Cloud Firestore Security Rules allow write only fr

2020-02-03 10:51发布

I'd really like to be able to secure my firestore db by allowing only firebase functions to write to the specific collection... how would I go about doing that? Looking at there documentation I do not find anything that might state how you could do that. For instance, I am looking for something like:

service cloud.firestore {
  match /databases/{database}/documents {

    // Match any document in the 'cities' collection
    match /cities/{city} {
      allow read;
      allow write: if <from firebase function>;
    }
  }
}

2条回答
Ridiculous、
2楼-- · 2020-02-03 11:15

Cloud Functions for Firebase code generally accesses other Firebase products using the Firebase Admin SDK. The Admin SDK will have full read and write access to Firestore, no matter how the permissions are set. You can neither explicitly allow nor deny access to the Admin SDK, which means you also can't explicitly allow nor deny access to Cloud Functions.

If you just want your backend to read and write some part of your database but none of your mobile client apps, simply reject access to all clients entirely, and let the Admin SDK do its work.

service cloud.firestore {
  match /databases/{database}/documents {

    // Match any document in the 'cities' collection
    match /cities/{city} {
      allow read: if false;
      allow write: if false;
    }
  }
}
查看更多
迷人小祖宗
3楼-- · 2020-02-03 11:35

So, I use this rule:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if false;
      allow write: if false;
    }
  }
}

It's based on the above answer. It just disallows access from any client app, except the Admin SDK.

查看更多
登录 后发表回答