Firebase 如何在Flatter中调试Firestore安全规则
我在Flatter中编写了我的第一个应用程序,并且被Firestore的安全规则卡住了。我可以允许写和读,一切正常,但如果我想限制向拥有帐户的用户添加对象,情况就不一样了 更具体地说,我有以下规则:Firebase 如何在Flatter中调试Firestore安全规则,firebase,flutter,google-cloud-firestore,Firebase,Flutter,Google Cloud Firestore,我在Flatter中编写了我的第一个应用程序,并且被Firestore的安全规则卡住了。我可以允许写和读,一切正常,但如果我想限制向拥有帐户的用户添加对象,情况就不一样了 更具体地说,我有以下规则: match /ratings/{anyRatingFile=**} { allow create: if request.auth.uid == get(/databases/$(database)/documents/$(request.resource.data.user))
match /ratings/{anyRatingFile=**} {
allow create: if request.auth.uid == get(/databases/$(database)/documents/$(request.resource.data.user)).id;
}
基本上,如果请求中的用户ID存在,那么我将接受创建请求。我可以使用在线模拟器,它的作品!如果UID未注册,我将被拒绝,否则请求将被接受。但当我尝试在我的Flatter应用程序中创建对象时,它总是会崩溃,并出现以下堆栈跟踪:
W/Firestore(30727): (19.0.0) [Firestore]: Write failed at ratings/48MZwRY66G13g8T0Nl8j: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
E/flutter (30727): [ERROR:flutter/lib/ui/ui_dart_state.cc(148)] Unhandled Exception: PlatformException(Error performing setData, PERMISSION_DENIED: Missing or insufficient permissions., null)
E/flutter (30727): #0 StandardMethodCodec.decodeEnvelope (package:flutter/src/services/message_codecs.dart:564:7)
E/flutter (30727): #1 MethodChannel.invokeMethod (package:flutter/src/services/platform_channel.dart:316:33)
E/flutter (30727): <asynchronous suspension>
E/flutter (30727): #2 DocumentReference.setData (package:cloud_firestore/src/document_reference.dart:51:30)
E/flutter (30727): #3 CollectionReference.add (package:cloud_firestore/src/collection_reference.dart:58:23)
E/flutter (30727): <asynchronous suspension>
E/flutter (30727): #4 MyApp.submitRating (package:MyApp/screens/myscreen.dart:128:16)
E/flutter (30727): #5 MyApp._buildMain.<anonymous closure> (package:MyApp/screens/myscreen.dart:93:24)
E/flutter (30727): #6 _InkResponseState._handleTap (package:flutter/src/material/ink_well.dart:635:14)
E/flutter (30727): #7 _InkResponseState.build.<anonymous closure> (package:flutter/src/material/ink_well.dart:711:32)
E/flutter (30727): #8 GestureRecognizer.invokeCallback (package:flutter/src/gestures/recognizer.dart:182:24)
E/flutter (30727): #9 TapGestureRecognizer._checkUp (package:flutter/src/gestures/tap.dart:365:11)
E/flutter (30727): #10 TapGestureRecognizer.handlePrimaryPointer (package:flutter/src/gestures/tap.dart:275:7)
E/flutter (30727): #11 PrimaryPointerGestureRecognizer.handleEvent (package:flutter/src/gestures/recognizer.dart:455:9)
E/flutter (30727): #12 PointerRouter._dispatch (package:flutter/src/gestures/pointer_router.dart:75:13)
E/flutter (30727): #13 PointerRouter.route (package:flutter/src/gestures/pointer_router.dart:102:11)
