在Firebase数据库规则上创建自定义验证 [英] Create custom validation on Firebase Database Rules

问题描述

我想使用firebase实时数据库创建聊天应用程序，我已经拥有自己的服务器以及对用户和收件人的身份验证.

I want to create a chat application using firebase real time db, I already have my own server and my own authentication for my users and recipient.

所以基本上我想做的是:

So basically what I want to do is:

我希望我的服务器能够生成房间及其房间密钥，因此，只有与我共享该密钥的人才能访问该房间，进行读写操作.

I want my server to able to generate room, and its room secret key, so only to people I share the secret key who can access the room, do read and write

也许流程是这样的 1.服务器使用REST API为此网址创建POST

maybe the flow is like this 1. The server create a POST using REST API to this url

curl -X PUT \
https://example-chat-92682.firebaseio.com/order-test.json \ -d 
'{ 
   "UB8Hdazo834-4760": {
     "secret": "secret123"
   }
 }'

因此它将生成以下结构

- order-test
    - UB8Hdazo834-4760
         secret: "secret123",

2.然后我将发送聊天室 https://example-chat -92682.firebaseio.com/order-test/UB8Hdazo834-4760.json 发送给用户

2. then I will send the chat room https://example-chat-92682.firebaseio.com/order-test/UB8Hdazo834-4760.json to users

我将像这样在json中发送它们

I will send them in json like this

"room": "https://example-chat-92682.firebaseio.com/order-test/UB8Hdazo834-4760.json",
"secret": "secret123"

3.用户会收到有效负载，并使用它们通过ios或android参与聊天，因此最终结构将如下所示:

3. Users receive the payload and use it to join the chat using their ios or android, so the final structure will be like this

- order-test
    - UB8Hdazo834-4760
         secret: "secret123",
         - chat
             - Kifeisufsu23r
                 name: "Bob",
                 message: "How you doin?"
             - Ki4324ffs3fIF
                 name: "Alex",
                 message: "I am fine"

问题是，如何使Firebase数据库规则创建读写验证? 我看过该文档，因为我拥有自己的auth，并且无法控制auth(不同的微服务)，所以我无法使用Firebase身份验证

The question is, how do I make Firebase Database Rule to create read and write validation? I have seen the doc, I can't use the Firebase Authentication since I have my own auth and have no control over the auth (different micro service)

秘密将自动生成，因此我无法对数据库规则进行硬编码

the secret will be auto-generated, so there is no way I can hardcode the database rule

如果你们对我的数据结构有任何反馈，我非常欢迎

If you guys have any feedback on my data structure, I am more than welcome

推荐答案

如果您有服务器，则可以为Firebase身份验证创建自定义令牌，以确保在Firebase中也可以识别您的用户.然后，它们将在Firebase数据库安全规则中显示为auth和auth.uid.

If you have a server, you can mint a custom token for Firebase Authentication to ensure your users are also identified within Firebase. They would then surface as auth and auth.uid in the Firebase Database security rules.

但是在您当前的模型中，我建议将机密放入房间的钥匙中:

But in your current model, I'd recommend putting the secret into the key of the room:

• 订单测试
  • UB8Hdazo834-4760_secret123
    • 聊天
      • Kifeisufsu23r 名称:鲍勃"， 消息:你好吗?"
      • Ki4324ffs3fIF 名称:"Alex"， 消息:我很好"
      • order-test
        • UB8Hdazo834-4760_secret123
          • chat
            • Kifeisufsu23r name: "Bob", message: "How you doin?"
            • Ki4324ffs3fIF name: "Alex", message: "I am fine"

            现在，您可以轻松保护访问权限，以便只有同时知道房间ID和机密的用户才能访问它:

            Now you can easily secure access so that only users that know both the room ID and the secret can access it:

            {
              "rules": {
                ".write": false,
                "order-test": {
                  "$roomIdAndSecret": {
                    ".write": true
                  }
                }
              }
            }
            

            这篇关于在Firebase数据库规则上创建自定义验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！