Firebase安全和电话认证

huangapple go评论76阅读模式
英文:

Firebase security and phone authentication

问题

我是一名新的安卓开发者,对于Firebase的规则和电话验证感到很困惑。
我正在开发一个预约系统的应用程序。
目前,我正在使用电话号码来验证用户。
根据我的计划,我希保存预约信息在我的Firebase实时数据库中,并且对于每个电话号码,我想要添加用户信息,比如姓名和他们的预约。
第一个问题是,我如何能为每个电话创建一个用户?我能通过电话验证来实现还是需要创建一个用户对象并将其保存在实时数据库中?
第二个问题是关于安全性。我希望用户能够查看所有空闲预约并进行预约。我需要为每个用户设置什么样的规则?

英文:

I'm a new android developer and so confused about firebase rules and phone authentication.
I am writing an application for a scheduling system.
Right now, I'm using a phone number to authenticate users.
In my plan, I want to save the appointments in my realtime database firebase, and for each phone number I want to add user information, like name and their appointments.
The first question is how can I create a user for each phone? can I do that with phone authentication or do I need to create a user object and save it in the realtime database?
The second question is about security. I want my users to be able to see all the free appointments and to schedule one or more. What rules do I need to set for each user?

答案1

得分: 1

你可以通过手机号使用Firebase身份验证,如这里。用户一旦进行身份验证,就会为该用户创建一个唯一的UID,您可以使用该UID来获取使用auth变量的用户数据。这是使用FirebaseUser,如文档中所述这里

如果您想为用户创建自定义字段,我建议获取UID,然后在例如/Users中创建用户数据库,使用UID作为主键,就像是/Users/Uid

此外,如果您希望仅授权用户查看免费预约,您可以执行以下操作,假设根目录中的Appointment分支包含可用的免费时间段。

{
  "rules": {
    "Appointments": {
      "freeSlots": {
        ".read": "$uid === auth.uid"
      }
    }
  }
}

然后,您可以通过代码操作数据库,可能将免费时间段从Appointment移动到/User/Uid

然后,如果您希望用户仅查看其时间段,您可以像以下规则一样编写:

{
  "rules": {
    "Users": {
      "$uid": {
        ".write": "$uid === auth.uid",
        ".read": "$uid === auth.uid"
      }
    }
  }
}

这里的$uid确保用户仅读取属于他们的数据。

您可以在这里找到有关安全规则的进一步帮助。

希望这对您有所帮助。

英文:

You can use Firebase Authentication via phone number as here. Once a user authenticates himself then a unique Uid is created for that person which you can use to get the User data using auth variable. This is using Firebaseuser as documented here

If you want to make custom made fields for a user I would advise to get the Uid and then create a user databse in lets say /Users using the Uid as the primary key, that would be something like /Users/Uid

Further if you want your authenticated users only to see the free appointments you can do something like below, assuming the Appointment branch in root contains the available free slots.

{
  "rules": {
    "Appointments": {
      "freeSlots": {
        ".read": "$uid === auth.uid"
      }
    }
  }
}

You can then manipulate the database via your codes, probably shift the free slot from Appointment to the /User/Uid

Then if you wish the user to see his slots only, you can write the rules like below

{
  "rules": {
    "Users": {
      "$uid": {
        ".write": "$uid === auth.uid"
        ".read": "$uid === auth.uid"
      }
    }
  }
}

Here the $uid ensures that the user only reads the data belonging to them.

You can find further help with security rules here

Hope this could help you a bit?

答案2

得分: 0

  1. 你已经实现了Firebase电话验证,下一步是通过利用每个用户的唯一uid字符串(随每个用户的身份验证一起提供)为每个用户创建一个文档,以存储所需的信息。

  2. 要添加谁可以读取/写入的安全性,你需要编写数据库规则。点击此处查看详情

英文:
  1. you already implemented Firebase phone Auth, the next step is to create a document for each user to store the information you want by making use of unique uid String that comes with each user's authentication.

  2. to add security of who reads/writes what you have to write database rules Info here

huangapple
  • 本文由 发表于 2020年8月24日 17:55:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/63558704.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定