Cloud Functions for Firebase 是否遵守实时数据库规则? [英] Does Cloud Functions for Firebase respect the realtime database rules?

问题描述

我正在尝试使用特定节点的安全规则来保护我的实时数据库.

I am trying to secure my real time database using security rules at specific nodes.

我了解，当我使用我的设备进行读写时，Firebase 规则将适用.

I understand that Firebase rules will apply when I write/ read using my device.

如果写入/读取恰好来自 Cloud Functions 怎么办?

What if the write / read happened to be from Cloud Functions?

如果我保护了(用户)节点，那么 Cloud Functions 是否知道(用户)是安全的?还是它仍然可以读写?

If I secured (users) node then does Cloud Functions know that (users) is secured? or it reads and writes anyway?

推荐答案

当您使用 Firebase Admin SDK 访问实时数据库时，默认情况下它具有完全的读写权限.Admin SDK 的假设是您在特权环境中运行，代码完全在您的控制之下，并且您确切地知道自己在做什么.

When you use the Firebase Admin SDK to access Realtime Database, by default it has full read and write access. The assumption with the Admin SDK is that you're running in a privileged environment where the code is fully under your control, and you know exactly what you're doing.

您的代码在 Cloud Functions 中运行的事实与此无关.它可以很容易地在您的桌面或您控制的其他服务器上运行.这是 Admin SDK 的属性.

The fact that your code is running in Cloud Functions has no bearing on any of this. It could just as easily be running on your desktop or some other server you control. This is a property of the Admin SDK.

如果您想更改对实时数据库的访问范围，您必须知道最终用户的 UID，然后使用 databaseAuthVariableOverride 在初始化时.

If you want to change the scope of access to Realtime Database, you will have to know the end user's UID, then initialize the SDK to limit the scope of its privilege to that UID using databaseAuthVariableOverride at the time of init.

这篇关于Cloud Functions for Firebase 是否遵守实时数据库规则?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！