如何将Firebase数据库锁定到特定（电子邮件）域中的任何用户？ [英] How do I lock down Firebase Database to any user from a specific (email) domain?

问题描述

我有一个使用Firebase数据库的小型个人Firebase网络应用程序。我想要保护（锁定）这个应用程序从一个单一的，特定的域的任何用户。我想与Google进行身份验证。我不清楚如何配置规则来说只有来自单个特定域（例如 @ foobar.com ）的用户可以读写这个数据库。

（我看到部分问题：使用足够的信息引导数据库很困难，以至于无法使用这个用例，我当时需要知道用户的电子邮件但是 auth 对象不包含电子邮件，这似乎是鸡蛋问题，因为我需要编写引用数据库中的数据的Firebase规则，但是这些数据还没有存在，因为我的用户不能写入数据库。）

如果 auth 有电子邮件，那么我可以很容易地写规则。

在此先感谢！

解决方案<如果您使用的是新的Firebase，那么现在就有可能，因为电子邮件在安全规则中可用。

在安全规则中，您既可以访问电子邮件地址，也可以访问电子邮件地址验证，这使得一些很好的用例成为可能。例如，这些规则只有经过验证的，经过验证的gmail用户才能写出他们的个人资料：

  {
rules： {
.read：auth！= null，
gmailUsers：{
$ uid：{
.write：auth.token。 email_verified == true&& 
 auth.token.email.matches（/.*@gmail.com $ /）

} 
} 
 } 
  

您可以在 Firebase数据库控制台。

I have a small, personal Firebase webapp that uses Firebase Database. I want to secure (lock down) this app to any user from a single, specific domain. I want to authenticate with Google. I'm not clear how to configure the rules to say "only users from a single, specific domain (say @foobar.com) can read and write to this database".

(Part of the issue that I see: it's hard to bootstrap a Database with enough info to make this use case work. I need to know the user's email at the time of authentication, but auth object doesn't contain email. It seems to be a chicken-egg problem, because I need to write Firebase rules that refer to data in the Database, but that data doesn't exist yet because my user can't write to the database.)

If auth had email, then I could write the rules easily.

Thanks in advance!

解决方案

If you're using the new Firebase this is now possible, since the email is available in the security rules.

In the security rules you can access both the email address and whether it is verified, which makes some great use-cases possible. With these rules for example only an authenticated, verified gmail user can write their profile:

{
  "rules": {
    ".read": "auth != null",
    "gmailUsers": {
      "$uid": {
        ".write": "auth.token.email_verified == true && 
                   auth.token.email.matches(/.*@gmail.com$/)"
      }
    }
  }
}

You can enter these rules in the Firebase Database console of your project.

这篇关于如何将Firebase数据库锁定到特定（电子邮件）域中的任何用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！