问题
I have an angular web application and I am not using Firebase Authentication, for logging in my users, as it's done via a service.
Right now, my firestore account has full access, anyone can perform any operation.
I read the documentation of security rules and everywhere it mentioned firebase auth. Is there a way to define rules, without using firebase auth?
回答1:
You can certainly use security rules without Firebase Auth, but you won't be able to write any rules that depend on identifying the individual user. To put it more specifically, you will not be able to use the auth variable effectively at all, since it's only populated with data from Firebase Auth.
Without auth information, all you'll be able to do is check the contents of documents to be created or modified. Yout won't be able to defined secure per-user rules.
来源:https://stackoverflow.com/questions/54083375/setting-firestore-security-rules-without-using-firebase-authentication