云功能的 Firebase firstore 安全规则 [英] Firebase firstore security rules for cloud functions

问题描述

我目前正在设置一个对话流机器人(用于常见问题解答和联系人)，并且正在使用谷歌云功能 (nodejs) 在 firebase firestore 中完成履行/数据存储.

im currently setting up a dialogflow bot (for faq and contact) and the fulfillment / data storage is being done in firebase firestore using google cloud functions (nodejs).

显然我希望有安全规则，限制对数据库的访问仅限于对话流.谁能指出我将如何做这件事的正确方向?

Obviously I would like to have security rules, limiting the access to the database to only dialogflow. Could anyone point me in the right direction how I would go about doing this?

我找到的示例都是针对存储在数据库中的内容进行检查的，这在我的情况下不起作用..?

The examples I found, were all check regarding something stored in the database, which wouldn't work in my case..?

推荐答案

仅当您的移动客户端(Android、iOS、Web)直接访问 Firestore、云存储或实时数据库中的某些数据时，安全规则才相关.它也适用于来自 REST API 的未经身份验证的访问.来自后端的任何其他访问，包括您可能为对话流实现挂钩编写的代码，都不受安全规则的约束.也就是说，通过 admin SDK 从后端访问这些资源完全忽略了安全规则.

Security rules are only relevant when you have a mobile client (Android, iOS, web) directly accessing some data in Firestore, Cloud Storage, or Realtime Database. It also applies to unauthenticated access from the REST API. Any other access from a backend, including code you might write for a dialogflow fulfillment hook, isn't subject to security rules. That is to say, accessing these resources from a backend through the admin SDK ignores security rules altogether.

如果您只打算从后端访问这些产品，只需让您的安全规则禁止来自移动客户端的公共访问.

If you only intend to access these products from a backend, just make your your security rules disallow public access from mobile clients.

这篇关于云功能的 Firebase firstore 安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！