如何让 Firebase Functions 充当用户而不是管理员? [英] How to make Firebase Functions act as a user instead of being an admin?
问题描述
我的客户端应用正在通过 Firebase Functions 创建的 API 访问 Firestore.但是,Firebase 函数导入 firebase-admin
绕过所有定义的安全规则.有什么方法可以让我的 HTTP 触发器函数充当特定用户(例如,通过将访问令牌从客户端传递到服务器),以便函数在 Firebase 函数的影响下工作.
My client app is accessing to Firestore through API created by Firebase Functions. However, the Firebase Functions imports firebase-admin
which bypass all the defined security rule. Is there any way I can make my HTTP triggers Function to act as a specific user (for example, by passing an access token from client to server), so that the Functions works under influence of Firebase Functions as well.
推荐答案
目前没有办法做到这一点.用于节点的 Firestore SDK 无法将其对数据库的访问范围限定为特定的经过身份验证的用户.
There is currently no way to do this. The Firestore SDK for node doesn't have a way of scoping its access to the database as a particular authenticated user.
请注意,这与实时数据库 SDK 不同,后者允许您范围到一个uid.
Note that this is different than the Realtime Database SDK, which does allow you to scope to a uid.
这篇关于如何让 Firebase Functions 充当用户而不是管理员?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!