我有一个简单的json树,例如: https://ibb.co/rgpznd0 ,我的规则是:
{
"rules": {
".read": "auth.uid !== null",
".write": "false",
}
}
我只需要从数据库中读取数据,我从用户中检索令牌
const accessToken = await user.getIdToken();
,然后使用Axios进行此URL进行get请求:
https://discover-planets-to-visit-default-default-rtdb.europe-west1.firebaseasedatabase.app/qapp/qure {query} .json .json?auth = $ {accessToken}
“> https://discover-planets-to-visit-default-default-rtdb.europe-west1.firebasedatabase.app/japp/japp/japp/quljson?auth?auth = 关于安全规则的警告
///////////////////////////////////////
更新
我试图将这样的规则放入更多安全方法:
{
"rules": {
"destinations": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "false"
}
}
}
}
我尝试这样更改URL:
https://discover-planets-to-visit-default-default-rtdb.europe-west1.firebasebasedatabase.app/destinations.json/json/json/qulqure {uid}?
?即使我将UID放入查询中,Axios请求也无法正常工作。
我还尝试了邮递员的响应,似乎是页面的HTML,我做错了什么。
我该怎么做?并得到JSON回应?
//////////////
更新2个
完整URL。
}
https://discover-planets-to-visit-default-rtdb.europe-west1.firebasedatabase.app/destinations.json/nqhlc86twhehhhhhhhhhhhhhhhhhhhsp7jsupaupajdbkyk1?auth=jut=jun=jun=jun=jun=jun=jun=junpon=jutnion {acccesstoken ,您可以检查下面的答案
I have a simple json tree like this : https://ibb.co/Rgpznd0, and my rules are:
{
"rules": {
".read": "auth.uid !== null",
".write": "false",
}
}
I only need to read the data from the database, i retrieve the token from the user
const accessToken = await user.getIdToken();
and i do a get request with this url with axios:
https://discover-planets-to-visit-default-rtdb.europe-west1.firebasedatabase.app/${query}.json?auth=${accessToken}
this work, but i get some warning from firebase about security rules
///////////////////////////////
UPDATE
I tried to put the rules like this, in a more secure way :
{
"rules": {
"destinations": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "false"
}
}
}
}
I tried changing the url like this:
https://discover-planets-to-visit-default-rtdb.europe-west1.firebasedatabase.app/destinations.json/${uid}?auth=${accessToken}
But now the axios request doesn't work even if i put the uid in the query.
I also tried on postman and the response it's seems the html of the page, I am doing something wrong.
How can i do that? And get a json response?
////////////
UPDATE 2
full url like requested
https://discover-planets-to-visit-default-rtdb.europe-west1.firebasedatabase.app/destinations.json/nQhLc86TWHeHhSP7JSuPAJdBKyk1?auth=${accessToken}
UPDATE 3
I have find a solution to my problem, you can check the answer below
发布评论
评论(1)
我遵循本指南: https://medium.com/@skytreasureareasure/easy-way-way-way-way-to-secure-firebase-firebase-realtime-database-with-rules-with-rules-with-rules-whenen-when-when-you-have-annymons -sign-in-or-already-e8ff1dddfbfc9
在Onauthstatatechanged中,我使用安全键
然后我没有更改其他方法来获取。
}目的地' - “船员” - “技术”取决于女巫页面。
现在数据库是安全的,只有拥有匿名ID的人才能执行请求
I follow this guide: https://medium.com/@skytreasure/easy-way-to-secure-firebase-realtime-database-with-rules-when-you-have-anonymous-sign-in-or-already-e8ff1ddfbfc9
Inside the onAuthStateChanged i set a request to the database with the secure key
Then i didn't change the other methods to fetch.
Instead of query i put: 'destination' - 'crew' - 'technology' depends of witch pages do you go.
Now the database is secure, only who have the anonymous id can do the request