虽然我什么都不写,但是firebase给出权限错误
Although I do not write anything, firebase gives permission error
我的学校有一个应用程序。有一些功能,但它们没有功能。我的意思是学生或用户,不要写任何东西。他们只是阅读帖子,阅读公共汽车时间等。尽管这样,firebase 会出错。首先我用了
allow read write: if true
但我知道这不安全。那么我应该在这里做什么?
我做了 request.auth != null 因为你知道我的应用程序没有任何身份验证。所以用户不能写任何东西。尽管如此,firebase 给出了这个错误:
Status{code=CANCELLED, description=Disconnecting idle stream. Timed out waiting for new targets., cause=null}.
我的 firebase 规则部分:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
错误信息:
W/Firestore( 6365): (23.0.4) [Firestore]: Listen for
Query(target=Query(users/h0m3_p4g3_ order by
name);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient
permissions., cause=null}
生成该错误的应用代码:(method_channel_document_reference.dart)
@override
Future<DocumentSnapshotPlatform> get(
[GetOptions options = const GetOptions()]) async {
try {
final Map<String, dynamic>? data = await MethodChannelFirebaseFirestore
.channel
.invokeMapMethod<String, dynamic>(
'DocumentReference#get',
<String, dynamic>{
'firestore': firestore,
'reference': this,
'source': getSourceString(options.source),
},
);
return DocumentSnapshotPlatform(firestore, _pointer.path, data!);
} catch (e) {
throw convertPlatformException(e);
}
}
这里,当我启动应用程序时,它移动了这段代码的 catch 部分。抛出 convertPlatformException(e);
根据评论和您的用例中的附加信息,您应该首先分离读写访问权限。您当前的规则在相同条件下对待读取和写入,即使您只想限制对 Firestore 的写入,同时允许用户读取。 Firestore documentation 包含一个单独的读写访问示例。
此外,由于您的应用程序不需要身份验证,因此读取权限应该是某种形式的 public。 documentation 也触及了一个类似的例子,其中只能从用户那里读取具有 public 可见性的文档。这可能是一种启用 public 访问权限以读取数据库的可能方法。写入这两个特征将导致以下规则:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow write: if false; //completely blocks access to writing
allow read: if resource.data.visibility == 'public'; //resource.data comes from requested documents, visibility being a value from the doc
//only documents with a visibility value of public can be read
}
}
}
Firestore 规则有更多可以应用的参数,因此 Get Started page. Keep in mind that your Flutter code should specifically implement queries that fit to the rules, since rules are not filters 是一个很好的起点,过于笼统的查询将导致访问被拒绝:
Once you secure your data and begin to write queries, keep in mind that security rules are not filters. You cannot write a query for all the documents in a collection and expect Cloud Firestore to return only the documents that the current client has permission to access.
我的学校有一个应用程序。有一些功能,但它们没有功能。我的意思是学生或用户,不要写任何东西。他们只是阅读帖子,阅读公共汽车时间等。尽管这样,firebase 会出错。首先我用了
allow read write: if true
但我知道这不安全。那么我应该在这里做什么? 我做了 request.auth != null 因为你知道我的应用程序没有任何身份验证。所以用户不能写任何东西。尽管如此,firebase 给出了这个错误:
Status{code=CANCELLED, description=Disconnecting idle stream. Timed out waiting for new targets., cause=null}.
我的 firebase 规则部分:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
错误信息:
W/Firestore( 6365): (23.0.4) [Firestore]: Listen for Query(target=Query(users/h0m3_p4g3_ order by name);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
生成该错误的应用代码:(method_channel_document_reference.dart)
@override
Future<DocumentSnapshotPlatform> get(
[GetOptions options = const GetOptions()]) async {
try {
final Map<String, dynamic>? data = await MethodChannelFirebaseFirestore
.channel
.invokeMapMethod<String, dynamic>(
'DocumentReference#get',
<String, dynamic>{
'firestore': firestore,
'reference': this,
'source': getSourceString(options.source),
},
);
return DocumentSnapshotPlatform(firestore, _pointer.path, data!);
} catch (e) {
throw convertPlatformException(e);
}
}
这里,当我启动应用程序时,它移动了这段代码的 catch 部分。抛出 convertPlatformException(e);
根据评论和您的用例中的附加信息,您应该首先分离读写访问权限。您当前的规则在相同条件下对待读取和写入,即使您只想限制对 Firestore 的写入,同时允许用户读取。 Firestore documentation 包含一个单独的读写访问示例。
此外,由于您的应用程序不需要身份验证,因此读取权限应该是某种形式的 public。 documentation 也触及了一个类似的例子,其中只能从用户那里读取具有 public 可见性的文档。这可能是一种启用 public 访问权限以读取数据库的可能方法。写入这两个特征将导致以下规则:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow write: if false; //completely blocks access to writing
allow read: if resource.data.visibility == 'public'; //resource.data comes from requested documents, visibility being a value from the doc
//only documents with a visibility value of public can be read
}
}
}
Firestore 规则有更多可以应用的参数,因此 Get Started page. Keep in mind that your Flutter code should specifically implement queries that fit to the rules, since rules are not filters 是一个很好的起点,过于笼统的查询将导致访问被拒绝:
Once you secure your data and begin to write queries, keep in mind that security rules are not filters. You cannot write a query for all the documents in a collection and expect Cloud Firestore to return only the documents that the current client has permission to access.