通过 Firebase 身份验证和存储设置文件上传限制,中间没有服务器? [英] Setting limits on file uploads via Firebase auth and storage without server in the middle?
问题描述
我正在了解网络应用中的 Firebase 身份验证和存储.我的想法是要求用户通过 Firebase 登录,然后上传图片.
I'm learning about Firebase auth and storage in a web app. My idea asks users to login via Firebase and then upload an image.
我可以从 Firebase 身份验证和存储中看出这是可能的.但是,我想限制他们可以上传的文件数量和文件大小.
I can see that this is possible from Firebase auth and storage. However, I would like to put limits on the file count and file-size they can upload.
是否可以在 Firebase 控制台(或其他地方)内控制上传?在查看 JavaScript 示例后,我了解了如何放入文件,我可以想象编写代码来查询 Firebase 以获取用户的上传计数,然后在客户端进行限制,但当然,这是一种完全不安全的方法.
Is it possible to control uploads within the Firebase console (or somewhere else)? After reviewing the JavaScript examples, I see how I can put files in, and I can imagine writing code which would query Firebase for a user's upload count, and then limit on the client side, but of course, this is a completely insecure method.
如果我将它作为单页应用程序托管在 GitHub 页面上,我想知道是否可以在不涉及服务器的情况下设置这些限制.或者,我是否需要通过服务器代理我的上传,以确保我永远不会允许用户上传超出我预期的内容?
If I hosted this as a single page app on, say, GitHub pages, I am wondering if I could set these limits without involving a server. Or, do I need to proxy my uploads through a server to make sure I never allow users to upload more than I intend them to?
推荐答案
您可以通过 Firebase 存储的安全规则.
例如,这(来自链接的文档)是一种限制上传文件大小的方法:
For example this (from the linked docs) is a way to limit the size of uploaded files:
service firebase.storage {
match /b/<your-firebase-storage-bucket>/o {
match /images/{imageId} {
// Only allow uploads of any image file that's less than 5MB
allow write: if request.resource.size < 5 * 1024 * 1024
&& request.resource.contentType.matches('image/.*');
}
}
}
但是这些规则目前没有办法限制用户可以上传的文件数量.
But there is currently no way in these rules to limit the number of files a user can upload.
想到的一种方法是为此使用固定的文件名.例如,如果您限制允许的文件名编号为 1..5,则用户只能存储五个文件:
One approach that comes to mind would be to use fixed file names for that. For example, if you limit the allowed file names to be numbered 1..5, the user can only ever have five files in storage:
match /public/{userId}/{imageId} {
allow write: if imageId.matches("[1-5].txt");
}
这篇关于通过 Firebase 身份验证和存储设置文件上传限制,中间没有服务器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
