3
我有一個運行的firebase Admin SDK
和驗證,像這樣一個node server
:如何製作Firebase Admin SDK帳戶尊重驗證規則?
admin.initializeApp({
databaseURL: 'https://brandonsCoolApp.firebaseio.com',
credential: admin.credential.cert(firebaseCredentials),
})
// firebase security rules (abridged version; i have several validation rules)
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
這工作正常進行正常操作。但是,它在Firebase安全/驗證規則中處於特殊狀態,並且會忽略所有規則。
我希望它遵守驗證規則。因此,按照Firebase Docs,我嘗試添加自定義auth.uid
和調整我的安全規則:
admin.initializeApp({
databaseURL: 'https://brandonsCoolApp.firebaseio.com',
credential: admin.credential.cert(firebaseCredentials),
databaseAuthVariableOverride: {
uid: "node-server"
}
})
// firebase security rules
{
"rules": {
".read": "auth != null || auth.uid == 'node-server'",
".write": "auth != null || auth.uid == 'node-server'"
}
}
// I also tried this version
{
"rules": {
".read": "auth.uid === 'node-server'",
".write": "auth.uid === 'node-server'"
}
}
然而,這種嘗試在任意路徑調用update()
時導致PERMISSION_DENIED
錯誤:
FIREBASE WARNING: update at/failed: permission_denied
{ [Error: PERMISSION_DENIED: Permission denied] code: 'PERMISSION_DENIED' }
所以:我該如何說服我的壞男孩admin SDK server
靠規則來理順和玩耍?