配置firebase实时数据库安全规则以牢固地读取数据
我想设置安全的规则,以读取Firebase实时数据库中的数据。
身份验证的用户只能从数据库中访问其电子邮件地址与名为电子邮件的存储密钥匹配的数据库。
在这里,我将共享实时数据库的JSON结构。
我已经在Firebase数据库中设置了以下读写规则。
{
"rules": {
"timestamp": {
".read": "data.child('email').val() == auth.token.email",
".write": "auth !== null",
}
}
}
使用以上规则,我已经使用firebase规则playground测试了读和写入访问,但似乎不起作用。它不允许身份验证的用户读取数据。
注意: 我已经使用此实时数据库JSON结构来实现该应用程序。因此,我不想更改JSON结构,
有人可以帮助我解决这个问题吗?提前致谢。
I want to set secure rules for read the data from Firebase Realtime Database.
Authenticated user can only be able to access the data from database whose email address is matched with the stored key named email.
Here I am sharing the JSON Structure of the Realtime Database.
I have set the below read and write rules in the firebase database.
{
"rules": {
"timestamp": {
".read": "data.child('email').val() == auth.token.email",
".write": "auth !== null",
}
}
}
With the above rules, I have test the read and write access with Firebase Rules Playground, but it seems not working. It is not allowing the authenticated user to read the data.
Note:
I have already live the application with this RealTime Database JSON Structure. So, I do not want to change JSON structure
Can anybody help to me to solve this problem? Thanks in Advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要按以下方式调整规则。如 doc 您需要<代码> $ 通配符捕获变量指向层次结构级别的节点集”。
换句话说,您的规则对以下
Timestamp节点有效,但对于1639531899477或1639531899488一个:You need to adapt your rule as follows. As explained in the doc, you need to "use
$wildcard capture variables to point to sets of nodes at a level of the hierarchy".In other words, your rule would be valid for the below
timestampnode but not for the1639531899477or1639531899488ones: