[英]Firebase - how to restrict authenticated user's access to certain paths?
Simple enough question: 足够简单的问题:
How do I restrict paths, such as... 我如何限制路径,例如...
/orders/<userid>
/cart/<userid>
/transactions/<userid>/txid
...only to users whose userid
matches the one in the path? ...仅适用于其
userid
与路径中的userid
匹配的用户?
I have authentication set up and I need to subscribe to some of these in Vue after firebase.auth().onAuthStateChanged
我已经设置了身份验证,并且需要在
firebase.auth().onAuthStateChanged
之后在Vue中订阅其中的一些身份验证
It appears, as per the docs here, that in the following rule example, the user token must match the key exactly: 根据此处的文档,似乎在以下规则示例中,用户令牌必须与密钥完全匹配:
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid"
}
}
}
}
Does this mean that, /orders/123456/order123478
will be restricted and only available to user 123456
? 这是否意味着
/orders/123456/order123478
将受到限制,仅对123456
用户可用?
For the realtime database, update your rules to something like this: 对于实时数据库,将规则更新为以下内容:
{
"rules": {
"orders": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
}
}
}
The $uid
key represents any key nested at that level and allows you to reference it in your rules. $uid
键表示嵌套在该级别的任何键,并允许您在规则中引用它。 The auth
variable is provided by Firebase and contains details about the authenticated user who issued the request, so you can compare the requesting user's uid
with the database's uid
key and grant permissions if they match (the nested ".read"
and ".write"
values). auth
变量由Firebase提供,包含有关发出请求的经过身份验证的用户的详细信息,因此您可以将请求用户的uid
与数据库的uid
密钥进行比较,并在匹配时授予权限(嵌套的".read"
和".write"
值)。
So for a user who's uid
is user1
, they would have access to the following data: 因此,对于
uid
为user1
,他们将有权访问以下数据:
{
"orders": {
"user1": {
"order1": read/write,
"order2": read/write
},
"user2": {
"order1": no access,
"order2": no access
},
"user3": {
"order1": no access,
"order2": no access
},
}
Read the documentation and play around with the simulator found in the Rules section of the Firebase dashboard. 阅读文档,并试用Firebase仪表板“规则”部分中的模拟器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.