Firebase 密码验证
[英]Firebase password validation
问题描述
I have a forum I'm trying to create using firebase.
我有一个正在尝试使用 firebase 创建的论坛。 Certain subforums can only be accessed if the user knows the password.某些子论坛只有在用户知道密码的情况下才能访问。 At the time of joining, the client retrieves the password of the subforum and then checks if the entered password is correct.加入时,客户端取回分论坛的密码,然后检查输入的密码是否正确。
Is there a way to do the password validation server side instead?有没有办法在服务器端进行密码验证?
2 个解决方案
解决方案1
2 2016-05-17 19:58:57
I suggest you use a different aproach to tackle this problem.我建议你使用不同的方法来解决这个问题。 Instead of giving out passwords i suggest you keep a list of the users that can access the subforum in firebase (only admin should be able to write to this list) and use the firebase security rules to check if someone can read / write to the subforum based on that list.我建议您不要给出密码,而是保留一个可以访问 firebase 子论坛的用户列表(只有管理员应该能够写入此列表)并使用 firebase 安全规则来检查是否有人可以读/写子论坛基于该列表。
The rules for your subforum would look a bit like this then:你的子论坛的规则看起来有点像这样:
"forums":{
"$subforum_id": {
".read": "auth != null && root.child('subforums').child($subforum_id).hasChild(auth.uid)",
".write": "auth != null && root.child('subforums').child($subforum_id).hasChild(auth.uid)"
}
}
解决方案2
1 2016-05-19 12:35:27
Your scenarios is quite whacky.你的场景很古怪。 You want to do away with user names and only have passwords.您希望取消用户名而只使用密码。 How are you planning to know who modified the forum entry if you don't identify them?如果您不识别他们,您打算如何知道谁修改了论坛条目?
Anyways, for your ask, you can work something like below where you impersonate a pre-created user when an anonymous user wants to access a forum -无论如何,根据您的要求,您可以像下面这样在匿名用户想要访问论坛时模拟预先创建的用户 -
Enable email authentication in firebase.
在 Firebase 中启用电子邮件身份验证。For every forum password, create a user with these values -
对于每个论坛密码,创建一个具有这些值的用户 -username: forumName@yoursite.com password: forumpasswordNote its uid.
记下它的 uid。Add the respective uid as a child "uid" property to the corresponding forum.
将相应的 uid 作为子“uid”属性添加到相应的论坛。Add simple security rules for password protected forums -
为受密码保护的论坛添加简单的安全规则 -"forums":{ "$subforum_id": { ".read": "auth.uid == data.child('uid')", ".write": "auth.uid == data.child('uid')" } }- Now when an anonymous user wants to access a forum, she must give a password and you will need to hardcode the user name with the appropriate one for the forum she is trying to access.现在,当匿名用户想要访问论坛时,她必须提供密码,并且您需要使用适合她尝试访问的论坛的用户名对用户名进行硬编码。 This way you impersonate an anonymous user as the forum user provided she knows the password.通过这种方式,您可以将匿名用户冒充为论坛用户,前提是她知道密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.