【发布时间】:2023-04-04 19:46:01
【问题描述】:
试图将我的问题放在其一般概念中,以便您的回复与所有被卡在聊天应用程序的 firebase 规则的人保持相关。
我的聊天数据库很简单,有 3 个节点:Messages / Connections / Users,如下所示:
数据库
-Messages
--message :
--$uid
...
-Connections
--Connection1
--Connection2
--ConnectionX
...
-Users
--UID1
--UID2
这是我需要为我的实时数据库规则校对 pls 的内容:
{
"rules": {
"users": {
"$uid": {
".read": "auth != null" && "$uid/current_page" == "3w_stringofmywebsite/*",
".write": "auth != null" && "$uid/current_page" == "3w_stringofmywebsite/*"
}
// .read & .write to authenticated users & variable $uid/current_page= "3w_stringofmywebsite/*" (allow access from requests from all pages from my web site only)
}
"connections": {
"$uid": {
".read": "auth != null" && root.child(‘users’).child($uid).child(“current_page ") == "
3 w_stringofmywebsite/*"
}
// .read to authenticated users & variable from another path “users/$uid/current_page” = "3w_stringofmywebsite/*" (allow access from from all pages from my web site only)
}
"messages": {
".read" : "auth != null" && root.child(‘users’).child($uid).child(“current_page") == "3w_stringofmywebsite/*" ,
".validate": "auth!=null" && data.child('msg').val ().length <= 140 && data.child('msg').isString"
}
// .read to authenticated users & variable from another path “users/$uid/current_page” = "3w_stringofmywebsite/*" (allow access from all pages from my web site only)
// .write to authenticated users & variable “msg” is a string & < 140 characters
}
感谢您对上述代码的慷慨更正,以便它为所有其他新人服务。
【问题讨论】:
-
安全规则自己不会做任何事情。它们只有在您的应用程序代码使用后才变得有意义。请编辑您的问题,以显示未按预期执行的代码,并清楚地描述问题。
标签: firebase-realtime-database chat firebase-security