Firebase 云存储:我可以根据规则测试经过身份验证的用户是否可以读取 object 吗?
[英]Firebase Cloud Storage: can I test if an authenticated user can read an object based on the rules?
问题描述
I'm going to be mirroring my Cloud Storage bucket to another Object Store, and want to only make publicly accessible objects that Cloud Storage would allow any unauthenticated user to read.
我打算将我的 Cloud Storage 存储桶镜像到另一个 Object Store,并且只想制作 Cloud Storage 允许任何未经身份验证的用户读取的可公开访问的对象。
I'd like to, when given an object path to an object in Cloud Storage, determine if the object is publicly accessible (the check would be happening in a server context that has access to firebase admin).我想,当给定一个 object 路径到云存储中的 object 时,确定 object 是否可公开访问(检查将在有权访问 firebase 管理员的服务器上下文中进行)。
What are the options here?这里有哪些选项? Is there some way to run a test request through existing rules?有什么方法可以通过现有规则运行测试请求吗? Or would I need to GET (or HEAD?) the object using fetch w/o auth to determine if it's accessible?或者我是否需要使用fetch w/o auth 获取(或 HEAD?)object 以确定它是否可访问? I could access the rules directly and manually parse them, but that feels really fragile.我可以直接访问规则并手动解析它们,但这感觉真的很脆弱。
Maybe storing some info in metadata where I tag the level of access unauthenticated users should have, and tie that into the metadata rules one can write for cloud storage?也许在元数据中存储一些信息,我在其中标记未经身份验证的用户应具有的访问级别,并将其绑定到可以为云存储编写的元数据规则中?
Anyhow, curious if there is an existing pattern for this.无论如何,好奇是否有一个现有的模式。 Thanks in advance!提前致谢!
1 个解决方案
解决方案1
1 已采纳 2022-11-30 23:35:01
I believe you are interested in the projects.test method from the REST API .我相信您对REST API 中的 projects.test 方法感兴趣。 You would construct a test case with an expectation of ALLOW .您将构建一个期望为ALLOW的测试用例。 Your code may look something like this:您的代码可能如下所示:
{
"testSuite": {
"testCases": [
{
"expectation": "ALLOW",
"request": {
"path": "/b/myapp.appspot.com/o/folder/obj_id",
"method": "get",
"auth": null,
"time": "2022-11-30T23:30:08.199Z",
"params": {}
},
"functionMocks": [],
"pathEncoding": "PLAIN",
"expressionReportLevel": "VISITED"
}
]
},
"source": {
"files": [
{
"name": "simulator.rules",
"content": "rules_version = '2';\nservice firebase.storage {\n match /b/{bucket}/o {\n match /{allPaths=**} {\n allow read, write: if\n request.time < timestamp.date(2022, 12, 30);\n }\n }\n}"
}
]
}
}
The test results would then contain an array of results with a state containing whether or not the test succeeded or failed:然后,测试结果将包含一个结果数组,其中 state 包含测试是成功还是失败:
On Success关于成功
{
"testResults": [
{
"state": "SUCCESS",
...
On Failure失败时
{
"testResults": [
{
"state": "FAILURE",
...
I would just use the admin sdk to lookup your security rules for the source JSON file beforehand or I would cache it and update it in your function.我会事先使用管理员 sdk 查找源 JSON 文件的安全规则,或者我会缓存它并在你的 function 中更新它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.