Firebase:存储房间密码的方法 [英] Firebase: approach to storing room passwords
问题描述
我正在用Firebase和Angular5构建一个Web应用程序.我想创建/加入私人房间(受密码保护).
I'm building a web application with Firebase and Angular5. I want to make possible to create/join private rooms (protected by password).
目前,我正处于数据库设计阶段,无法真正看到如何检查用户输入正确的房间密码,而无需实际从firebase数据库中获取密码(因此使其完全不安全).
Currently I am at the stage of designing the database and can't really see how I can check user entering the correct room password without actually retrieving it from the firebase database (thus making it completely insecure).
我是否应该为此使用云功能.还是可以直接用firebase来完成,而我缺少了什么?
Should I employ cloud functions for that matter. Or can it be done directly with firebase and I'm missing something?
推荐答案
您可以在firebase中执行此操作.
You can do this in firebase.
假设您的数据库的一部分布局如下:
Suppose part of your DB is laid out like :
/chatRooms/$roomID/password = $PASSWORD
对/chatRooms/$roomID/password
的读/写权限已授予聊天室所有者.
Read/write permission to /chatRooms/$roomID/password
is granted to the chatroom owner.
要成为聊天室的成员,必须将文档添加到:
chatRooms/$roomId/users/$userId
并经过以下验证:
To become a member of a chatroom, you must add a document to:
chatRooms/$roomId/users/$userId
with the following validation:
条目的userId必须是当前用户,并且密码字段必须等于密码.验证规则可以访问数据库中的任何数据,即使用户无法访问数据也是如此.
The entry's userId must be the current user, and the password field must equal the password. A verification rule can access ANY data in the database, even if the user cannot access the data.
下面是一个(未试用的)示例,将显示基本原理.
Below is an (untested) example that will show the basic principles.
简而言之:
- 只有聊天室管理员可以设置密码.没有人可以阅读. 如果用户的uid在成员集合中,则
- 用户可以读取聊天数据
- 要将成员添加到集合中,他们必须输入密码(当时(等于)房间密码)
- only the chatroom admin may set the password. No one may read it.
- chat data can be read by a user if their uid is in the members collection
- to add a member to the collection, they must write a password, equal to (at the time) the room password
代码:
"chatrooms" : {
"$room_id" : {
"chat data" : {
".read" : "root.child('/chattrooms/' + $room_id + '/members/' + auth.uid).exists()"
},
"password": {
".read": "false",
".write": "root.child('/chattrooms/' + $room_id).child('admin').val() == auth.uid"
},
"members" : {
"$user_id" : {
".validate": "$user_id == auth.uid && newData.val() == root.child('/chattrooms/' + $room_id + '/password').val()"
}
}
}
}
这篇关于Firebase:存储房间密码的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!