firebase Admin SDK 与 firebase 控制台网页有何不同?
[英]How firebase Admin SDK differs from firebase console web page?
问题描述
I'm developing an android app with firebase as a backend and I heard a word named Admin SDK .
我正在开发一个以 firebase 作为后端的 android 应用程序,我听到了一个名为Admin SDK的词。 I had searched for it and found it is used to manage data.我搜索过它,发现它是用来管理数据的。
But I have a doubt that firebase provides a console webpage (console.firebase.google.com) to manage data, but why there is a separate Admin SDK?但我怀疑 firebase 提供了一个控制台网页 (console.firebase.google.com) 来管理数据,但为什么有一个单独的 Admin SDK?
Can someOne please explain...有人可以解释一下吗...
2 个解决方案
解决方案1
1 2021-07-30 14:08:19
The firebase admin SDK provides a simple and easy way to modify firebase settings and data using API calls. Firebase 管理 SDK 提供了一种使用 API 调用修改 Firebase 设置和数据的简单方法。
For example, you might ask: why should you even have a regular SDK to store data?例如,您可能会问:为什么还要使用常规的 SDK 来存储数据? After all, you can store and save data directly from the web interface.毕竟,您可以直接从 Web 界面存储和保存数据。 It is, however, simply not secure or practical to have users update their own data each time using the console.然而,让用户每次使用控制台更新他们自己的数据是不安全或不切实际的。
Similarly, the admin SDK is just like the regular SDK but with administrator permissions.同样,admin SDK 就像常规 SDK 一样,但具有管理员权限。 For example, it allows you to bypass the rules set up using your firestore rules.例如,它允许您绕过使用 Firestore 规则设置的规则。 The Firebase admin SDK is meant to be used on your backend - so you know it is running trusted software. Firebase 管理 SDK 旨在用于您的后端 - 因此您知道它正在运行受信任的软件。 You know that it will act the way you expect it to, unlike code running client-side that can't be trusted.您知道它将按照您期望的方式运行,这与运行客户端的代码不同,这是不可信的。
For example, let's say that you want to be able to delete a user's post if certain conditions are met.例如,假设您希望能够在满足某些条件时删除用户的帖子。 The user will make the request to your server, and it will check if the conditions are met, and then delete the post using its admin privilages.用户将向您的服务器发出请求,它会检查是否满足条件,然后使用其管理员权限删除帖子。 Sure you could technically automate this using firestorm rules, but those can be quite cumbersome and might not work in more complicated examples.当然,您可以使用 Firestorm 规则在技术上自动执行此操作,但这些规则可能非常麻烦,并且可能无法在更复杂的示例中使用。
You can also even use it to integrate with other applications like connecting your app to a moderation tool or a curse detector that can't or shouldn't run on the client's device.您甚至还可以使用它与其他应用程序集成,例如将您的应用程序连接到无法或不应在客户端设备上运行的审核工具或诅咒检测器。
解决方案2
0 2021-07-30 14:35:25
Is your question is why does Admin SDK exists?您的问题是为什么 Admin SDK 存在?
- There are several administrative tasks such as deleting users, listing collections and many more which the client cannot and should not be able to do.有几个管理任务,例如删除用户、列出集合等等,客户端不能也不应该做更多的事情。
- Firebase Admin SDK has admin access to your Firebase project's resources. Firebase Admin SDK 拥有对 Firebase 项目资源的管理员访问权限。
- It does not obey any security rules and can read/write any of your database, storage bucket..它不遵守任何安全规则,可以读/写您的任何数据库、存储桶..
That is why you must use Admin SDK in a server (or cloud function only).这就是为什么您必须在服务器(或仅云功能)中使用 Admin SDK。 Although I feel Firebase Admin SDK is more useful if you use your own servers and authentication method.虽然我觉得如果您使用自己的服务器和身份验证方法,Firebase Admin SDK 会更有用。 If you are using a custom server then:如果您使用的是自定义服务器,则:
- It can be used to generate custom token so you can authenticate users using your own method (maybe legacy auth system) but still use Firebase Authentication to handle the auth tokens thereafter.它可用于生成自定义令牌,因此您可以使用自己的方法(可能是旧版身份验证系统)对用户进行身份验证,但此后仍使用 Firebase 身份验证来处理身份验证令牌。
- If you use your own database (and not any from Firebase), the Admin SDK can verify the ID Token sent by client and get identity of that user.如果您使用自己的数据库(而不是来自 Firebase 的任何数据库),Admin SDK 可以验证客户端发送的 ID 令牌并获取该用户的身份。 Thereafter it's could be a simple if-else statement for you to decide if the user has access to the request resource or not.此后,您可以使用一个简单的 if-else 语句来决定用户是否有权访问请求资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.