Firebase Firestore安全规则,如果Https请求中有WEB_API_密钥,则允许读写
我正在使用HttpsURLConnection向Firestore发送GET、POST、补丁和删除请求Firebase Firestore安全规则,如果Https请求中有WEB_API_密钥,则允许读写,firebase,https,google-cloud-firestore,firebase-security,google-apis-explorer,Firebase,Https,Google Cloud Firestore,Firebase Security,Google Apis Explorer,我正在使用HttpsURLConnection向Firestore发送GET、POST、补丁和删除请求 private static final String REST_HEADER = "https://firestore.googleapis.com/v1beta1/projects/[my project id]/databases/(default)/documents/"; // Build URL String FirestoreURL = RES
private static final String REST_HEADER = "https://firestore.googleapis.com/v1beta1/projects/[my project id]/databases/(default)/documents/";
// Build URL
String FirestoreURL = REST_HEADER + [my document path] + "?key=" + [my web api key];
// Create URL
URL cloudFirestoreEndPoint = new URL(FirestoreURL);
// Create connection
myHttpsConnection = (HttpsURLConnection) cloudFirestoreEndPoint.openConnection();
// Set Request Method
myHttpsConnection.setRequestMethod("PATCH");
// Set Writable
myHttpsConnection.setDoOutput(true);
// Set Https Connection properties
myHttpsConnection.setRequestProperty("Content-Type", "application/json");
// Create output stream linked to our https connection
OutputStreamWriter streamWriter = new OutputStreamWriter(myHttpsConnection.getOutputStream());
// Write to buffer
streamWriter.write([my json]);
// Send out the buffer
streamWriter.flush();
// Close the stream
streamWriter.close();
// disconnect
myHttpsConnection.disconnect();
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request == 'MY WEB API KEY???';
}
}
}
你将如何在Firestore中写这篇文章?以下是我如何解决这个问题的。您在googleapis端点发送令牌请求。您将收到一个有效负载,其中包含一个长密钥,然后必须将该密钥添加到所有路径、get、post。。。请求 这是获取令牌的请求
// Build URL
String authenticationURL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty";
if(methodType_.equals("SIGN_UP")){
authenticationURL = authenticationURL + "/signupNewUser";
}else if(methodType_.equals("SIGN_IN")){
authenticationURL = authenticationURL + "/verifyPassword";
}else{
return null;
}
authenticationURL = authenticationURL + "?key=" + webApiKey_;
// Create URL
URL endPointURL = new URL(authenticationURL);
// Create connection
myHttpsConnection = (HttpsURLConnection) endPointURL.openConnection();
// Set Request Method
myHttpsConnection.setRequestMethod("POST");
// Set Writable
myHttpsConnection.setDoOutput(true);
// Set Https Connection properties
myHttpsConnection.setRequestProperty("Content-Type", "application/json");
// Generate JSON from the data
String myJSON_str = "{\"email\":\"" + email,\"password\":\"" +
password_ + "\",\"returnSecureToken\":true}";
JSONObject myJSON = new JSONObject(myJSON_str);
// Create output stream linked to our https connection
OutputStreamWriter streamWriter = new OutputStreamWriter(myHttpsConnection.getOutputStream());
// Write to buffer
streamWriter.write(myJSON.toString());
// Send out the buffer
streamWriter.flush();
// Close the stream
streamWriter.close();
// Get Response Code
myResponseCode = myHttpsConnection.getResponseCode();
// If connection successful
if (myResponseCode == HttpURLConnection.HTTP_OK) {
// Get Input Stream
InputStream streamReader = myHttpsConnection.getInputStream();
InputStreamReader responseBodyReader = new InputStreamReader(streamReader, "UTF-8");
// Buffer the inputstream
BufferedReader br = new BufferedReader(responseBodyReader);
// Create JsonReader from input stream
JsonReader jsonReader = new JsonReader(br);
// My custom method to convert a JSON to a readable thing
ArrayList<Field_Value> myFields = JSON_Methods.convertFirestoreJSON(jsonReader);
// Close Streams
jsonReader.close();
br.close();
responseBodyReader.close();
streamReader.close();
// Get The IdToken Field
idToken_ = Field_Value.getFieldValue(myFields,"idToken");
}
我也有同样的问题。你解决这个问题了吗?是的,我已经更新了代码如何验证firestore安全规则中的密钥?
// Set Authorization header
myHttpsConnection.setRequestProperty("Authorization", "Bearer " + idToken_);