firebase-security

问题 Today I have the following rule on my firestore: service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth.uid != null; } } } I can't execute requests from my API since it's not sign in (is there any way to auth through CLI only?). But I want to make sure that only my API make these requests. Is there any way to add a specific header on my request and validate it on firebase rules? If this is not the best approach, which one

问题 I'm authenticating to Firebase with FirebaseSimpleLogin and Email/Password authentication in iOS. It seems that making the [authClient loginWithEmail:username andPassword:password withCompletionBlock:^(NSError *error, FAUser *user) { ... }]; takes roughly 5-8 seconds to complete. Is there a way to speed up the login, like caching the authToken from FAUser , and using starting to use that directly in the first Firebase call? Update: It seems that storing the authToken after a successful login

问题 If I have data like this: root{ PrivateRooms{ <PrivateRoomName>{ ... } } users{ <uid>{ permissionFrom{ <PrivateRoomName>:value is not private room name } ... } } } ...how do I write rules to grant access to < PrivateRoomName > based on the user's permissionFrom children? I thought this would work: { "rules": { "PrivateRooms" : { "$roomName":{ ".read" : "root.child('users').child(auth.uid).child('permissionFrom').hasChild('$roomName') == true", ".write" : "root.child('users').child(auth.uid)

问题 I have data that I need to save into firebase from a user. My Firebase schema is like.. { users: { 1: { data.. Is it possible to create a new Firebase user in PHP so that I can use the generated user_id to save the data? 回答1: I'm not sure I fully understand your questions. If you're trying to authenticate a client as a given user, you need to generate an authentication token, place it in the page, and have the client call auth() with that token. See the docs here: https://www.firebase.com

问题 Here i am calling this function with phone number after he complete his verification an this function is adding his number using custom claim to satisfy this filebase database security rule { "rules": { "Users": { //".read": true, //".write": "auth.token.phone == newData.val()", //".read": "auth.uid != null", //".write": "newData.child('Personal Details').child('phone').val() === auth.token.phone" "$userNumber": { "Personal Details": { ".read": "auth.uid != null", ".write": "auth.token.phone

问题 This question already has an answer here : how can i know what security firebase rule give me a error? (1 answer) Closed last year . Let's say that I have a validation rule like "validate": "condition1 && condition2" and I want to show the user an error message according to the first condition that is not met. For example, if condition1 isn't met, the user would receive a custom message saying that "Condition1 is not met". Basically, I want to map an error code (or message) to each condition

问题 I am trying to secure my firebase database to allow the creation of new records, but not allow the deletion of existing records. Ultimately, I plan to utilise Firebase authentication in my app as well, and allow users to update existing records if they are the author, but I am trying to get the simple case working first. However! No matter what I try in the database rules simulator, despite what the documentation seems to suggest, the value of data.exists() seems to always be true. From what

问题 This question is relative to this issue Firebase-Android, How to sync data when resume after connection lost? Step-by-step is: First I login using email method in Auth Activity In Timeline activity I add an record. Everything looks good. But if I minimize app for about 24 hours, then resume application at timeline activity and add new record, I got error: "java.lang.Exception: Permission denied". I'm sure nothing wrong with new data, but: path / { read() = true; write() = isSignedIn(); }

问题 While sniffing the Firebase traffic, I have seen that a code is passed to the auth server so that it always returns a 200 status code. This shows that there is some level of optional security at some level in the authentication protocol. Is there a way to cause Firebase authentication to fail with an identical error message when the user enters a non-existent email address as when they enter the wrong password? The INVALID_USER status code gives me concern about the potential for a user

问题 I'm trying to use the new Rules Simulator Tool provided by firebase, however I'm having problems getting it to work When setting the path like this in the simulator panel /users/Gd9jd3jd8sSixxx38djSs And then selecting the authentication options and inputting the uid of the authorised user as the same string Gd9jd3jd8sSixxx38djSs. I'm getting the following error when using this firestore rule match /users/{user}{ allow read: if request.auth.uid == resource.id } "Error: simulator.rules line [4