问题
im currently setting up a dialogflow bot (for faq and contact) and the fulfillment / data storage is being done in firebase firestore using google cloud functions (nodejs).
Obviously I would like to have security rules, limiting the access to the database to only dialogflow. Could anyone point me in the right direction how I would go about doing this?
The examples I found, were all check regarding something stored in the database, which wouldn't work in my case..?
回答1:
Security rules are only relevant when you have a mobile client (Android, iOS, web) directly accessing some data in Firestore, Cloud Storage, or Realtime Database. It also applies to unauthenticated access from the REST API. Any other access from a backend, including code you might write for a dialogflow fulfillment hook, isn't subject to security rules. That is to say, accessing these resources from a backend through the admin SDK ignores security rules altogether.
If you only intend to access these products from a backend, just make your your security rules disallow public access from mobile clients.
来源:https://stackoverflow.com/questions/53727411/firebase-firstore-security-rules-for-cloud-functions