Firestore 安全规则,如果 WEB_API_KEY 在 Https 请求中则允许读写
Firestore Security Rules, allow read and write if WEB_API_KEY is in the Https request
我正在使用 HttpsURLConnection 向 Firestore 发送 GET、POST、PATCH 和 DELETE 请求。
private static final String REST_HEADER = "https://firestore.googleapis.com/v1beta1/projects/[my project id]/databases/(default)/documents/";
// Build URL
String FirestoreURL = REST_HEADER + [my document path] + "?key=" + [my web api key];
// Create URL
URL cloudFirestoreEndPoint = new URL(FirestoreURL);
// Create connection
myHttpsConnection = (HttpsURLConnection) cloudFirestoreEndPoint.openConnection();
// Set Request Method
myHttpsConnection.setRequestMethod("PATCH");
// Set Writable
myHttpsConnection.setDoOutput(true);
// Set Https Connection properties
myHttpsConnection.setRequestProperty("Content-Type", "application/json");
// Create output stream linked to our https connection
OutputStreamWriter streamWriter = new OutputStreamWriter(myHttpsConnection.getOutputStream());
// Write to buffer
streamWriter.write([my json]);
// Send out the buffer
streamWriter.flush();
// Close the stream
streamWriter.close();
// disconnect
myHttpsConnection.disconnect();
我想知道如何设置我的 Firestore 数据库规则,以便允许任何包含正确“?key=”[my web api key] 的读写请求。
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request == 'MY WEB API KEY???';
}
}
}
你会如何在 Firestore 中编写它?
这是我解决问题的方法。您在 googleapis 端点发送令牌请求。您将收到一个包含长密钥的有效载荷,然后您必须将其添加到您的所有路径中,get, post, ... request.
这里是获取token的请求
// Build URL
String authenticationURL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty";
if(methodType_.equals("SIGN_UP")){
authenticationURL = authenticationURL + "/signupNewUser";
}else if(methodType_.equals("SIGN_IN")){
authenticationURL = authenticationURL + "/verifyPassword";
}else{
return null;
}
authenticationURL = authenticationURL + "?key=" + webApiKey_;
// Create URL
URL endPointURL = new URL(authenticationURL);
// Create connection
myHttpsConnection = (HttpsURLConnection) endPointURL.openConnection();
// Set Request Method
myHttpsConnection.setRequestMethod("POST");
// Set Writable
myHttpsConnection.setDoOutput(true);
// Set Https Connection properties
myHttpsConnection.setRequestProperty("Content-Type", "application/json");
// Generate JSON from the data
String myJSON_str = "{\"email\":\"" + email,\"password\":\"" +
password_ + "\",\"returnSecureToken\":true}";
JSONObject myJSON = new JSONObject(myJSON_str);
// Create output stream linked to our https connection
OutputStreamWriter streamWriter = new OutputStreamWriter(myHttpsConnection.getOutputStream());
// Write to buffer
streamWriter.write(myJSON.toString());
// Send out the buffer
streamWriter.flush();
// Close the stream
streamWriter.close();
// Get Response Code
myResponseCode = myHttpsConnection.getResponseCode();
// If connection successful
if (myResponseCode == HttpURLConnection.HTTP_OK) {
// Get Input Stream
InputStream streamReader = myHttpsConnection.getInputStream();
InputStreamReader responseBodyReader = new InputStreamReader(streamReader, "UTF-8");
// Buffer the inputstream
BufferedReader br = new BufferedReader(responseBodyReader);
// Create JsonReader from input stream
JsonReader jsonReader = new JsonReader(br);
// My custom method to convert a JSON to a readable thing
ArrayList<Field_Value> myFields = JSON_Methods.convertFirestoreJSON(jsonReader);
// Close Streams
jsonReader.close();
br.close();
responseBodyReader.close();
streamReader.close();
// Get The IdToken Field
idToken_ = Field_Value.getFieldValue(myFields,"idToken");
}
将此添加到所有获取、补丁、post.. 请求后,
// Set Authorization header