E/flutter (30727): #14 _WidgetsFlutterBinding&BindingBase&GestureBinding.handleEvent (package:flutter/src/gestures/binding.dart:218:19)
E/flutter (30727): #15 _WidgetsFlutterBinding&BindingBase&GestureBinding.dispatchEvent (package:flutter/src/gestures/binding.dart:198:22)
E/flutter (30727): #16 _WidgetsFlutterBinding&BindingBase&GestureBinding._handlePointerEvent (package:flutter/src/gestures/binding.dart:156:7)
E/flutter (30727): #17 _WidgetsFlutterBinding&BindingBase&GestureBinding._flushPointerEventQueue (package:flutter/src/gestures/binding.dart:102:7)
E/flutter (30727): #18 _WidgetsFlutterBinding&BindingBase&GestureBinding._handlePointerDataPacket (package:flutter/src/gestures/binding.dart:86:7)
E/flutter (30727): #19 _rootRunUnary (dart:async/zone.dart:1136:13)
E/flutter (30727): #20 _CustomZone.runUnary (dart:async/zone.dart:1029:19)
E/flutter (30727): #21 _CustomZone.runUnaryGuarded (dart:async/zone.dart:931:7)
E/flutter (30727): #22 _invoke1 (dart:ui/hooks.dart:250:10)
E/flutter (30727): #23 _dispatchPointerDataPacket (dart:ui/hooks.dart:159:5)
还有更多的调试信息。firestore网站上的此请求有效,例如返回“允许模拟写入”
身份验证有效负载:
{
"uid": "PCAE2",
"token": {
"sub": "PCAE2",
"aud": "myApp-1",
"email": "",
"email_verified": false,
"phone_number": "",
"name": "",
"firebase": {
"sign_in_provider": "google.com"
}
}
}
为了匿名,我删掉了大部分用户ID,但除此之外,它是一个复制粘贴。在我的本地日志中,我看到以下消息:
W/BiChannelGoogleApi(30727): [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzaq@9304ffb
D/FirebaseAuth(30727): Notifying id token listeners about user ( PCAE2 ).
I/flutter (30727): Logged in
所以有两个问题:
1) 这里的问题是什么
2) 如何调试此类错误?我试图找到一些Firestore日志文件,但找不到。我可以看到我可以编写单元测试,但是网站上的测试没有帮助,因为它通过了
谢谢你的帮助 无法调试Firebase安全规则。但是,您当然可以通过 示例
我解决了我的特殊问题,但总体上我仍然不知道如何调试它。如果你知道,请告诉我 这里的问题是另一条规则:
match /users/{userId}/{anyUserFile=**} {
allow read, write, delete: if request.auth.uid == userId
}
我的错误是,我没有将其包括在问题中,但我认为这不会是一个问题,因为模拟是有效的。无论如何,删除这一行并允许世界上的每个人对/users/表进行读写可以解决问题
这将打开一个新问题列表,不过:
谢谢 请编辑问题,以显示执行查询的代码,该查询的工作方式与您预期的不同。规则没有多大意义,除非它们与规则应该允许或拒绝的查询配对。您的规则要求用户登录,并且文档的内容具有特定值。请编辑此问题以包含所有相关详细信息。我们无法查看您的数据库,也无法查看用户的UID。你可以说一下为什么你认为这个规则应该允许添加文档。谢谢@DougStevenson的帮助,我在问题中添加了更多信息。规则中读取的文档内容,因为它与在应用程序中而不是在控制台模拟器中发出请求的用户的实际uid有关?添加的文档属性
user
是否与已读文档的id属性匹配?这就是您的规则所要求的-请验证应用程序是否真正满足了所有要求。顺便说一下,我不知道在使用您现在的语法构建规则中文档的路径时,您是否可以使用带斜杠的路径组件(例如/users/foo)。您可能需要在文档中构建一个字符串,然后使用path(string)
将其转换为路径,然后将其传递给get()。正如我在问题中所说的,模拟写操作按预期工作,只有我的flatter应用程序崩溃。
W/BiChannelGoogleApi(30727): [FirebaseAuth: ] getGoogleApiForMethod() returned Gms: com.google.firebase.auth.api.internal.zzaq@9304ffb
D/FirebaseAuth(30727): Notifying id token listeners about user ( PCAE2 ).
I/flutter (30727): Logged in
match /users/{userId}/{anyUserFile=**} {
allow read, write, delete: if request.auth.uid == userId
}