在安全规则中验证 firebase 数据库的密钥中的 email 地址
[英]Validate email address in key of firebase database in security rules
问题描述
I have a working project with wrongly configured database security rules.
我有一个配置错误的数据库安全规则的工作项目。
Here's my current rule -这是我目前的规则 -
{
"rules": {
"$email": {
".read": "$email == auth.token.email.replace('.',',')",
".write": "$email == auth.token.email.replace('.',',')",
},
"test": {
".read": "auth != null",
".write": "auth != null"
}
}
}
and here's my data structure -这是我的数据结构 -
I am using an email as key and I am trying to limit users to their own email keys.我使用 email 作为密钥,我试图将用户限制为他们自己的 email 密钥。 So I am using an email in the security rules.所以我在安全规则中使用了 email。
I am trying to replace '.'我正在尝试替换“。” with ',' in my security rule as '.'在我的安全规则中使用“,”作为“。” is a forbidden character.是禁止字符。
What's the correct syntax for this?什么是正确的语法?
I am getting permission denied error.我收到权限被拒绝错误。
Edit:- It seems like I can write data to database just fine.编辑:-似乎我可以将数据写入数据库就好了。 It's something else that's causing the problem.这是导致问题的其他原因。
Edit 2:- It's the write permission that's giving me permission denied error but writing the data into database anyways.编辑 2:- 是写权限给了我权限被拒绝错误,但无论如何都将数据写入数据库。 I set write permission to true and everything was working fine.我将写权限设置为 true,一切正常。 But obviously I don't want that.但显然我不想那样。
1 个解决方案
解决方案1
1 2021-03-30 18:17:28
I can read my own node without problems with your security rules, and get rejects when reading somebody else's node.我可以读取我自己的节点而不会出现您的安全规则问题,并且在读取其他人的节点时会被拒绝。
My code:我的代码:
firebase.auth().signInWithEmailAndPassword("i@puf.io", "correcthorsebatterystaple")
.then(function() {
ref.child("i@puf,io").once("value").then(function(snapshot) {
console.log("Got value from my own node: "+snapshot.val());
}).catch(function(error) {
console.error("Error while reading my own node: "+error);
});
ref.child("someoneelse").once("value").then(function(snapshot) {
console.log("Got value from other node: "+snapshot.val());
}).catch(function(error) {
console.error("Error while reading other node: "+error);
});
});
My rules我的规则
"66872665": {
"$email": {
".read": "$email == auth.token.email.replace('.',',')"
}
},
And my JSON in the database:还有我在数据库中的 JSON:
"66872665": {
"i@puf,io": "value"
}
Running the code gives me this output:运行代码给了我这个 output:
Got value from my own node: value
Error while reading other node: Error: permission_denied at /66872665/someoneelse: Client doesn't have permission to access the desired data.
For a working repro that you can run, see: https://jsbin.com/jomipef/edit?js,console有关您可以运行的工作重现,请参阅: https://jsbin.com/jomipef/edit?js,console
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.