myHttpsConnection.setRequestProperty("Authorization", "Bearer " + idToken_);
我正在使用 HttpsURLConnection 向 Firestore 发送 GET、POST、PATCH 和 DELETE 请求。
private static final String REST_HEADER = "https://firestore.googleapis.com/v1beta1/projects/[my project id]/databases/(default)/documents/";
// Build URL
String FirestoreURL = REST_HEADER + [my document path] + "?key=" + [my web api key];
// Create URL
URL cloudFirestoreEndPoint = new URL(FirestoreURL);
// Create connection
myHttpsConnection = (HttpsURLConnection) cloudFirestoreEndPoint.openConnection();
// Set Request Method
myHttpsConnection.setRequestMethod("PATCH");
// Set Writable
myHttpsConnection.setDoOutput(true);
// Set Https Connection properties
myHttpsConnection.setRequestProperty("Content-Type", "application/json");
// Create output stream linked to our https connection
OutputStreamWriter streamWriter = new OutputStreamWriter(myHttpsConnection.getOutputStream());
// Write to buffer
streamWriter.write([my json]);
// Send out the buffer
streamWriter.flush();
// Close the stream
streamWriter.close();
// disconnect
myHttpsConnection.disconnect();
我想知道如何设置我的 Firestore 数据库规则,以便允许任何包含正确“?key=”[my web api key] 的读写请求。
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request == 'MY WEB API KEY???';
}
}
}
你会如何在 Firestore 中编写它?
这是我解决问题的方法。您在 googleapis 端点发送令牌请求。您将收到一个包含长密钥的有效载荷,然后您必须将其添加到您的所有路径中,get, post, ... request.
这里是获取token的请求
// Build URL
String authenticationURL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty";
if(methodType_.equals("SIGN_UP")){
authenticationURL = authenticationURL + "/signupNewUser";
}else if(methodType_.equals("SIGN_IN")){
authenticationURL = authenticationURL + "/verifyPassword";
}else{
return null;
}
authenticationURL = authenticationURL + "?key=" + webApiKey_;
// Create URL
URL endPointURL = new URL(authenticationURL);
// Create connection
myHttpsConnection = (HttpsURLConnection) endPointURL.openConnection();
// Set Request Method
myHttpsConnection.setRequestMethod("POST");
// Set Writable
myHttpsConnection.setDoOutput(true);
// Set Https Connection properties
myHttpsConnection.setRequestProperty("Content-Type", "application/json");
// Generate JSON from the data
String myJSON_str = "{\"email\":\"" + email,\"password\":\"" +
password_ + "\",\"returnSecureToken\":true}";
JSONObject myJSON = new JSONObject(myJSON_str);
// Create output stream linked to our https connection
OutputStreamWriter streamWriter = new OutputStreamWriter(myHttpsConnection.getOutputStream());
// Write to buffer
streamWriter.write(myJSON.toString());
// Send out the buffer
streamWriter.flush();
// Close the stream
streamWriter.close();
// Get Response Code
myResponseCode = myHttpsConnection.getResponseCode();
// If connection successful
if (myResponseCode == HttpURLConnection.HTTP_OK) {
// Get Input Stream
InputStream streamReader = myHttpsConnection.getInputStream();
InputStreamReader responseBodyReader = new InputStreamReader(streamReader, "UTF-8");
// Buffer the inputstream
BufferedReader br = new BufferedReader(responseBodyReader);
// Create JsonReader from input stream
JsonReader jsonReader = new JsonReader(br);
// My custom method to convert a JSON to a readable thing
ArrayList<Field_Value> myFields = JSON_Methods.convertFirestoreJSON(jsonReader);
// Close Streams
jsonReader.close();
br.close();
responseBodyReader.close();
streamReader.close();
// Get The IdToken Field
idToken_ = Field_Value.getFieldValue(myFields,"idToken");
}
将此添加到所有获取、补丁、post.. 请求后,
// Set Authorization header
myHttpsConnection.setRequestProperty("Authorization", "Bearer " + idToken_);