firebase-security

问题 Firestore doesn't have a way to query for the size of a collection, so if a client app needs to know this value, it requires some maintenance of a document in another collection to hold this count. However, it requires that the client to correctly perform a transaction in order to keep this count up to date while adding and removing documents. A malicious or broken client could modify either the collection or the count independently, and create a situation where the count isn't accurate. It's

问题 I'm working on a PoC (Proof of Concept) application that users can download wallpapers to their device. All of the data is served using Cloud Firestore & Storage. There is NO LOGIN for this application. Anybody can download the application, and immediately download the wallpapers she or he desires. Bearing that in mind... I would like to have a counter that tracks how many times each specific wallpaper was downloaded. While I have it "working" - I am questioning the rules I have set up in

问题 Since the time shift at the 29th of October 2017 I'm running in some really strange behaviours while developing with the firebase products. I'm developing a hybrid app with Ionic (3). While I'm developing and testing in the browser (mobile emulated device) everything works fine. As soon as I switch to my real device (Samsung Galaxy S7, no root, modded or something else), all writes to the database with a timestamp are failing. In my code I create a timestamp like this: Date.now() In my

问题 Can you make security rules that runs a query to check if a matching document is found? I'm building a system where a logged in user can vote on specific topics. Every single vote will be saved in its own document, with a reference to the user, the topic etc. I want to make a security rule that checks if there's already a document in the vote section with that specific user ID and topic ID present, and only let the user write a vote document it that's not the case. I can't see any query

问题 Can you make security rules that runs a query to check if a matching document is found? I'm building a system where a logged in user can vote on specific topics. Every single vote will be saved in its own document, with a reference to the user, the topic etc. I want to make a security rule that checks if there's already a document in the vote section with that specific user ID and topic ID present, and only let the user write a vote document it that's not the case. I can't see any query

问题 I understand how to upload/download images. Wondering best practice how to manage this data inside firebase console? We mostly going to upload pictures/videos and send it between users via private chat/group chat within our app. So I started to create this: should i add pictures to users e.g: /users/<userId>/images/<image-file> how would be good to share a picture on chat-group? /groups/groupId/images/<image-file> this is how our firebase structure deals with group messages /groups/<groupId>/

问题 I understand how to upload/download images. Wondering best practice how to manage this data inside firebase console? We mostly going to upload pictures/videos and send it between users via private chat/group chat within our app. So I started to create this: should i add pictures to users e.g: /users/<userId>/images/<image-file> how would be good to share a picture on chat-group? /groups/groupId/images/<image-file> this is how our firebase structure deals with group messages /groups/<groupId>/

问题 I am trying to use "password" authentication with Firebase Simple Login in Phonegap but getting this error: Web Console(857): FirebaseSimpleLogin(): Due to browser security restrictions, loading applications via `file://*` URLs will prevent popup-based authentication providers from working properly. When testing locally, you'll need to run a barebones webserver on your machine rather than loading your test files via `file://*`. The easiest way to run a barebones server on your local machine

问题 Describe the bug I using request.auth.token.firebase.identities["phone"] != null to make sure number is verified.Android are works fine (immediately update) but on IOS after user verified their phone number I need to wait like half hour for update. To Reproduce Steps to reproduce the behavior: 1. Put request.auth.token.firebase.identities["phone"] != null in rules 2. Do verify phone number on IOS Expected behavior (Android is work as I expected) I expected that once the phone verified i can

问题 I have the following data structures in Firebase Firebase Database House/(id)/Viewers/(UID)/{ startdate = “Dec 1, 2019” endData = “Dec 8, 2019” } Firebase Storage House/(id)/SensitiveImages/sensitiveImage.png I want to write a rule in Firebase storage that only allows access to the SensitiveImages folder if the users UID is inside of the list of Viewers and the current time is between the startDate and endDate. However, there is no way to access this information from inside the Firebase