问题描述
使用Firebase的用户登录这是我到目前为止的尝试:
- 使用FirebaseAuth注册后,我将用户的电子邮件地址和
uid
存储在实时数据库中。 - 在用户上传文件并输入收件人的电子邮件地址后,我检查实时数据库的地址。如果存在,我检索收件人的
uid
并将其存储在文件的元数据中。 在我的Firebase存储安全规则中,如果auth.uid
与存储在文件元数据中的uid
匹配 -
我可以在用户输入收件人的电子邮件地址后创建一个新帐户。如果我这样做,我必须指定一个密码。我可以指定一个随机密码,并使用密码重置电子邮件,但这不是一个好的用户体验,也因为你不能完全自定义重置电子邮件。
-
如果我不立即创建新帐户,如何确保只有具有此电子邮件地址的用户才能访问该文件?将电子邮件地址存储在文件的元数据中不起作用,因为它可能会在以后更改。
这里的思维方式太复杂了。有没有更容易的方法来实现这一点,或者我忽略了一些东西?编辑:我已经调查了一些,我认为一种方法来做到这一点将是使用Firebase存储指南建议的自定义身份验证令牌此处。这将需要我设置自己的auth服务器,但这首先会破坏使用Firebase身份验证的目的。有没有更简单的方法来实现这一点? - User logs in using Firebase Authentication
- User uploads a file to Firebase Storage
- User enters an email address of a different user. This user account may already exist. If not, the recipient gets an email prompting them to sign up.
- The uploaded file should now be available only to the user who uploaded it (read/write) and to the other user with the above email address (read only).
- After using FirebaseAuth to sign up, I store the user's email address and
uid
in the Real-Time Database. - After the user uploads a file and enters the recipient's email address, I check the Real-Time Database for that address. If it exists, I retrieve the recipient's
uid
and store it in the file's metadata. - In my Firebase Storage security rules, I check if the
auth.uid
matches theuid
stored in the file metadata. I could create a new account after the user enters the recipient's email address. If I do that though, I have to specify a password. I could specify a random password and use the password reset email, but that isn't a good user experience, also because you can't fully customize the reset email.
If I don't create the new account right away, how can I make sure that only the user with this email address can access the file? Storing the email address in the file's metadata doesn't work since it could change later.
这应该可以,但是如果用户帐户还不存在,我该怎么办?
这应该是相当简单的:
文件
file_id_0
file_name:我的文件
read_write:uid_0
read_only:
uid_1:true
uid_2:true
当然还有用户
用户
uid_0
名称:Larry
电子邮件地址:larry@stooges.com
uid_1
名称:Curly
电子邮件:curly@stooges.com
uid_2
名称:Moe
电子邮件:moe@stooges.com
和一些漂亮的概念规则
pre code $规则
.read: false
.writ:false
文件
$ file_id
//给上传文件的人读取访问这个节点以及
//任何用户ID它存在于read_only节点
.read:root.child('files')。child($ file_id).child('read_write')中。 val = auth.uid ||
root.child('files')。child($ file_id).child(read_only)。child(auth.uid)= true
//仅对创建它的用户写入权限$ ($ file_id).child('read_write')。val = auth.uid
非常接近。
所以当uid_0上传一个文件,我的文件,它存储在file_id_0。通过他们的电子邮件(假设他们存在)邀请另一个用户到这个文件,在这种情况下,uid_0邀请uid_1和uid_2,这些用户id被写入file_id_0节点,通过查询这两个用户的/ users节点。
我认为他们在那里玩
$ $ $ $ $ $ c $ watch_list
uid_0
moe@stooges.com:file_id_0
每个用户观察用户节点,如果一个ne wly添加用户电子邮件存在于他们的观察名单(uid_0正在观看moe@stooges.com)。然后将它们添加到file_id_0 / read_only节点,并将它从观察列表中删除。
看看我刚写的东西,有点不雅观,所以可能有更好的办法。
I'm trying to achieve the following behavior using Firebase:
This is what I've been trying so far:
This should work well, but what do I do if the user account does not yet exist?
I have a feeling I'm thinking way too complicated here. Is there an easier way to achieve this, or am I overlooking something?
EDIT: I've investigated a bit more and I think one way to do this would be by using a custom auth token, which is suggested by the Firebase Storage guide here. That would require me to setup my own auth server though, which kind of defeats the purpose of using Firebase Authentication in the first place. Is there an easier way to achieve this?
This should be fairly straightforward:
files
file_id_0
file_name: My File
read_write: uid_0
read_only:
uid_1: true
uid_2: true
and of course you have users
users
uid_0
name: Larry
email: larry@stooges.com
uid_1
name: Curly
email: curly@stooges.com
uid_2
name: Moe
email: moe@stooges.com
and some spiffy conceptual rules
rules
.read: false
.writ: false
files
$file_id
//give the person that uploaded the file read access to this node as well as
// any user id that exists in the read_only node
.read: root.child('files').child($file_id).child('read_write').val = auth.uid ||
root.child('files').child($file_id).child("read_only').child(auth.uid) = true
//write access only to the user that created it
.write: root.child('files').child($file_id).child('read_write').val = auth.uid
That's pretty close.
So when uid_0 uploads a file, My File, it is stored in file_id_0. That user then 'invites' another user via their email (assume they exist) to that file. In this case uid_0 invites uid_1 and uid_2 and those user ids are written to the file_id_0 node. Those would be obtained by querying the /users node for those two users.
The sticking point is inviting another user that doesn't already exist.
I think they play there is to have an email watch list node.
watch_list
uid_0
moe@stooges.com: file_id_0
each user observers the users node and if a newly added user email exists in their watch list (uid_0 is watching for moe@stooges.com). Then add them to the file_id_0 /read_only node and remove it from the watch list.
Looking at what I just wrote, it's a bit unelegant so there's probably a better way.
这篇关于Firebase - 限制文件访问特定用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!