Javascript 从不使用';我没有授权
我使用以下Firestore安全规则:Javascript 从不使用';我没有授权,javascript,firebase,google-cloud-firestore,firebase-security,Javascript,Firebase,Google Cloud Firestore,Firebase Security,我使用以下Firestore安全规则: // Allow read/write access on all documents to any user signed in to the application service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth.uid != nu
// Allow read/write access on all documents to any user signed in to the application
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid != null;
}
}
}
fetch(url, {
method: 'GET',
headers: {
Accept: 'application/json',
}
}).then(response => {
if (response.ok) {
response.json().then(json => {
if(json.data == "Manual sale") {
alert("Manual sale complete! Return to Fairstarter!");
return;
}
var quant = 0;
var itemsRef = db.collection('items');
var query = itemsRef.where('barcode', '==', String(json.data)).get()
.then(snapshot => {
snapshot.forEach(doc => {
....
//UPDATE THAT IS LOCKED OUT BY PERMISSIONS
itemsRef.doc(doc.id).update({
[Object.keys(doc.data())[0]]]: {
quantity: newVal
}
})
如何在允许回调脚本更新数据库的同时保持数据库的安全?使用firebase匿名登录,在配置firebase后,我将其放在脚本的顶部:
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// User is signed in.
var isAnonymous = user.isAnonymous;
//alert(user.uid);
// ...
} else {
// User is signed out.
// ...
}
// ...
});
firebase.auth().signInAnonymously().catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// ...
alert(errorMessage);
});
别忘了在firebase项目设置中启用匿名身份验证。请不要只是贴上一些外观一般的标签。确保您阅读了标签信息,并为您的问题获取了正确的标签。例如,标签是针对实时数据库的,而不是firestore.javascript。不过,潜在的解决方案可能需要某种javascript匿名身份验证……显然只是猜测,因为我还没有找到答案