firebase-security

问题 This question already has answers here : How to make firebase storage only available to users of the app (2 answers) Closed 3 months ago . I need to access read/write images from firebase storage. There is no authentication facility. How can I restrict the data management through app only. Existing rules to provide public access is rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write; } } } 回答1: There is no way to limit access to the

问题 This question already has answers here : How to make firebase storage only available to users of the app (2 answers) Closed 3 months ago . I need to access read/write images from firebase storage. There is no authentication facility. How can I restrict the data management through app only. Existing rules to provide public access is rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write; } } } 回答1: There is no way to limit access to the

问题 rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /users/{usersID} { allow read; allow write: if request.auth.uid != null; match /desksCollection/{desksCollectionID} { allow read; allow write: if resource.data.DeskName != request.resource.data.DeskName; } } } } I want to write a rule that will don't allow add same document second time. What is incorrect here ? 回答1: What you are trying to do is not possible with security rules. This would require that

问题 I need to write rules for Cloud Firestore. I want my rules to allow the creation of a new document in a collection: newDoc(field1="value-1", field2="value-2", field3="other-miscellaneous-values") only if no other document already exists in the collection with: (field1 == "value-1") and (field2 == "value-2") Though this is not very complicated, it seems still too complex to be found as an example in any tutorial that I found searching the net. Beside, the user should be free to list and read

问题 Is it possible to do a Switch Statement or an if else in firestore rules? I have tried to search for it with no luck of finding an answer. What i tried was function getTier() { return get(/users/$(request.auth.uid)).data.userTier; } function canAddProduct() { if getTier() == 'UserTier.FREE' // Do additional code return doSomethingBasedOnFreeTier(); else if getTier() == 'UserTier.SILVER' // Do additional code return doSomethingBasedOnSilverTier() else if getTier() == 'UserTier.GOLD' // Do

问题 Hello guys I'm new to Firebase and I am trying to develop a simple chat app. So far I have got the authentication done following the steps on the Firebase documentation. This is my login method loginUser: function(){ console.log("Login button"); var self = this; ref.authWithOAuthPopup("github", function(error, authData) { if (error) { console.log("Login Failed!", error);} else { console.log(authData); ref.child("users").child(authData.uid).set({ auth : authData.auth, provider : authData

问题 Hello guys I'm new to Firebase and I am trying to develop a simple chat app. So far I have got the authentication done following the steps on the Firebase documentation. This is my login method loginUser: function(){ console.log("Login button"); var self = this; ref.authWithOAuthPopup("github", function(error, authData) { if (error) { console.log("Login Failed!", error);} else { console.log(authData); ref.child("users").child(authData.uid).set({ auth : authData.auth, provider : authData

问题 I'm trying to secure requests to a collection to allow any single get , but only to allow list if a specific key is matched. Database structure is like this: projects project1 name: "Project 1 name" board_id: "board1" project2 name: "Project 2 name" board_id: "board2" boards board1 board2 The Firestore query I'm making from Vue: // Only return projects matching the requested board_id db .collection("projects") .where("board_id", "==", this.board_id) The security rules I'd like to have would

问题 I am using Google as the auth provider to sign in with my app. My code calls the Firebase sign out method which redirects to the login page, but when user again clicks on the Google sign in button, it automatically authenticates and logs in into the app without prompting the user. Here is the code for sign-in: $('#GooglePluseLogin').click(function (e) { showLoaderPF(true); if (!firebase.auth().currentUser) { var provider = new firebase.auth.GoogleAuthProvider(); provider.addScope('https://www

问题 I am getting very high counts of Entity Writes in my firestore database. Write permission in most of the paths are restricted, done from back-end server using admin SDK. Only a very few paths have write access- specifically only to the users who are (authenticated & registered & joined and approved in a specific group), so even though the ways to abuse are apparently thin, yet hard to specifically identify. Only way I see- is to execute Cloud Functions on every write, and have the function