如何在没有任何身份验证的情况下保护 Cloud Firestore 集合和子集合?
[英]How to secure Cloud Firestore collection and sub collection without any auth?
问题描述
How do I can secure Cloud Firestore without any auth uid.
如何在没有任何身份验证 uid 的情况下保护Cloud Firestore 。
Why without ?为什么没有?
Because I have a simple chat application and I am not storing their auth uid while they register.因为我有一个简单的聊天应用程序,并且在他们注册时我没有存储他们的 auth uid。 Also they can open their app after first registration without any login so I dont know how can I understand who is logged in already and then let them to read or write operations.此外,他们可以在首次注册后打开他们的应用程序而无需任何登录,所以我不知道我如何了解谁已经登录,然后让他们进行读取或写入操作。
Therefor I want to secure Cloud Firestore without any authentications.因此,我想在没有任何身份验证的情况下保护 Cloud Firestore。
Any help if is it possible ??如果可能的话有什么帮助吗??
1 个解决方案
解决方案1
0 2020-02-06 11:57:30
First, you have to ask the question, "How can firebase detect that your user is after login part of the app?"首先,您必须问一个问题,“firebase 如何检测您的用户在登录应用程序的一部分之后?”
I would recommend not to throw auth away, but when you want to get rid of any email and password auth, you can use anonymous login or custom auth system that Firebase is providing.我建议不要丢弃身份验证,但是当您想摆脱任何电子邮件和密码身份验证时,您可以使用 Firebase 提供的匿名登录或自定义身份验证系统。
Firestore security rules have just simple things provided that will not help solve your problem. Firestore 安全规则仅提供一些简单的内容,但无助于解决您的问题。 You have request object that is providing auth, time, type, etc. and resource object that is providing firestore document data.您有提供身份验证、时间、类型等的请求对象和提供 firestore 文档数据的资源对象。 None of those will help you.这些都不会帮助你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.