Node.js 我可以在没有nodejs admin验证的情况下写入firestore吗
我编写了一个云函数,该函数在上传到云存储后调整图像大小,然后返回上传图像的签名URL,但当我尝试在之后将URL写入firestore时,我得到了一个权限\u拒绝:缺少或权限不足错误。有没有办法在不改变firestore规则的情况下允许任何人进行读/写访问 代码如下:Node.js 我可以在没有nodejs admin验证的情况下写入firestore吗,node.js,firebase,google-cloud-firestore,google-cloud-functions,firebase-admin,Node.js,Firebase,Google Cloud Firestore,Google Cloud Functions,Firebase Admin,我编写了一个云函数,该函数在上传到云存储后调整图像大小,然后返回上传图像的签名URL,但当我尝试在之后将URL写入firestore时,我得到了一个权限\u拒绝:缺少或权限不足错误。有没有办法在不改变firestore规则的情况下允许任何人进行读/写访问 代码如下: import * as functions from "firebase-functions"; import * as admin from "firebase-admin"; import * as fs from "fs-e
import * as functions from "firebase-functions";
import * as admin from "firebase-admin";
import * as fs from "fs-extra";
import { tmpdir } from "os";
import { join, dirname } from "path";
import * as sharp from "sharp";
admin.initializeApp({
credential: admin.credential.applicationDefault()
});
const gcs = admin.storage();
const db = admin.firestore();
export const generateThumbs = functions.storage
.object()
.onFinalize(async object => {
const bucket = gcs.bucket(object.bucket);
const filePath = object.name as string;
const fileName = filePath.split("/").pop();
const bucketDir = dirname(filePath);
const workingDir = join(tmpdir(), "thumbs");
const tmpFilePath = join(workingDir, "source.png");
if (fileName?.includes("@") || !object.contentType?.includes("image")) {
console.log("exists, returning false...");
return false;
}
// Ensure thumbnail dir exists
await fs.ensureDir(workingDir);
// Download source file
await bucket.file(filePath).download({
destination: tmpFilePath
});
// Resize the images and define an array of upload promises
const sizes = [64, 128, 320, 640];
const uploadPromises = sizes.map(async size => {
const imageName = fileName?.split(".")[0];
const imageExt = fileName?.split(".")[1];
const thumbName = `${imageName}@${size}.${imageExt}`;
const thumbPath = join(workingDir, thumbName);
// Resize source images
return sharp(tmpFilePath)
.resize(size, size)
.toFile(thumbPath)
.then(outputInfo => {
// Upload to GCS
return bucket
.upload(thumbPath, {
destination: join(bucketDir, thumbName)
})
.then(async res => {
return res[0]
.getSignedUrl({
action: "read",
expires: "01-01-2040"
})
.then(signedUrlRes => {
console.log(`url: ${signedUrlRes[0]}`);
// const docRef = db
// .collection("/cities")
// .doc(imageName?.split("_")[0] as string);
// return db.runTransaction(t => {
// t.set(docRef, {
// imageUrl: signedUrlRes[0]
// });
// return Promise.resolve();
// });
return db
.collection("/cities")
.doc(imageName?.split("_")[0] as string)
.set({
imageUrl: signedUrlRes[0]
})
.then(res => console.log("written"))
.catch(e => {
console.log("Firebase write error");
console.log(e);
throw Error(e);
});
})
.catch(e => {
console.log(e);
throw Error(e);
});
});
});
});
// Run upload operations
await Promise.all(uploadPromises).catch(e => {
console.log(e);
throw Error(e.message);
});
return fs.remove(workingDir).catch(e => {
console.log(e);
throw Error(e.message);
});
});
已将管理员初始化app()更改为
admin.initializeApp({
credential: admin.credential.applicationDefault()
});
到
这很奇怪,firebase管理员可以写入任何集合中的任何文档,而不管Firestore规则如何。这就是为什么可以在前端公开公钥,但您永远不想公开管理密钥。云函数中运行的代码始终可以读取和写入项目资源,绕过所有安全规则。你可能做错了什么。我已经添加了代码。请检查一下。错误总是出现在firestore写入函数中。您是否尝试过不带任何参数的
admin.initializeApp()
?这是最近推荐的做法。我想这是我一开始使用的方法,当它不起作用时,我换到了问题中的方法,然后在答案中
admin.initializeApp(functions.config().firebase);