通过REST API PHP卷曲火力地堡GET数据 [英] Firebase GET data via REST API PHP CURL
问题描述
试图通过做PHP卷曲一个简单的读。我可以成功读取我的数据,如果我的安全规则,让大家例如
Trying to do a simple read via PHP cURL. I can read my data successfully if my security rules let everyone in e.g.
{
"rules": {
".read": true,
".write": true
}
}
但是,如果我限制读取/写入到一个特定的用户名例如。
However if I restrict read/write to a specific username e.g.
{
"rules": {
".read": "auth.username == 'admin'",
".write": "auth.username == 'admin'"
}
}
我得到许可被拒绝。
I get permission denied.
在code是如下...
The code is as follows...
require('JWT.php');
$secret = 'MY_FIREBASE_SECRET';
$data = array('username' => 'admin');
$token = JWT::encode($data, $secret);
$url = "https://MY_FIREBASE.firebaseio.com/messages.json?auth=$token";
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url
));
$response = curl_exec($curl);
其值得一提的,如果我只是在URL中使用我的FB的秘密,而不是象征性的,我能够成功地读取数据(AUTH = $密码)。我也成功地测试使用自定义的身份验证例如读锻造模拟器数据{'用户名':'管理员'}
Its worth noting, if I just use my FB secret instead of a token in the URL I am able to successfully read the data (auth=$secret). I have also successfully tested reading the data in the Forge simulator using "custom auth" e.g. {'username': 'admin'}
我使用的PHP JWT库: https://github.com /luciferous/jwt/blob/master/JWT.php
I'm using the PHP JWT library: https://github.com/luciferous/jwt/blob/master/JWT.php
不知道如果我得到拒绝的权限,因为我的电话卷曲是不正确的或者说我没有正确构建令牌。我一直在使用POST尝试,并通过卷曲GET,但我得到了相同的结果。
Not sure if I'm getting permission denied because my cURL call is not correct or I'm not constructing the token properly. I have tried using POST and GET via cURL but I'm getting the same result.
任何建议将是多少AP preciated ...
Any suggestions would be much appreciated...
感谢您的超快速响应安德鲁。我想你的建议。不幸的是,我仍然得到拒绝的权限。这是我更新code ...
Thanks for the super quick response Andrew. I tried your suggestion. Unfortunately, I'm still getting 'permission denied'. Here is my updated code...
require('JWT.php');
$secret = 'my-secret';
$user = array( 'v' => 0, 'iat' => time(), 'd' => array('username' => 'admin', 'type' => 'admin', 'fullname' => 'Administrator'));
$token = JWT::encode($user, $secret);
$curl = curl_init();
$url = "https://myfirebase.firebaseio.com/messages.json?auth=$token";
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url
));
$response = curl_exec($curl);
curl_close($curl);
- 我没有改变我们的数据到.read规则得到这个工作
AUTH = NULL! - 但是,这似乎并没有相当的安全...
有关参考我们的数据结构是根本
For reference our data structure is simply
+ myfirebase
+ messages
- 000001 = "this is the 1st test message"
- 000002 = "this is the 2nd test message"
BTW:我们的应用只会有1用户读/写数据。如果我不能得到令牌的工作...有没有更好的办法,而不诉诸通过我们的密钥在URL验证通过REST API调用?例如&安培; AUTH ='我的秘密
BTW: Our application will only have 1 user reading/writing data. If I can not get the token to work... Is there a better way to authenticate calls via the REST API without resorting to passing our secret key in the URL? e.g. &auth='my-secret'
推荐答案
的火力地堡JWT有一定的结构,它是在这里失踪。还有应该是这里的这些身份验证令牌有什么详细的解释:
https://www.firebase.com/docs/security/jwt -auth-令牌format.html
The Firebase JWT has some structure to it that is missing here. There's a detailed explanation of what should be in these auth tokens here: https://www.firebase.com/docs/security/jwt-auth-token-format.html
下面是用适当的结构片段。
Here is a snippet with the appropriate structure.
require_once('JWT.php');
$fbSecret = 'your-secret';
$user = array( 'v' => 0, 'iat' => <timestamp>,
'd' => array('username' => 'jimbob', 'type' => 'admin',\
'fullname' => 'Jim Bob')
);
$token = JWT::encode($user, $fbSecret);
请注意,该d的字段中包含的实际有效载荷。 V,和IAT也是必需的。 IAT应该是从新纪元(它是一个(新的Date())。的getTime()在Javascript返回数字)的秒数。
Note that the "d" field contains the actual payload. "v", and "iat" are also required. "iat" should be the number of seconds since the epoch (it's the number that (new Date()).getTime() returns in Javascript).
这篇关于通过REST API PHP卷曲火力地堡GET数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
