付款表的Firestore安全规则

发布于 2025-01-31 11:22:21 字数 250 浏览 4 评论 0原文

我正在创建一个抽奖网站。用户连接他的钱包，并支付抽奖券。经过区块链交易确认后，我在Firestore的收藏中添加了他的抽奖券。

这会导致安全问题，因为如果我允许用户在我的Firebase安全规则中写入抽奖券收集，他可以在不付款的情况下创建自己的票。

我只需要在成功付款时才能将门票添加到数据库中。

我不知道有付款手段的网站是如何做到的。也许Firebase不是一个好的解决方案？

我的项目在React/Typescript中。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

避讳 2025-02-07 11:22:21

您说您是通过区块链进行付款的，我认为您将坚固性用作智能合同语言？

您为什么不在您的智能合约中发出事件？
然后，您在a上听这些事件（分开）服务器。
每当发出事件时，这会更新您（ firebase ）数据库。

（未经测试的）示例代码：

您如何发出坚固的事件？（Raffle.sol）

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Raffle {
    event PaymentCompletion(address buyer, uint256 amountOfTickets);

    function buyTickets() external payable {
        emit PaymentCompletion(msg.sender, msg.value)
    }
}

您如何听这些事件？
使用Web3JS时：

const contract = new web3.eth.Contract(CONTRACT_ABI, CONTRACT_ADDRESS);
const lastBlock = await web3.eth.getBlockNumber()

// paymentEvents is an array containing the payments of the last 500 blocks.
const paymentEvents = await contract.getPastEvents(
    'PaymentCompletion', // change if your looking for a different event
    { fromBlock: latestBlock - 500, toBlock: 'latest' }
);

现在通过这些事件迭代并将它们放入您的数据库中。您还可以每当创建新块时通知您，因此您可以检查当前块内的新事件。

如果您将第一个区块链事件添加到Firebase 实时数据库中，这就是外观。

var db = admin.database();
var ref = db.ref("/payments");

// ...

ref.child("path/to/transaction").set({
    buyer: paymentEvents[0].buyer,
    amountOfTickets: paymentEvents[0].amountOfTickets,
    // put the rest of your data here
}, (err) => {
    if (err) {
        console.error(err)
    }
})

或者（如果您不想在区块链上处理付款），也可以看一下 Stripe 还有一个firebase插件，可轻松集成。（但是我从未尝试过）。但是，IMO使用区块链处理付款将是最清洁的解决方案。（+您没有处理费用的使用费用）。

我希望我能给你一些好线索！火基绝对应该适合此。

You say you do the payment over the blockchain and I assume you use solidity as your smart contract language?

Why don't you emit an event in your smart contract?
You then listen for these events on a (seperate) server.
That updates your (firebase) database whenever an event was emitted.

(Untested) Sample Code:

How do you emit events in solidity? (raffle.sol)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Raffle {
    event PaymentCompletion(address buyer, uint256 amountOfTickets);

    function buyTickets() external payable {
        emit PaymentCompletion(msg.sender, msg.value)
    }
}

How do you listen to these events?
when using web3js:

const contract = new web3.eth.Contract(CONTRACT_ABI, CONTRACT_ADDRESS);
const lastBlock = await web3.eth.getBlockNumber()

// paymentEvents is an array containing the payments of the last 500 blocks.
const paymentEvents = await contract.getPastEvents(
    'PaymentCompletion', // change if your looking for a different event
    { fromBlock: latestBlock - 500, toBlock: 'latest' }
);

now iterate through these events and put them into your database. You can also set up a subscription which notifies you whenever a new block was created, so you can check if new events were inside of the current block.

This is what it would look like if you add the first blockchain event to the firebase realtime database.

var db = admin.database();
var ref = db.ref("/payments");

// ...

ref.child("path/to/transaction").set({
    buyer: paymentEvents[0].buyer,
    amountOfTickets: paymentEvents[0].amountOfTickets,
    // put the rest of your data here
}, (err) => {
    if (err) {
        console.error(err)
    }
})

Alternatively (if you don't want to handle the payment on the blockchain) you could also take a look at stripe, it also has a firebase plugin for easy integration. (but I've never tried it out). However, imo using the blockchain for handling the payment would be the cleanest solution. (+ you don't have the handling fees stripe uses).

I hope I could give you some good clues! Firebase should be definitely suitable for this.

回复收藏 0 原文

~没有更多了~