本文介绍了Firebase - 限制文件访问特定用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

使用Firebase的用户登录
  • 用户将文件上传到Firebase存储

  • 用户输入不同用户的电子邮件地址。该用户帐户可能已经存在。如果没有,收件人将收到一封电子邮件,提示他们注册。

  • 上传的文件现在只能提供给上传的用户(读/写)和其他用户上面的电子邮件地址(只读)。


    这是我到目前为止的尝试:




    • 使用FirebaseAuth注册后,我将用户的电子邮件地址和 uid 存储在实时数据库中。

    • 在用户上传文件并输入收件人的电子邮件地址后,我检查实时数据库的地址。如果存在,我检索收件人的 uid 并将其存储在文件的元数据中。 在我的Firebase存储安全规则中,如果 auth.uid 与存储在文件元数据中的 uid 匹配



      • 这应该可以,但是如果用户帐户还不存在,我该怎么办?


        • 我可以在用户输入收件人的电子邮件地址后创建一个新帐户。如果我这样做,我必须指定一个密码。我可以指定一个随机密码,并使用密码重置电子邮件,但这不是一个好的用户体验,也因为你不能完全自定义重置电子邮件。


        • 如果我不立即创建新帐户,如何确保只有具有此电子邮件地址的用户才能访问该文件?将电子邮件地址存储在文件的元数据中不起作用,因为它可能会在以后更改。

        • 这里的思维方式太复杂了。有没有更容易的方法来实现这一点,或者我忽略了一些东西?编辑:我已经调查了一些,我认为一种方法来做到这一点将是使用Firebase存储指南建议的自定义身份验证令牌此处。这将需要我设置自己的auth服务器,但这首先会破坏使用Firebase身份验证的目的。有没有更简单的方法来实现这一点?

          解决方案

          这应该是相当简单的:

           文件
          file_id_0
          file_name:我的文件
          read_write:uid_0
          read_only:
          uid_1:true
          uid_2:true

          当然还有用户

           用户
          uid_0
          名称:Larry
          电子邮件地址:
          larry@stooges.com
          uid_1
          名称:Curly
          电子邮件:curly@stooges.com
          uid_2
          名称:Moe
          电子邮件:moe@stooges.com

          和一些漂亮的概念规则

          pre code $规则
          .read: false
          .writ:false
          文件
          $ file_id
          //给上传文件的人读取访问这个节点以及
          //任何用户ID它存在于read_only节点
          .read:root.child('files')。child($ file_id).child('read_write')中。 val = auth.uid ||
          root.child('files')。child($ file_id).child(read_only)。child(auth.uid)= true
          //仅对创建它的用户写入权限$ ($ file_id).child('read_write')。val = auth.uid

          非常接近。

          所以当uid_0上传一个文件,我的文件,它存储在file_id_0。通过他们的电子邮件(假设他们存在)邀请另一个用户到这个文件,在这种情况下,uid_0邀请uid_1和uid_2,这些用户id被写入file_id_0节点,通过查询这两个用户的/ users节点。



          我认为他们在那里玩

          $ $ $ $ $ $ c $ watch_list
          uid_0
          moe@stooges.com:file_id_0

          每个用户观察用户节点,如果一个ne wly添加用户电子邮件存在于他们的观察名单(uid_0正在观看moe@stooges.com)。然后将它们添加到file_id_0 / read_only节点,并将它从观察列表中删除。



          看看我刚写的东西,有点不雅观,所以可能有更好的办法。

          I'm trying to achieve the following behavior using Firebase:

          • User logs in using Firebase Authentication
          • User uploads a file to Firebase Storage
          • User enters an email address of a different user. This user account may already exist. If not, the recipient gets an email prompting them to sign up.
          • The uploaded file should now be available only to the user who uploaded it (read/write) and to the other user with the above email address (read only).

          This is what I've been trying so far:

          • After using FirebaseAuth to sign up, I store the user's email address and uid in the Real-Time Database.
          • After the user uploads a file and enters the recipient's email address, I check the Real-Time Database for that address. If it exists, I retrieve the recipient's uid and store it in the file's metadata.
          • In my Firebase Storage security rules, I check if the auth.uid matches the uid stored in the file metadata.

          This should work well, but what do I do if the user account does not yet exist?

          • I could create a new account after the user enters the recipient's email address. If I do that though, I have to specify a password. I could specify a random password and use the password reset email, but that isn't a good user experience, also because you can't fully customize the reset email.

          • If I don't create the new account right away, how can I make sure that only the user with this email address can access the file? Storing the email address in the file's metadata doesn't work since it could change later.

          I have a feeling I'm thinking way too complicated here. Is there an easier way to achieve this, or am I overlooking something?

          EDIT: I've investigated a bit more and I think one way to do this would be by using a custom auth token, which is suggested by the Firebase Storage guide here. That would require me to setup my own auth server though, which kind of defeats the purpose of using Firebase Authentication in the first place. Is there an easier way to achieve this?

          解决方案

          This should be fairly straightforward:

          files
            file_id_0
              file_name: My File
              read_write: uid_0
              read_only:
                uid_1: true
                uid_2: true
          

          and of course you have users

          users
            uid_0
              name: Larry
              email: larry@stooges.com
            uid_1
              name: Curly
              email: curly@stooges.com
            uid_2
              name: Moe
              email: moe@stooges.com
          

          and some spiffy conceptual rules

          rules
            .read: false
            .writ: false
            files
              $file_id
                //give the person that uploaded the file read access to this node as well as
                //  any user id that exists in the read_only node
                .read: root.child('files').child($file_id).child('read_write').val = auth.uid ||
                      root.child('files').child($file_id).child("read_only').child(auth.uid) = true
               //write access only to the user that created it
               .write: root.child('files').child($file_id).child('read_write').val = auth.uid
          

          That's pretty close.

          So when uid_0 uploads a file, My File, it is stored in file_id_0. That user then 'invites' another user via their email (assume they exist) to that file. In this case uid_0 invites uid_1 and uid_2 and those user ids are written to the file_id_0 node. Those would be obtained by querying the /users node for those two users.

          The sticking point is inviting another user that doesn't already exist.

          I think they play there is to have an email watch list node.

          watch_list
             uid_0
               moe@stooges.com:  file_id_0
          

          each user observers the users node and if a newly added user email exists in their watch list (uid_0 is watching for moe@stooges.com). Then add them to the file_id_0 /read_only node and remove it from the watch list.

          Looking at what I just wrote, it's a bit unelegant so there's probably a better way.

          这篇关于Firebase - 限制文件访问特定用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

  • 08-20 08:52
    查看更多