是否可以在 Firebase 中仅接受来自我的应用程序的函数调用? [英] Is it possible to only accept function calls from my app in Firebase?
问题描述
我正在 Unity 中创建一个游戏,用户可以使用 Level Creator 系统为关卡做出贡献.
I am creating a game in Unity where the user can contribute with levels using a Level Creator system.
我的应用程序设置为我只需要使用级别信息调用云函数,它处理重复条目并将其保存到 Firestore.所有这些都完美无缺.
My application is setup in a way that I just need to call the Cloud Function with the level info, and it handles duplicate entries and saves it to Firestore. All of this works perfectly.
基本上,我的问题是:我可以让我的函数只接受来自我的游戏的调用吗?(没有让我的用户注册?).
My question, basically, is: can I have my functions only accept calls from my game? (without having my users registered?).
当然,我使用的是 functions.https.onCall((data, context) => {}).在 Firebase 的 文档 中,我注意到他们使用 context.auth 检查用户是否通过身份验证.但是,我将此值记录到控制台,它似乎是 undefined.
Naturally, I am using functions.https.onCall((data, context) => {}). In the documentation for Firebase, I noticed they use context.auth to check whether the user is authenticated or not. However, I am logging this value to the console and it appears to be undefined.
我也对这条线感到困惑,来自同一个链接:
I am also confused with this line, from the same link:
借助可调用对象,Firebase 身份验证和 FCM 令牌(如果可用)会自动包含在请求中.
With callables, Firebase Authentication and FCM tokens, when available, are automatically included in requests.
也许 context.auth 没有定义,因为我的游戏还没有在 Google Play/Apple Store 中?有什么想法吗?
Maybe context.auth is not defined because my game isn't yet in Google Play / Apple Store? Any ideas?
推荐答案
无法将可调用函数的调用限制为仅一个应用程序,并且该应用程序是否发布到任何商店都没有关系.部署函数后,任何有互联网连接的人都可以访问它.
It's not possible to restrict invocations of a callable function to just one app, and it doesn't matter if the app is published to any stores. Once you deploy a function, it's accessible to anyone with an internet connection.
您可以做的最好的事情是要求您的用户通过 Firebase 身份验证应用程序,然后检查函数中的 context.auth 以确定它是否应该执行用户想要的操作.context.auth 在没有认证的情况下将是未定义的.如果您的代码确定该函数不应继续执行,您可以提前返回.但该函数仍然被调用.
The best you can do is require your users to be authenticated with Firebase Authentication in your app, then check context.auth in the function to determine if the it should do what the user wants. context.auth will be undefined in the case of no authentication. If your code determines that the function should not go any further, you can return early. But the function is still invoked.
这篇关于是否可以在 Firebase 中仅接受来自我的应用程序的函数调用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
