firebase-security

问题 Final goal: an Angular client receives a token valid for one hour in order to query data from FireStore. Steps to produce a prove of concept and learn how to work with Custom Tokens: 1 - I created a project in Firebase using firebase tool (https://console.firebase.google.com/project/firetestjimis/overview) 2 - I added Firestore database and created a collection. I chose production instead of test because this POC is aimed for security reasons. 3 - I added manually an user in Firebase

问题 Final goal: an Angular client receives a token valid for one hour in order to query data from FireStore. Steps to produce a prove of concept and learn how to work with Custom Tokens: 1 - I created a project in Firebase using firebase tool (https://console.firebase.google.com/project/firetestjimis/overview) 2 - I added Firestore database and created a collection. I chose production instead of test because this POC is aimed for security reasons. 3 - I added manually an user in Firebase

问题 This article stated that "[writeFields] is now deprecated". Additionally, I cannot find any documentation for writeFields , it is not even listed as part of Request in the documentation anymore. Problem The problem I am facing with Cloud Firestore Security Rules is that verifying that only particular fields are modified requires massive amounts of conditions. For example, if I want to verify that the only modified value of a document is cakes , I have to write the following rule: allow update

问题 This article stated that "[writeFields] is now deprecated". Additionally, I cannot find any documentation for writeFields , it is not even listed as part of Request in the documentation anymore. Problem The problem I am facing with Cloud Firestore Security Rules is that verifying that only particular fields are modified requires massive amounts of conditions. For example, if I want to verify that the only modified value of a document is cakes , I have to write the following rule: allow update

问题 I'm working on Admin module of an android application. Admin module is a web-app based on Angular. Firebase auth(Email/password) is used to sign-In as a admin. I've added a manual credential entry to firebase and admin is using these credentials to login (Since there is no registration functionality for admin) on other side Android developer has also used the same Auth method to sign in a user. So users of android application are able to login with their credentials to Admin module. How do I

问题 I'm working on Admin module of an android application. Admin module is a web-app based on Angular. Firebase auth(Email/password) is used to sign-In as a admin. I've added a manual credential entry to firebase and admin is using these credentials to login (Since there is no registration functionality for admin) on other side Android developer has also used the same Auth method to sign in a user. So users of android application are able to login with their credentials to Admin module. How do I

问题 Here is a problem I am facing now with the Firestore security rules. First of all here is an example of data structure I have in my firestore database: userProfiles/userId/userData companies/companyId/companyData Looks pretty simple. Each userData includes and array named companies which includes all companyIds which this user has access to. Now I need to write rules to allow read companyData only if companyId is in particular user info companies list. Here are the rules which work for me:

问题 I have a small, personal Firebase webapp that uses Firebase Database. I want to secure (lock down) this app to any user from a single, specific domain. I want to authenticate with Google. I'm not clear how to configure the rules to say "only users from a single, specific domain (say @foobar.com ) can read and write to this database". (Part of the issue that I see: it's hard to bootstrap a Database with enough info to make this use case work. I need to know the user's email at the time of

问题 I have a small, personal Firebase webapp that uses Firebase Database. I want to secure (lock down) this app to any user from a single, specific domain. I want to authenticate with Google. I'm not clear how to configure the rules to say "only users from a single, specific domain (say @foobar.com ) can read and write to this database". (Part of the issue that I see: it's hard to bootstrap a Database with enough info to make this use case work. I need to know the user's email at the time of

问题 I am new to firebase storage. Can anyone tell me how to make the storage files public for reading and writing?. The default code provided by firebase is given below. What changes should I make ? service firebase.storage { match /b/image-view-b1cf5.appspot.com/o { match /{allPaths=**} { allow read, write: if request.auth != null; } } } 回答1: The documentation explains that if no rule expression is provided, the rule evaluates to true: service firebase.storage { match /b/image-view-b1cf5.appspot