[英]How to validate the email address in Firebase ssecurity rules
I have been saving user data under a reference ID, and some user info containing email address.我一直在参考 ID 下保存用户数据,以及一些包含电子邮件地址的用户信息。 I want to make the data available, but prevent people guessing ID's and seeing if there is info behind it.
我想让数据可用,但要防止人们猜测 ID 并查看其背后是否有信息。
I only want to give the data if they provide me the ID AND the email address they registered with.如果他们向我提供 ID 和他们注册的电子邮件地址,我只想提供数据。
So I have this data stored in Firebase:所以我将这些数据存储在 Firebase 中:
{ "data" : {
"ms12345678" : {
"name" : "John Doe",
"age" : 40,
"email" : "johndoe@domain.com"
}
}
So doing var ref = firebase.database().ref("data/ms12345678")
should fail, unless I provide johndoe@domain.com
as well.所以做
var ref = firebase.database().ref("data/ms12345678")
应该失败,除非我也提供johndoe@domain.com
。
I am not sure what approach I should take here.我不确定我应该在这里采取什么方法。 I don't want users to authenticate, but provide them with a link.
我不希望用户进行身份验证,而是为他们提供链接。
You can verify that the accounts email address matches that value with:您可以验证帐户电子邮件地址是否与该值匹配:
{
"rules": {
"data": {
"$uid": {
".read": "auth.token.email === data.child('email').val()"
}
}
}
}
See the documentation on auth.token
for a list of the properties available.有关可用属性的列表,请参阅
auth.token
上的文档。
Alternatively you can require that the user knows the email address.或者,您可以要求用户知道电子邮件地址。 To do this, embed the email address into the path of a user:
为此,请将电子邮件地址嵌入到用户的路径中:
{ "data" : {
"ms12345678" : {
"johndoe@domain,com": {
"name" : "John Doe",
"age" : 40,
"email" : "johndoe@domain.com"
}
}
}
With this, you can restrict read-access to people that know the full path:有了这个,您可以将读取访问权限限制为知道完整路径的人:
{
"rules": {
"data": {
"$uid": {
"$email: {
".read": "auth.uid === $uid"
}
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.