firebase-security

问题 I see in the Writing conditions for Cloud Firestore Security Rules documentation that a (server side) custom function can be run against new writes. My question is: do I even need to worry about sanitizing textarea user input before writing/saving that to FireStore, or does Firestore automatically do this? If I need to sanitize user input, what would a javascript function look like to do that? What characters should I disallow or remove from the string? Thanks in advance. 回答1: Firestore does

问题 I want to use await inside streambuilder. However, if you use async inside, you get an error. On the code below !!!!!!!! That's the part I want to solve. Thank you very much if I can tell you how. class _MemoStreamState extends State<MemoStream> { final _fireStore = Firestore.instance; @override Widget build(BuildContext context) { return StreamBuilder<QuerySnapshot>( stream: _fireStore .collection(widget.logInUsrEmail) .orderBy('id', descending: false) .snapshots(), builder: (context,

问题 I have a Flutter app in which users can make posts and tag the post as belonging to a group. Posts are stored in a global collection and each has a Post.groupId field: /posts/{postId} Based on my Firestore security rules and queries, users are only allow to read posts if they are in the group for which the post is tagged (i.e the posts's groupId field). Approved group users are stored in: /groups/{groupId}/users/{userId} I could query the posts from a particular user's group like: _firestore

问题 I have a Flutter app in which users can make posts and tag the post as belonging to a group. Posts are stored in a global collection and each has a Post.groupId field: /posts/{postId} Based on my Firestore security rules and queries, users are only allow to read posts if they are in the group for which the post is tagged (i.e the posts's groupId field). Approved group users are stored in: /groups/{groupId}/users/{userId} I could query the posts from a particular user's group like: _firestore

问题 Firebase told me that my Database is not secure because I had as rules: service cloud.firestore { match /databases/{database}/documents { match /mypath/{document=**} { allow write: if true; allow read, delete: if false; } } } I do not have problem about read and delete since only my server that use FirebaseAdmin can do such operations. However I still have a problem regarding write operations. This is the reason why I switch to this configuration: service cloud.firestore { match /databases/

问题 This question already has an answer here : Firebase - Is auth.uid a shared secret? (1 answer) Closed 2 years ago . I've been reading Firebase Realtime Database Security Rules guides (https://firebase.google.com/docs/database/security), and I'm a bit confused with regards to should I keep the UID generated by the Firebase Auth (lets say if my App users use Facebook to authenticate themselves) secret? I have this kind of data structure: users UID Lots of nodes of personal data to be read

问题 firebase --version 8.4.1 with Firebase init I created some files. Now firebase deploy is complaining about firebase.storage. The error message is: Ruleset uses old version (version [1]). Please update to the latest version (version [2]). What is wrong with it? firebase deploy deploying database, storage, firestore, functions, hosting database: checking rules syntax... database: rules syntax for database $db is valid firebase.storage: checking storage.rules for compilation errors... undefined

问题 I want to restrict the Firebase Authentication only by ne mail domain name, to make this mail access to my application : exemple@exemple.fr I did this in the database side of firebase { "rules": { ".read": "auth.token.email.endsWith('@exemple.fr')", ".write": "auth.token.email.endsWith('@exemple.fr')" } } I think i'm doing something wrong, thank you for your help. 回答1: Try this { "rules": { ".read": "auth.token.email.matches(/.*@exemple.fr$/)", ".write": "auth.token.email.matches(/.*@exemple

问题 I want to restrict the Firebase Authentication only by ne mail domain name, to make this mail access to my application : exemple@exemple.fr I did this in the database side of firebase { "rules": { ".read": "auth.token.email.endsWith('@exemple.fr')", ".write": "auth.token.email.endsWith('@exemple.fr')" } } I think i'm doing something wrong, thank you for your help. 回答1: Try this { "rules": { ".read": "auth.token.email.matches(/.*@exemple.fr$/)", ".write": "auth.token.email.matches(/.*@exemple

问题 I'm new to Firebase and trying to understand database rules. I'm using Firestore. I have a database that basically needs to be read by all users, and also write. All users can see the documents in the database, and with certain actions they change certain fields. In certain cases they will detele certain old expired documents. Now, I understand that I cannot leave read and write open to all, since this is not secure. So I am using authentication, I will anonymously authenticate the users, so