Firebase 安全和电话身份验证
[英]Firebase security and phone authentication
问题描述
I'm a new android developer and so confused about firebase rules and phone authentication.
我是一名新的 android 开发人员,因此对 firebase 规则和电话身份验证感到困惑。 I am writing an application for a scheduling system.我正在为调度系统编写应用程序。 Right now, I'm using a phone number to authenticate users.现在,我正在使用电话号码对用户进行身份验证。 In my plan, I want to save the appointments in my realtime database firebase, and for each phone number I want to add user information, like name and their appointments.在我的计划中,我想将约会保存在我的实时数据库 firebase 中,并为每个电话号码添加用户信息,例如姓名和他们的约会。 The first question is how can I create a user for each phone?第一个问题是如何为每部手机创建一个用户? can I do that with phone authentication or do I need to create a user object and save it in the realtime database?我可以通过电话身份验证来做到这一点,还是需要创建一个用户对象并将其保存在实时数据库中? The second question is about security.第二个问题是关于安全的。 I want my users to be able to see all the free appointments and to schedule one or more.我希望我的用户能够查看所有免费约会并安排一个或多个。 What rules do I need to set for each user?我需要为每个用户设置什么规则?
2 个解决方案
解决方案1
1 已采纳 2020-08-24 10:11:47
You can use Firebase Authentication via phone number as here .您可以通过手机号码使用火力地堡身份验证这里。 Once a user authenticates himself then a unique Uid is created for that person which you can use to get the User data using auth variable.一旦用户对自己进行身份验证,就会为该人创建一个唯一的 Uid,您可以使用它来使用auth变量获取用户数据。 This is using Firebaseuser as documented here这是使用此处记录的Firebaseuser
If you want to make custom made fields for a user I would advise to get the Uid and then create a user databse in lets say /Users using the Uid as the primary key, that would be something like /Users/Uid如果您想为用户制作自定义字段,我建议您获取 Uid,然后在/Users使用 Uid 作为主键创建用户数据库,这将类似于/Users/Uid
Further if you want your authenticated users only to see the free appointments you can do something like below, assuming the Appointment branch in root contains the available free slots.此外,如果您希望经过身份验证的用户只看到免费约会,您可以执行如下操作,假设 root 中的约会分支包含可用的空闲插槽。
{
"rules": {
"Appointments": {
"freeSlots": {
".read": "$uid === auth.uid"
}
}
}
}
You can then manipulate the database via your codes, probably shift the free slot from Appointment to the /User/Uid然后您可以通过您的代码操作数据库,可能将空闲插槽从约会转移到/User/Uid
Then if you wish the user to see his slots only, you can write the rules like below然后,如果您希望用户只看到他的插槽,您可以编写如下规则
{
"rules": {
"Users": {
"$uid": {
".write": "$uid === auth.uid"
".read": "$uid === auth.uid"
}
}
}
}
Here the $uid ensures that the user only reads the data belonging to them.这里$uid确保用户只读取属于他们的数据。
You can find further help with security rules here您可以在此处找到有关安全规则的进一步帮助
Hope this could help you a bit?希望这可以帮助你一点?
解决方案2
0 2020-08-24 10:14:41
you already implemented Firebase phone Auth, the next step is to create a document for each user to store the information you want by making use of unique uid String that comes with each user's authentication.
您已经实现了 Firebase 电话身份验证,下一步是通过使用每个用户的身份验证附带的唯一 uid 字符串为每个用户创建一个文档来存储您想要的信息。to add security of who reads/writes what you have to write database rulesInfo here
添加谁读取/写入您必须在此处编写数据库规则信息的安全性
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.