firebase实时数据库规则不起作用
我一直在这个论坛上进行搜索,这帮助我在Firebase中开发了整个项目,但我无法找到问题的答案。
我创建了一个小型投票应用程序,用户在其中注册,只有在验证电子邮件时才能投票。每次用户注册时,都会使用sendemailverification()方法发送验证电子邮件。显然,我可以(我将)基于user.emailverified value(是或fals)隐藏/显示UI,但是为了获得更多安全性,我已经配置了以下规则:
{
"rules": {
//only users can write, noone can read
".read": false,
".write": "auth.uid != null",
"users": {
"$uid": {
//Inside /users, users can read/write in child /$uid only if the $uid of the user matches with the /$uid that is the branch name for each user
".read": "$uid === auth.uid",
".validate": "$uid === auth.uid",
"votos": {
//only users that verified the email can read/write in this child object
".validate": "auth.token.email_verified === true",
}
}
},
"lists": {
//only users that verified the email can read/write here
//read is public because you dont need to be logged in to see the votes of the lists
".read": true,
".validate": "auth.token.email_verified == true",
}
}
}
我已经在控制台中完成了测试 。模拟器和所有内容似乎都可以正常工作,但是当我去网络时,即使我已经验证了电子邮件,也不会让我投票。
基本上,我只能想到:
- 我尚未正确配置规则(但是控制台模拟器给我带来了我期望的结果)
- 我尚未正确配置验证验证,
- 这还不足以发送验证电子邮件。当用户验证邮件,令牌或用户数据中应包含某些内容时,可能是吗?我相信
“。validate”:“ auth.token.email_verified === true”,是用user.emailverified的true或false完成的,但是我不是这方面的专家...
我唯一看到的类似的问题是与user.emailverified单击验证链接后未更新,这使该值始终为false。但是,我不知道。
如果有人能帮助我,我真的很感激。这是我在论坛上的第一个问题,对不起,如果我做错了什么。
I have been searching in this forum that has helped me a lot to develop my entire project in firebase but I have not been able to find the answer to my question.
I have created a small voting app where users register and can only vote if they have verified their email. Every time a user registers, a verification email is sent with the sendEmailVerification() method. Obviously I can (and I will) hide/show the UI based on user.emailVerified value (true or false) but for more security, I have configured the following rules:
{
"rules": {
//only users can write, noone can read
".read": false,
".write": "auth.uid != null",
"users": {
"$uid": {
//Inside /users, users can read/write in child /$uid only if the $uid of the user matches with the /$uid that is the branch name for each user
".read": "$uid === auth.uid",
".validate": "$uid === auth.uid",
"votos": {
//only users that verified the email can read/write in this child object
".validate": "auth.token.email_verified === true",
}
}
},
"lists": {
//only users that verified the email can read/write here
//read is public because you dont need to be logged in to see the votes of the lists
".read": true,
".validate": "auth.token.email_verified == true",
}
}
}
I have done tests in the console simulator and everything seems to work correctly but when I go to the web it does not let me vote even though I have verified my email.
Basically I can only think of:
- I have not configured the rules correctly (but the console simulator gives me the results I expect)
- I have not configured the validations correctly
- It is not enough to send the verification email. Could it be that when the user verifies the mail, a token or something should be included in the url or in the user's data? I believe that
".validate": "auth.token.email_verified === true",is done with the true or false value ofuser.emailVerifiedof the user, but I am not an expert in this...
The only thing I've seen similar is problems related to user.emailVerified not being updated after clicking the verification link and this made the value always false. But again, I have no idea.
If anyone can help me, I really appreciate it. This is my first question on the forum, sorry if I did something wrong.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论