问题
Currently, I have implemented a project folder structure similar to the below
Project folder structure
I have added the Phone authentication in my code.
Now with the help of Firebase rules, I would like to restrict my users to access the child (Phone number 1) based on authenticated phone number.
For instance, if I log-in with phone number "9999999999" then I would like to restrict the user to access only the child of "9999999999" in Firebase rules.
Could you suggest me here to improve the security here.
回答1:
You can access the phone number from the users auth object so using this you can do the limiting in security rules. Below are examples in Firestore, RTDB and Storage
Firestore
match /databases/{database}/documents {
match /users/{phoneNumber} {
allow read, write: if request.auth.token.phone_number == phoneNumber;
}
}
Realtime Database
{
"rules" : {
"users" : {
"$phoneNumber" : {
".read" : "request.auth.token.phone_number == $phoneNumber",
".write" : "request.auth.token.phone_number == $phoneNumber"
}
}
}
}
Storage
service firebase.storage {
match /b/{bucket}/o {
match /users/{phoneNumber} {
allow read, write: if request.auth.token.phone_number == phoneNumber;
}
}
}
来源:https://stackoverflow.com/questions/53259733/how-to-restrict-users-to-read-write-the-data-based-on-phone-number-in-firebase-r