【发布时间】:2016-11-30 03:56:11
【问题描述】:
我有一个 node server 运行 firebase Admin SDK 并像这样进行身份验证:
admin.initializeApp({
databaseURL: 'https://brandonsCoolApp.firebaseio.com',
credential: admin.credential.cert(firebaseCredentials),
})
// firebase security rules (abridged version; i have several validation rules)
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
这适用于正常操作。但是,它在 Firebase 安全/验证规则中获得特殊状态,并忽略所有规则。
我希望它尊重验证规则。所以,按照Firebase Docs,我尝试添加自定义auth.uid并调整我的安全规则:
admin.initializeApp({
databaseURL: 'https://brandonsCoolApp.firebaseio.com',
credential: admin.credential.cert(firebaseCredentials),
databaseAuthVariableOverride: {
uid: "node-server"
}
})
// firebase security rules
{
"rules": {
".read": "auth != null || auth.uid == 'node-server'",
".write": "auth != null || auth.uid == 'node-server'"
}
}
// I also tried this version
{
"rules": {
".read": "auth.uid === 'node-server'",
".write": "auth.uid === 'node-server'"
}
}
但是,当尝试在任意路径调用 update() 时,这会导致 PERMISSION_DENIED 错误:
FIREBASE WARNING: update at / failed: permission_denied
{ [Error: PERMISSION_DENIED: Permission denied] code: 'PERMISSION_DENIED' }
那么:我怎样才能说服我的坏男孩admin SDK server 改正并遵守规则?
【问题讨论】:
标签: javascript firebase firebase-realtime-database firebase-authentication