Firebase Cloud Firestore限制用户访问(银行应用程序)

本文介绍了Firebase Cloud Firestore限制用户访问(银行应用程序)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用Firebase Cloud Firestore开发银行应用程序.我已经设定了这样的规则:

I am working on a banking app using firebase cloud firestore. I have already set the rules like so:

// Allow read/write access on all documents to any user signed in to the application
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.uid != null;
    }
  }
}

我的数据库的结构如下:

My database is structured like this:

/consumers/{consumer_id}/transactions/{transaction_id}

{consumer_id}将包含该消费者的帐户余额以及其他详细信息，而{transaction_id}将包含有关每笔交易的详细信息.

the {consumer_id} will contain the account balance for that consumer along with other details and the {transaction_id} will contain the details about each transaction.

因此，如果任何经过身份验证的用户想要说，可以使用android应用程序/Web应用程序提取资金.问题是，同一用户是否可以在我不知情的情况下使用其具有REST端点的凭据访问数据库(例如，更新其帐户余额)?如果是这样，我如何防止他们这样做?

So if any authenticated user wanted to say, withdraw money they can do so using the android app/Web app. The problem is, can that same user access the database (eg: update their account balance) using their credentials with the REST endpoints without my knowledge? If so how do I prevent them from doing so?

推荐答案

无法将对Firestore的访问限制为仅使用您的应用的用户.拥有Firebase项目的配置数据的任何人都可以调用该项目中的API.并且，一旦您发布应用程序，就将与这些用户共享配置数据.因此，您必须假设某些恶意用户有时会在不使用您的应用程序的情况下调用项目上的API.

There is no way to limit access to Firestore to just users who are using your app. Anyone who has the configuration data for your Firebase project, can call the APIs in that project. And as soon as you publish your app, you're sharing the configuration data with those users. So you'll have to assume that some malicious user(s) will at some point call APIs on your project without using your app.

由于这个原因，您应该强制执行在可信环境中拥有的所有业务规则，例如开发机器，您控制的服务器，Cloud Functions或...服务器端安全规则.由于没有用户可以访问其中任何一个，即使他们运行自己的代码，也将被迫遵守您的业务规则.

For this reason you should enforce all business rules that you have in a trusted environment, such as your development machine, a server you control, Cloud Functions, or... server-side security rules. Since no user can access any of these, even if they run their own code, they'll be forced to adhere to your business rules.

一些例子:

每个交易文档可能包含正在发布该交易的用户的UID，当然，用户应该只能使用自己的UID来发布交易.您可以使用以下类似的规则在安全规则中强制执行此操作:

Each transaction document probably contains the UID of the user who is posting that transaction, and of course users should only be able to post transactions with their own UID. You can enforce this in security rules with something like:

match /databases/{database}/documents {
  match /consumers/{consumer_id}/transactions/{transaction_id}/ {
    allow write: if request.resource.data.posted_by == request.auth.uid;
  }
}

因此，现在任何人(无论他们是否使用您的应用程序)都只能在该文档包含自己的UID的情况下发布交易.您可能需要进一步验证，例如是否为他们提供了帐户凭证，也许您是否已经以某种方式验证了他们的帐户.所有这些通常都可以通过服务器端安全规则来完成.

So now anyone (no matter if they're using your app or not) can only post transactions if that document contains their own UID. You'll probably want to verify a bit more, such as whether there is even a account document for them, and maybe whether you've verified their account in some way. All of these can typically be done from server-side security rules.

有关此问题的更多信息，请参阅有关在安全性中访问其他文档的文档规则，专业系列有关构建安全应用的视频，以及此有关安全规则的视频.

For more on this, see the documentation on accessing other documents in security rules, the pro-series video on building secure apps, and this video on security rules.

由于每个帐户的余额都保留在其父文档中的/consumers/{consumer_id} 下，因此，每当有交易记录在该文档下时，您都需要更新该文档.尽管可以从安全规则中做到这一点，但它会涉及很多.在服务器端代码中执行余额的此更新将更加容易.

Since you keep the balance of each account in their parent document under /consumers/{consumer_id}, you'll need to update that document whenever a transaction is posted under it. While this is possible from within security rules, it's going to be quite involved. It's going to be easier to perform this update of the balance in server-side code.

一个好的解决方案是运行将余额更新为Cloud Function的代码，该代码在每次创建交易时都会触发(和/或在允许的情况下进行更新).由于此代码在受信任的环境中运行，因此您可以确保只有您才能对其进行修改，从而可以安全地更新新的/修改后的交易的余额.

A good solution for this is to run the code that updates the balance as a Cloud Function that gets triggered whenever a transaction is created (and/or updated if you allow that). Since this code runs in a trusted environment, you can be sure only you can modify it, and thus it can safely update the balance for the new/modified transaction.

这篇关于Firebase Cloud Firestore限制用户访问(银行应用程序)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！

Some