Firebase安全性:通过电子邮件查找其他用户 [英] Firebase security: find other users via email
问题描述
usersMail
- example1@mail.com: 1
- example2@mail.com:2
- example3@mail.com:3
有没有用户1查询自己的电子邮件列表来查找他的朋友谁正在使用的应用程序没有设置usersMail是所有用户可迭代的
如果在Firebase中无法实现此功能,我需要使用管理员帐户设置服务器来执行查询吗?还是很新的后端的东西,所以我很感激帮助!
解决方案
所以问题是:Firebase中存在两个用户,uid_0和uid_1,我们需要uid_0通过电子邮件搜索uid_1。
但是,我们希望阻止其他用户遍历用户节点。 / p>
答案是否定的。这是不能做到的。要通过电子邮件查询另一个用户的用户节点,用户必须能够访问该节点内的每个用户。
但是也可能有其他选项。假设uid_1(doug)知道uid_0(bob)想要找到他并将其添加为好友。
$ b $ $ p $ users
uid_0:
电子邮件:bob@greatwhitenorth.com
uid_1:
电子邮件:doug@greatwhitenorth.com
然后是一个将用户链接在一起的节点,在这种情况下,doug知道bob将会找到他,我们包含了doug的uid,所以当bob读取节点时,它将包含在子数据
email_finder
doug@greatwhitenorth.com
bob@greatwhitenorth.com:true
uid: uid_1
以及限制存取的规则
email_finder节点的规则
read:root.child('email_finder')。child($ email)
.child(
root.child('users')。child(auth.uid).child('email')。val
)
.val = true
如果我输入正确,
root.child('users')。child(auth.uid).child('email ').val
应从用户节点检索当前用户的电子邮件,在这种情况下,bob @ greatwhitenorth .com,所以调用X
然后
.child $ email).child(X).val = true
确保email = true )在doug节点内
然后直接观察会返回包含uid的节点
code> let thisUserRef = emailFinderRef.childByAppendingValue(doug@greatwhitenorth.com)
thisUserRef.ObserveEventOfType(.Value ...... {
//捕获援助
}
您还需要在用户节点上只允许用户读取自己的节点
这完全没有经过测试,甚至可能完全错误,但可能会给你一个可能的解决方案。
Let's say we have these data in Firebase.
usersMail
- "example1@mail.com": "1"
- "example2@mail.com": "2"
- "example3@mail.com": "3"
Is there anyway for user1 to query his own list of emails to look up his friends who are using the application without setting usersMail to be iterable by all users?
If this isn't possible in Firebase, would I have to set up a server with an admin account to do the querying? Still very new to the back-end stuff so I appreciate the help!
So the question is: two users exist in Firebase, uid_0 and uid_1, and we need the ability for uid_0 to search for uid_1 by email.
However, we want to prevent other users from iterating over the users node.
The answer is no. This cannot be done. To query a users node for another user by email, a user would have to have access to each of the users within that node.
There may be another option however. Suppose uid_1 (doug) knows that uid_0 (bob) wants to find him and add him as a friend.
users
uid_0:
email: bob@greatwhitenorth.com
uid_1:
email: doug@greatwhitenorth.com
and then a node that links users together, in this case doug knows bob will be looking for him, we include doug's uid so when bob reads the node it will be included in the child data
email_finder
doug@greatwhitenorth.com
bob@greatwhitenorth.com: true
uid: uid_1
and rules to limit access
rules for email_finder node
$email
read: root.child('email_finder').child($email)
.child(
root.child('users').child(auth.uid).child('email').val
)
.val = true
If I typed that correctly,
root.child('users').child(auth.uid).child('email').val
should retrieve the current users email from the users node, in this case bob@greatwhitenorth.com, so call that X
then
.child($email).child(X).val = true
to ensure that the email = true (exists) within the doug node
Then a direct observe would return the node containing the uid
let thisUserRef = emailFinderRef.childByAppendingValue("doug@greatwhitenorth.com")
thisUserRef.ObserveEventOfType(.Value...... {
//capture the aid
}
You would also want a Rule on the users node that only allows a user to read their own node as well.
This is totally untested and possible even totally wrong but may give you a direction of a possible solution.
这篇关于Firebase安全性:通过电子邮件查找其他用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
