问题描述
我有一个客户希望能够制作一个可以访问数据的受限电子邮件列表.因此,使用该应用程序的其他人根本无法读取/写入任何数据(理想情况下甚至无法登录,但我认为 Firebase 不可能实现?).关于如何解决这个问题的任何想法?我曾想过拥有一系列已接受的电子邮件并检查他们的电子邮件是否存在于安全规则中,但这似乎不起作用.我在数据库中有以下内容:
I have a client that would like to be able to make a list of restricted emails that can access the data. So anyone else coming to the app can't read/write any data at all ( ideally can't even log in but I don't think that's possible with Firebase? ). Any ideas on how to go about this? I had thought of having an array of accepted emails and checking whether their email existed in the security rules but that didn't seem to work. I had the following in the database:
"validEmails": ["[email protected]"]
然后在安全规则中:
".read": "root.child('validEmails').val().indexOf(auth.token.email) > -1"
但看起来你不能在那些安全规则中使用 indexOf
.
But it looks like you can't use indexOf
in those security rules.
也许我需要一个可接受的电子邮件列表,然后当用户注册时,它会检查他们是否在该列表中并将他们的 UID 添加到可接受的列表中?我想我可以通过云功能或其他什么来做到这一点?
Maybe I need to have a list of acceptable emails, and then when a user signs up it checks whether they're in that list and adds their UID to an accepted list? I guess I could do this through a cloud function or something?
任何帮助将不胜感激.
干杯
推荐答案
谢谢大家,我最终做了一个可接受的电子邮件列表:
Thanks guys, what I ended up doing was having a list of acceptable emails:
{
"validEmails": ["[email protected]"],
"validUsers": {}
}
然后运行云功能以检查用户何时注册他们的电子邮件是否在有效电子邮件列表中.如果是,则将它们添加到有效用户列表中,如果不是,则删除新创建的用户.我还设置了数据规则,以便只有 validUsers 中的用户才能访问数据.
and then have a cloud function run to check when a user signed up if their email was in the valid email list. If it was then it added them to the valid users list and if not it deleted the newly created user. I also set up data rules so that only users within validUsers could access the data.
然后前端处理无效用户的重定向等.
The front-end then handled the redirection etc for invalid users.
这篇关于通过电子邮件限制 Firebase 用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!