Cloud Firestore 安全规则只允许从 Firebase 函数写入 [英] Cloud Firestore Security Rules allow write only from Firebase function

问题描述

我真的希望能够通过仅允许 firebase 函数写入特定集合来保护我的 firestore 数据库...我将如何去做呢?查看那里的文档，我没有找到任何可以说明您如何做到这一点的内容.例如，我正在寻找类似的东西:

I'd really like to be able to secure my firestore db by allowing only firebase functions to write to the specific collection... how would I go about doing that? Looking at there documentation I do not find anything that might state how you could do that. For instance, I am looking for something like:

service cloud.firestore {
  match /databases/{database}/documents {

    // Match any document in the 'cities' collection
    match /cities/{city} {
      allow read;
      allow write: if <from firebase function>;
    }
  }
}

推荐答案

Cloud Functions for Firebase 代码通常使用 Firebase Admin SDK 访问其他 Firebase 产品.无论权限如何设置，Admin SDK 都将拥有对 Firestore 的完全读写权限.您既不能明确允许也不能拒绝对 Admin SDK 的访问，这意味着您也不能明确允许或拒绝对 Cloud Functions 的访问.

Cloud Functions for Firebase code generally accesses other Firebase products using the Firebase Admin SDK. The Admin SDK will have full read and write access to Firestore, no matter how the permissions are set. You can neither explicitly allow nor deny access to the Admin SDK, which means you also can't explicitly allow nor deny access to Cloud Functions.

如果您只想让您的后端读取和写入您的数据库的某些部分，而不是您的移动客户端应用程序，只需完全拒绝对所有客户端的访问，并让 Admin SDK 来完成它的工作.

If you just want your backend to read and write some part of your database but none of your mobile client apps, simply reject access to all clients entirely, and let the Admin SDK do its work.

service cloud.firestore {
  match /databases/{database}/documents {

    // Match any document in the 'cities' collection
    match /cities/{city} {
      allow read: if false;
      allow write: if false;
    }
  }
}

这篇关于Cloud Firestore 安全规则只允许从 Firebase 函数写入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！