身份验证后无法从 Firebase 读取数据
Can't read data from Firebase after authentication
大家好,我是 Firebase 的新手,我正在尝试开发一个简单的聊天应用程序。
到目前为止,我已经按照 Firebase 文档中的步骤完成了身份验证。
这是我的登录方式
loginUser: function(){
console.log("Login button");
var self = this;
ref.authWithOAuthPopup("github", function(error, authData) {
if (error) { console.log("Login Failed!", error);}
else {
console.log(authData);
ref.child("users").child(authData.uid).set({
auth : authData.auth,
provider : authData.provider,
name : authData.github.displayName,
imgUrl : authData.github.profileImageURL,
token: authData.token
});
self.user.name = authData.github.displayName;
self.user.imgUrl = authData.github.profileImageURL;
self.user.provider = authData.provider;
setTimeout(function(){ self.authenticated = true; }, 2000);
this.getContacts();
}
},{
remember : "sessionOnly",
scope: "user"
});
}
这是 getContacts 方法(我尝试控制快照但一无所获)
getContacts: function(){
console.log('GET CONTACTS');
var self = this;
//retrieving all the user, but for somehow this request doesn't execute
ref.child('users').once('value',function(snapshot){
var contacts = snapshot.val();
console.log(contacts);
for(var contact in contacts){
self.contacts.push({
id: contact,
name: contacts[contact].name,
imgUrl: contacts[contact].imgUrl,
provider: contacts[contact].provider
});
}
});
}
这些是安全规则
{
"rules": {
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
// grants read access to any user who is logged in with GitHub
".read": "auth !== null && auth.provider === 'github'"
}
}
}
不得不说我用的是 Vuejs
您正在授予特定用户访问权限:/users/$uid。但是为了能够 运行 对 Firebase 中的节点进行查询,您必须具有对该节点的读取权限。因此 Firebase 拒绝了您的查询,因为您无权访问 /users。文档在 "rules are not filters". Many people run into this problem, since this is a very common approach in relational databases. The fact that rules are not filters and that permissions cascade down 部分对此进行了介绍,这是 Firebase 安全模型的两个最常见的陷阱。
在这种情况下,您可能希望授予所有用户访问整个 /users 节点的权限,因此您只需将读取权限上移一级:
{
"rules": {
// grants read access to any user who is logged in with GitHub
".read": "auth !== null && auth.provider === 'github'"
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
}
}
}
有了这个每个 github-authenticated 用户,都可以读取所有用户,因此查询不会被拒绝。
在其他情况下,您可能必须以不同的方式对数据进行建模才能使用所需的安全约束。
大家好,我是 Firebase 的新手,我正在尝试开发一个简单的聊天应用程序。 到目前为止,我已经按照 Firebase 文档中的步骤完成了身份验证。
这是我的登录方式
loginUser: function(){
console.log("Login button");
var self = this;
ref.authWithOAuthPopup("github", function(error, authData) {
if (error) { console.log("Login Failed!", error);}
else {
console.log(authData);
ref.child("users").child(authData.uid).set({
auth : authData.auth,
provider : authData.provider,
name : authData.github.displayName,
imgUrl : authData.github.profileImageURL,
token: authData.token
});
self.user.name = authData.github.displayName;
self.user.imgUrl = authData.github.profileImageURL;
self.user.provider = authData.provider;
setTimeout(function(){ self.authenticated = true; }, 2000);
this.getContacts();
}
},{
remember : "sessionOnly",
scope: "user"
});
}
这是 getContacts 方法(我尝试控制快照但一无所获)
getContacts: function(){
console.log('GET CONTACTS');
var self = this;
//retrieving all the user, but for somehow this request doesn't execute
ref.child('users').once('value',function(snapshot){
var contacts = snapshot.val();
console.log(contacts);
for(var contact in contacts){
self.contacts.push({
id: contact,
name: contacts[contact].name,
imgUrl: contacts[contact].imgUrl,
provider: contacts[contact].provider
});
}
});
}
这些是安全规则
{
"rules": {
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
// grants read access to any user who is logged in with GitHub
".read": "auth !== null && auth.provider === 'github'"
}
}
}
不得不说我用的是 Vuejs
您正在授予特定用户访问权限:/users/$uid。但是为了能够 运行 对 Firebase 中的节点进行查询,您必须具有对该节点的读取权限。因此 Firebase 拒绝了您的查询,因为您无权访问 /users。文档在 "rules are not filters". Many people run into this problem, since this is a very common approach in relational databases. The fact that rules are not filters and that permissions cascade down 部分对此进行了介绍,这是 Firebase 安全模型的两个最常见的陷阱。
在这种情况下,您可能希望授予所有用户访问整个 /users 节点的权限,因此您只需将读取权限上移一级:
{
"rules": {
// grants read access to any user who is logged in with GitHub
".read": "auth !== null && auth.provider === 'github'"
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
}
}
}
有了这个每个 github-authenticated 用户,都可以读取所有用户,因此查询不会被拒绝。
在其他情况下,您可能必须以不同的方式对数据进行建模才能使用所需的安全约束。