Firebase规则允许服务器写入 [英] Firebase Rules to Allow Server to Write
问题描述
在用户注册后,我们为 / users 子项下的用户创建用户名。
如何设置我的规则,以便只有服务器可以创建新用户,并且用户数据不能被其他用户修改。
Javascript
< script>
var ref = new Firebase(https://myapp.firebaseio.com);
var usersRef = ref.child('users');
var usernameField = $('#usernameInput');
var emailField = $('#emailInput');
var passField = $('#passInput');
$('#submitBtn')。click(function(){
ref.createUser({
email:emailField.val(),
password:passField.val()
},function(error,userData){
if(error){
console.log(创建用户的错误:,error);
} else {
console.log(成功创建的用户帐户与uid:,userData.uid);
usersRef.push({
uid:userData.uid,
username:usernameField.val()
});
}
});
});
< / script>
现行规则:
{
rules:{
users:{
.indexOn:username,
$ uid:{
.write:true,
//授予读者使用电子邮件和密码登录的权限
.read:auth!== null& amp ;& auth.provider ==='password'
}
}
}
}
但是,如果您希望基于Web的管理用户界面创建新用户,您需要编写一个Node.js或Java后端Web服务器(使用Server SDK)。您不能使用客户端JS SDK或Firebase托管。
只需按照服务器端设置部分。
$ b
然后添加 databaseAuthVariableOverride 选项至 initializeApp :
$ b
var firebase = require(firebase);
firebase.initializeApp({
serviceAccount:path / to / serviceAccountCredentials.json,
databaseURL:https://databaseName.firebaseio.com,
databaseAuthVariableOverride:{
//可能使用更具描述性和唯一性的内容
uid:server-side-app
}
});
然后以下为您的规则(警告:未经测试):
{
rules:{
users:{
.indexOn:username,
//授权用户访问
//通过服务器SDK获得写权限
.write: auth!= null&& auth.uid ==='server-side-app',
//授予所有使用电子邮件/密码登录的用户的读取权限
.read:auth!= null&& auth.provider ==='password'
}
}
}
After a user registers, we create a username for the user under /users child.
How can I setup my rules so that only the server can create new users and user data cannot be modified by other users.
Javascript
<script>
var ref = new Firebase("https://myapp.firebaseio.com");
var usersRef = ref.child('users');
var usernameField = $('#usernameInput');
var emailField = $('#emailInput');
var passField = $('#passInput');
$('#submitBtn').click(function() {
ref.createUser({
email : emailField.val(),
password : passField.val()
}, function(error, userData) {
if (error) {
console.log("Error creating user:", error);
} else {
console.log("Successfully created user account with uid:", userData.uid);
usersRef.push({
uid: userData.uid,
username: usernameField.val()
});
}
});
});
</script>
Current rules:
{
"rules": {
"users": {
".indexOn": "username",
"$uid": {
".write": true,
// grants read access to any user who is logged in with an email and password
".read": "auth !== null && auth.provider === 'password'"
}
}
}
}
To set up something so that "only the server can create new users", you can access your database using their Server SDK. This way, you can set rules that only apply to access to the database from the server.
However, if you want a web-based UI for admins to create new users, you need to write a Node.js or Java backend web server (utilizing the Server SDK). You can't use the client-side JS SDK, or Firebase hosting.
Just follow the instructions in the Server Side setup section of their documentation.
Then add the databaseAuthVariableOverride option to initializeApp:
var firebase = require("firebase");
firebase.initializeApp({
serviceAccount: "path/to/serviceAccountCredentials.json",
databaseURL: "https://databaseName.firebaseio.com",
databaseAuthVariableOverride: {
// maybe use something more descriptive and unique
uid: "server-side-app"
}
});
Then the following as your rules (warning: not tested):
{
"rules": {
"users": {
".indexOn": "username",
// grants write access if the authenticated user is accessing
// via the Server SDK
".write": "auth != null && auth.uid === 'server-side-app'",
// grants read access to any user who is logged in with an email/password
".read": "auth != null && auth.provider === 'password'"
}
}
}
这篇关于Firebase规则允许服务器写入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
