如何将 Firebase 数据库锁定给来自特定(电子邮件)域的任何用户? [英] How do I lock down Firebase Database to any user from a specific (email) domain?
问题描述
我有一个使用 Firebase 数据库的小型个人 Firebase 网络应用程序.我想为来自单个特定域的任何用户保护(锁定)此应用程序.我想通过 Google 进行身份验证.我不清楚如何将规则配置为只有来自单个特定域(例如 @foobar.com)的用户才能读取和写入此数据库".
I have a small, personal Firebase webapp that uses Firebase Database. I want to secure (lock down) this app to any user from a single, specific domain. I want to authenticate with Google. I'm not clear how to configure the rules to say "only users from a single, specific domain (say @foobar.com) can read and write to this database".
(我看到的部分问题:很难用足够的信息引导数据库来使这个用例工作.我需要在身份验证时知道用户的电子邮件,但是 auth对象不包含电子邮件.这似乎是一个鸡蛋问题,因为我需要编写引用数据库中数据的 Firebase 规则,但该数据尚不存在,因为我的用户无法写入数据库.)
(Part of the issue that I see: it's hard to bootstrap a Database with enough info to make this use case work. I need to know the user's email at the time of authentication, but auth object doesn't contain email. It seems to be a chicken-egg problem, because I need to write Firebase rules that refer to data in the Database, but that data doesn't exist yet because my user can't write to the database.)
如果 auth 有电子邮件,那么我可以轻松编写规则.
If auth had email, then I could write the rules easily.
提前致谢!
推荐答案
如果您使用的是新的 Firebase,现在可以这样做,因为 email 在安全规则中可用.
If you're using the new Firebase this is now possible, since the email is available in the security rules.
在安全规则中,您可以访问电子邮件地址以及它是否经过验证,这使得一些很好的用例成为可能.例如,根据这些规则,只有经过身份验证和验证的 Gmail 用户才能编写他们的个人资料:
In the security rules you can access both the email address and whether it is verified, which makes some great use-cases possible. With these rules for example only an authenticated, verified gmail user can write their profile:
{
"rules": {
".read": "auth != null",
"gmailUsers": {
"$uid": {
".write": "auth.token.email_verified == true &&
auth.token.email.matches(/.*@gmail.com$/)"
}
}
}
}
您可以在您的 Firebase 数据库控制台中输入这些规则项目.
You can enter these rules in the Firebase Database console of your project.
这篇关于如何将 Firebase 数据库锁定给来自特定(电子邮件)域的任何用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
