Firebase firstore云功能的安全规则 [英] Firebase firstore security rules for cloud functions

问题描述

我目前正在设置一个dialogflow bot(用于常见问题和联系方式)，并且正在使用Google云端功能(nodejs)在firebase firestore中实现/数据存储.

im currently setting up a dialogflow bot (for faq and contact) and the fulfillment / data storage is being done in firebase firestore using google cloud functions (nodejs).

很明显，我想拥有安全性规则，将对数据库的访问限制为仅dialogflow.谁能指出正确的方向，我将如何去做呢?

Obviously I would like to have security rules, limiting the access to the database to only dialogflow. Could anyone point me in the right direction how I would go about doing this?

我发现的示例都是检查数据库中存储的内容，在我的情况下是行不通的..

The examples I found, were all check regarding something stored in the database, which wouldn't work in my case..?

推荐答案

仅当您具有移动客户端(Android，iOS，Web)直接访问Firestore，Cloud Storage或实时数据库中的某些数据时，安全规则才相关.它还适用于来自REST API的未经身份验证的访问.来自后端的任何其他访问，包括您可能为dialogflow实现挂钩编写的代码，均不受安全规则的约束.也就是说，通过admin SDK从后端访问这些资源会完全忽略安全规则.

Security rules are only relevant when you have a mobile client (Android, iOS, web) directly accessing some data in Firestore, Cloud Storage, or Realtime Database. It also applies to unauthenticated access from the REST API. Any other access from a backend, including code you might write for a dialogflow fulfillment hook, isn't subject to security rules. That is to say, accessing these resources from a backend through the admin SDK ignores security rules altogether.

如果您只打算从后端访问这些产品，只需使您的安全规则禁止移动客户端的公共访问即可.

If you only intend to access these products from a backend, just make your your security rules disallow public access from mobile clients.

这篇关于Firebase firstore云功能的安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！