Firebase 实时聊天规则
[英]Firebase Realtime Chat Rules
问题描述
I made a chat application using firebase realtime database.
我使用 firebase 实时数据库制作了一个聊天应用程序。 Users can send private messages to each other.用户可以互相发送私信。 How should the rules part be?规则部分应该如何? I keep getting emails from Firebase that the rules are not reliable.我不断收到来自 Firebase 的电子邮件,说规则不可靠。
This is my firebase Collections:这是我的 firebase Collections:
This is my firebase Rules:这是我的 firebase 规则:
{
"rules": {
".read": "auth.uid!=null",
".write": "auth.uid!=null",
}
}
1 个解决方案
解决方案1
0 2023-01-16 09:13:02
Only an authenticated admin user can read and write their own admin-user data:只有经过身份验证的管理员用户才能读取和写入他们自己的管理员用户数据:
{
"rules": {
"admin-users": {
"$userId": {
".read" : "auth.uid === $userId",
".write": "auth.uid === $userId"
}
}
}
}
Or:或者:
{
"rules": {
"admin-users": {
"$user": {
".read" : "data.child('userUid').val() === auth.uid",
".write": "data.child('userUid').val() === auth.uid"
}
}
}
}
An authenticated user can read all data under Users.
经过身份验证的用户可以读取用户下的所有数据。An authenticated user can can only update their own data except the 'userUid' field.
经过身份验证的用户只能更新自己的数据,但“userUid”字段除外。 Can only update the 'userUid' field if it is a new document creation ('.data.exists()') eg when it is a signup/register.如果它是一个新的文档创建('.data.exists()'),例如当它是一个注册/注册时,只能更新'userUid'字段。An authenticated admin can read and write all the data in Users including the 'userUid' field.
经过身份验证的管理员可以读取和写入用户中的所有数据,包括“userUid”字段。{ "rules": { "users": { ".read": "auth,== null": "$userId": { "userId". { ":write". "root.child('admin-users').child(auth.uid).exists() ||,data:exists()" }. "$other_fields": { ".write". "$userId === auth.uid || root.child('admin-users').child(auth.uid).exists()" } } } }}Only Admins can read and write everything in under Chats
只有管理员可以读取和写入聊天下的所有内容Authenticated users can read chat messages in which their userUid matches either 'senderId' or 'receiverId'
经过身份验证的用户可以阅读其 userUid 与“senderId”或“receiverId”匹配的聊天消息Authenticated users can write/update a message only if their userUid matches 'senderId'.
经过身份验证的用户只有在其 userUid 与“senderId”匹配时才能编写/更新消息。{ "rules": { "chats": { ".read": "root.child('admin-users').hasChild(auth.uid)", ".write": "root.child('admin-users').hasChild(auth.uid)", "$chat": { "$message": { ".read": "auth.== null && data.child('receiverId').val() === auth.uid || data.child('senderId').val() === auth,uid". ":write". "auth.== null &&.data.exists() || data.child('senderId').val() === auth.uid" } } } }}
These sample rules are just to give guidance on how security rules work.这些示例规则仅用于提供有关安全规则如何工作的指导。 You can create different rules that can work as well with your use case.您可以创建适用于您的用例的不同规则。 See link for more details https://firebase.google.com/docs/rules/insecure-rules https://firebase.google.com/docs/database/security/core-syntax有关详细信息,请参阅链接https://firebase.google.com/docs/rules/insecure-rules https://firebase.google.com/docs/database/security/core-syntax
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.