在Firebase数据库规则上创建自定义验证 [英] Create custom validation on Firebase Database Rules
问题描述
我想使用firebase实时数据库创建聊天应用程序,我已经拥有自己的服务器以及对用户和收件人的身份验证.
I want to create a chat application using firebase real time db, I already have my own server and my own authentication for my users and recipient.
所以基本上我想做的是:
So basically what I want to do is:
我希望我的服务器能够生成房间及其房间密钥,因此,只有与我共享该密钥的人才能访问该房间,进行读写操作.
I want my server to able to generate room, and its room secret key, so only to people I share the secret key who can access the room, do read and write
也许流程是这样的 1.服务器使用REST API为此网址创建POST
maybe the flow is like this 1. The server create a POST using REST API to this url
curl -X PUT \
https://example-chat-92682.firebaseio.com/order-test.json \ -d
'{
"UB8Hdazo834-4760": {
"secret": "secret123"
}
}'
因此它将生成以下结构
- order-test
- UB8Hdazo834-4760
secret: "secret123",
2.然后我将发送聊天室 https://example-chat -92682.firebaseio.com/order-test/UB8Hdazo834-4760.json 发送给用户
2. then I will send the chat room https://example-chat-92682.firebaseio.com/order-test/UB8Hdazo834-4760.json to users
我将像这样在json中发送它们
I will send them in json like this
"room": "https://example-chat-92682.firebaseio.com/order-test/UB8Hdazo834-4760.json",
"secret": "secret123"
3.用户会收到有效负载,并使用它们通过ios或android参与聊天,因此最终结构将如下所示:
3. Users receive the payload and use it to join the chat using their ios or android, so the final structure will be like this
- order-test
- UB8Hdazo834-4760
secret: "secret123",
- chat
- Kifeisufsu23r
name: "Bob",
message: "How you doin?"
- Ki4324ffs3fIF
name: "Alex",
message: "I am fine"
问题是,如何使Firebase数据库规则创建读写验证? 我看过该文档,因为我拥有自己的auth,并且无法控制auth(不同的微服务),所以我无法使用Firebase身份验证
The question is, how do I make Firebase Database Rule to create read and write validation? I have seen the doc, I can't use the Firebase Authentication since I have my own auth and have no control over the auth (different micro service)
秘密将自动生成,因此我无法对数据库规则进行硬编码
the secret will be auto-generated, so there is no way I can hardcode the database rule
如果你们对我的数据结构有任何反馈,我非常欢迎
If you guys have any feedback on my data structure, I am more than welcome
推荐答案
如果您有服务器,则可以为Firebase身份验证创建自定义令牌,以确保在Firebase中也可以识别您的用户.然后,它们将在Firebase数据库安全规则中显示为auth
和auth.uid
.
If you have a server, you can mint a custom token for Firebase Authentication to ensure your users are also identified within Firebase. They would then surface as auth
and auth.uid
in the Firebase Database security rules.
但是在您当前的模型中,我建议将机密放入房间的钥匙中:
But in your current model, I'd recommend putting the secret into the key of the room:
- 订单测试
- UB8Hdazo834-4760_secret123
- 聊天
- Kifeisufsu23r 名称:鲍勃", 消息:你好吗?"
- Ki4324ffs3fIF 名称:"Alex", 消息:我很好"
- order-test
- UB8Hdazo834-4760_secret123
- chat
- Kifeisufsu23r name: "Bob", message: "How you doin?"
- Ki4324ffs3fIF name: "Alex", message: "I am fine"
现在,您可以轻松保护访问权限,以便只有同时知道房间ID和机密的用户才能访问它:
Now you can easily secure access so that only users that know both the room ID and the secret can access it:
{ "rules": { ".write": false, "order-test": { "$roomIdAndSecret": { ".write": true } } } }
这篇关于在Firebase数据库规则上创建自定义验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- chat
- UB8Hdazo834-4760_secret123
- 聊天
- UB8Hdazo834-4760_secret123