设置通过Firebase身份验证和存储上传文件的限制(中间没有服务器)? [英] Setting limits on file uploads via Firebase auth and storage without server in the middle?
问题描述
我正在学习有关Web应用程序中Firebase身份验证和存储的信息.我的想法是要求用户通过Firebase登录,然后上传图片.
I'm learning about Firebase auth and storage in a web app. My idea asks users to login via Firebase and then upload an image.
我可以从Firebase身份验证和存储中看到这一点.但是,我想限制它们可以上传的文件数量和文件大小.
I can see that this is possible from Firebase auth and storage. However, I would like to put limits on the file count and file-size they can upload.
是否可以在Firebase控制台(或其他位置)中控制上传?看完JavaScript示例之后,我了解了如何放入文件,并且可以想象编写代码来查询Firebase以获取用户的上传数量,然后限制客户端,但这当然是一种完全不安全的方法.
Is it possible to control uploads within the Firebase console (or somewhere else)? After reviewing the JavaScript examples, I see how I can put files in, and I can imagine writing code which would query Firebase for a user's upload count, and then limit on the client side, but of course, this is a completely insecure method.
如果我将其作为单页应用程序托管在GitHub页面上,那么我想知道是否可以在不涉及服务器的情况下设置这些限制.或者,我是否需要通过服务器代理我的上载,以确保我绝不允许用户上载超出我期望的数量?
If I hosted this as a single page app on, say, GitHub pages, I am wondering if I could set these limits without involving a server. Or, do I need to proxy my uploads through a server to make sure I never allow users to upload more than I intend them to?
推荐答案
您可以限制用户可以通过 Firebase存储的安全规则.
You can limit what a user can upload through Firebase Storage's security rules.
例如(从链接的文档中)这是一种限制上传文件大小的方法:
For example this (from the linked docs) is a way to limit the size of uploaded files:
service firebase.storage {
match /b/<your-firebase-storage-bucket>/o {
match /images/{imageId} {
// Only allow uploads of any image file that's less than 5MB
allow write: if request.resource.size < 5 * 1024 * 1024
&& request.resource.contentType.matches('image/.*');
}
}
}
但是这些规则目前无法限制用户可以上传的文件数量.
But there is currently no way in these rules to limit the number of files a user can upload.
想到的一种方法是为此使用固定文件名.例如,如果将允许的文件名限制为1..5,则用户只能存储五个文件:
One approach that comes to mind would be to use fixed file names for that. For example, if you limit the allowed file names to be numbered 1..5, the user can only ever have five files in storage:
match /public/{userId}/{imageId} {
allow write: if imageId.matches("[1-5]\.txt");
}
这篇关于设置通过Firebase身份验证和存储上传文件的限制(中间没有服务器)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
