有没有办法限制在firebase注册 [英] Is there a way to restrict registrations in firebase

查看:169
本文介绍了有没有办法限制在firebase注册的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有没有办法限制用户注册Firebase电子邮件/密码帐户,以便新用户无法注册?我有一个小应用程序,只有少数管理员需要访问(我已经在Firebase管理员手动创建),现在它的设置方式,似乎任何人都可以注入一个JavaScript和注册一个帐户。 Firebase简单登录是建立在 Firebase自定义登录。当使用电子邮件/密码认证时,值得注意的是,这只是创建了该电子邮件和密码之间的映射,并自动生成认证令牌以用于您的安全规则。



在您的具体情况下,如果所有管理员用户已经创建,您可以通过安全规则实现您要查找的行为。例如,如果您只想允许对Firebase数据树的读/写访问权限给该列表中的经过身份验证的用户,请尝试编写要求该用户位于管理员列表中的顶级读/写安全规则:

  {
.read:auth!= null&& root.child('admins')。 hasChild(auth.uid),
.write:auth!= null&& root.child('admins')。hasChild(auth.uid)
} $ b $上面的那些规则确保用户通过了认证(通过 auth!= null  
 
 
> c $ c>),并要求经过身份验证的用户的ID在管理员列表中( root.child('admins')。hasChild(auth.uid))。 / p> 
 
 
最后一步是通过将这些用户写入 admins 子树来实际让这些用户管理。假设您有用户1,4和7来创建管理员,请更新您的数据树以反映以下内容: 
 
 
  {
 ... 
admins:{
1:true,
4:true,
7:true 
} 
 
 
 
 
 
 $ b因此,即使其他用户能够生成新的电子邮件/密码映射使用Firebase简单登录,这些映射将不会影响您的应用程序,因为它使用安全规则进行了限制。
 
Is there a way to restrict users from registering firebase email/password accounts so that new users can't sign up? I have a small app that only a few admins need to have access to(which I've manually created in the Firebase admin) and the way it's setup right now it seems like anybody could inject a little javascript and register an account.
 解决方案 
Firebase Simple Login is an abstraction built on top of Firebase Custom Login for convenience. When using the email / password authentication, it's worth keeping in mind that this is just creating a mapping between that email and password, and automatically generating authentication tokens for use in your security rules.



In your specific case, if all of the "admin" users have already been created, you can achieve the behavior you're looking for through security rules. For example, if you want to only allow read / write access to your Firebase data tree to authenticated users in that list, try writing top-level read / write security rules that require that user to be in the "admins" list:
{
  ".read"  : "auth != null && root.child('admins').hasChild(auth.uid)",
  ".write" : "auth != null && root.child('admins').hasChild(auth.uid)"
}

Those rules above ensure that the user is authenticated (via auth != null) and require that the authenticated user's id is in the list of admins (root.child('admins').hasChild(auth.uid)).



The last step is to actually make those users admins, by writing them to the admins subtree. Let's say you have users 1, 4, and 7 to make admins, update your data tree to reflect the following:
{
  ...
  "admins": {
    "1": true,
    "4": true,
    "7": true
  }
}

As a result of this, even if other users are able to generate new email / password mappings using Firebase Simple Login, those mappings will have no impact on your application as it is restricted using security rules.


                        
这篇关于有没有办法限制在firebase注册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