问题描述
我在使用 Cloud 功能和 Firestore 规则时遇到了一些问题.我想在 Firestore 上使用具有有限权限的云功能并给予仅具有安全规则中定义的访问权限
I have some trouble with Cloud function and firestore rules.I would like use cloud function with limited privilèges on Firestore and giveonly has access as defined in the Security Rules
它在 RTDB 上运行没有问题,但在 Firestore 上却没有.
It's working without problem on RTDB but not on Firestore.
我已经尝试过这个规则
service cloud.firestore {
match /databases/{database}/documents {
match /init/{ID=**} {
allow read, write: if true;
}
match /test/{ID=**} {
allow read, write: if false;
}
}
}
还有这个
const admin = require('firebase-admin');
const functions = require('firebase-functions');
const FieldValue = require('firebase-admin').firestore.FieldValue;
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: 'https://******.firebaseio.com',
databaseAuthVariableOverride: {
uid: 'my-worker',
},
});
const db = admin.firestore();
exports.onTestRights = functions.firestore
.document('init/{initID}')
.onCreate((event) => {
const initID = event.params.initID;
return db.collection('test').doc(initID).set({'random key': 'random value'}).then(()=>{
console.log('working');
return;
}).catch((err) =>{
console.log('error: ', err);
return;
});
});
但它仍然是这样写的,而它应该是权限被拒绝"
But it's still writing so whereas it should be "permission denied"
有人知道它在 Firestore 上是否正常(或尚未植入)还是我误解了什么?
Anyone know if it's normal(or not yet implanted) on firestore or I have misunderstood something ?
当然,我的最终目标不是使用此规则,而是仅使用 (allow read, write: if request.auth.uid == 'my-worker';
)
Of course my final goal is not with this rules, but only give write/read access on some documents/collections using (allow read, write: if request.auth.uid == 'my-worker';
)
编辑 2:如果在使用此模型
推荐答案
您已经注意到 databaseAuthVariableOverride
仅适用于实时数据库.现在没有任何东西可以让您在 Admin SDK 中对 Firestore 执行相同的操作.
As you've noticed databaseAuthVariableOverride
only works for the Realtime Database. There is nothing right now that allows you to do the same for Firestore in the Admin SDK.
如果您想限制对服务器代码的访问权限,可以使用的一种解决方法是使用客户端 JS SDK 而不是 Firebase Admin,并使用自定义令牌登录用户.这是执行此操作的示例代码:
One workaround you could use if you want to limit the access rights on your server code is to use the Client JS SDK rather than Firebase Admin and sign the user-in using a custom token. Here is a sample code to do this:
// Configure Firebase Client SDK.
const firebase = require('firebase/app');
require('firebase/auth');
require('firebase/firestore');
firebase.initializeApp({
// ... Initialization settings for web apps. You get this from your Firebase console > Add Firebase to your web app
});
// Configure Firebase Admin SDK.
const admin = require('firebase-admin');
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
});
// Create Custom Auth token for 'my-worker'.
const firebaseReady = admin.auth().createCustomToken('my-worker').then(token => {
// Sign in the Client SDK as 'my-worker'
return firebase.auth().signInWithCustomToken(token).then(user => {
console.log('User now signed-in! uid:', user.uid);
return firebase.firestore();
});
});
// Now firebaseReady gives you a Promise that completes with a authorized firestore instance. Use it like this:
exports.onTestRights = functions.firestore
.document('init/{initID}')
.onCreate(event => {
const initID = event.params.initID;
return firebaseReady.then(db => db.collection('test').doc(initID).set({'random key': 'random value'}).then(() => {
console.log('working');
return;
}).catch((err) =>{
console.log('error: ', err);
return;
});
);
});
这篇关于如何在 Firestore 上使用具有有限权限的 Admin SDK?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!