('/chattrooms/' + $room_id + '/password').val()"
}
}
}
}
这篇关于Firebase:存储房间密码的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!