问题
I use the firebase JS sdk to upload audio files to firebase-storage. When this happens I need to process it based on the authenticated user doing the uploading (I upload it somewhere else for processing). This means I need to have access to the uid after it has been validated by storage rules, to keep it safe.
While researching this I found workarounds such as using the metadata to send the user's ID token but in my opinion this is a bad idea as it's possible to abuse.
I found this question which is pretty much exactly my question as well. The question I linked is now over a year old, so I thought it's worth asking again.
The primary reason I think that, is because of storage rules, which do have access to the uid (https://firebase.google.com/docs/storage/security/user-security). If I can use the uid there to allow/disallow access I assume it's also possible to access the uid in my onFinalize trigger. I just can't seem to find how.
回答1:
Cloud Storage events do not retain user context; however, you don't necessarily need to send the whole ID token to be able to verify the user when used in conjunction with rules. You could instead set a uid metadata item:
ref.updateMetadata({customMetadata: {uid: currentUser.uid}});
and check it in rules:
match /files/{fileName} {
allow update: if resource.metadata.uid == request.auth.uid;
}
This way, the UID is guaranteed to match the user's and you can access it from the function.
来源:https://stackoverflow.com/questions/58827414/get-uid-in-firebase-function-onfinalize-for-firebase-storage