firebase如何使用pincode临时保护数据

时间:2015-05-21 12:21:10

标签: firebase firebase-security

数据

{
    "padlock": {
        "open": 1432206070000
    },
    "boxes": [
        {"owner": "bob", "amount": 23},
        {"owner": "luca", "amount": 13},
        {"owner": "louise", "amount": 4},
        {"owner": "anna", "amount": 34}
    ]
}

安全规则

{
  "rules": {
    "boxes": {
      ".read": "auth !== null",
      ".write": "auth !== null && root.child('padlock').child('when').val() > now - 15000"
    }
  }
}

读取和写入框仅适用于经过身份验证的用户 仅在挂锁在15秒前打开时修改框值 要打开挂锁15秒,只需使用当前时间更新值。

如何使用第二个简单的身份验证层保护挂锁? (如客户端密码)

使用特权工作者的唯一方法是什么? Web客户端将pincode安全地发送给特权工作者。工作人员将检查代码并更新打开的时间戳。添加安全规则,只有工作者才能独占访问'open'

有什么想法吗?

1 个答案:

答案 0 :(得分:0)

我认为我找到了一个只使用安全规则的解决方案

如何使用基于密码的锁(如密码)

保护某些数据不受写访问

DATA

{
  "boxes" : [
    {"amount" : 23},
    {"amount" : 11},
    {"amount" : 34},
    {"amount" : 3}
  ],
  "key" : {
    "oldPassword" : "xxxxxxx",
    "password" : "xxxxxxx"
  },
  "lock" : {
    "password" : "xxxxxxx",
    "open" : 1432292525055
  }    
}

规则

{
  "rules": {
    "key": {
      // nobody can read the key
      ".read": false,

      // only people who know the key can change it
      // if no key exists you can stil create it
      ".write": "data.child('password').val() === newData.child('oldPassword').val() || !data.exists()",

      // password (string) must exists and be different than the old one
      ".validate": "newData.child('password').isString() && newData.child('oldPassword').isString() && newData.child('password').val() !== newData.child('oldPassword').val()"
    },
    "lock": {
      // nobody can read the lock
      ".read": false,

      // only people knowing the key can create the lock
      // to prevent partial write (without the password), only create and delete are authorized (no data update)
      ".write": "(!data.exists() && root.child('key').child('password').val() === newData.child('password').val()) || !newData.exists()",

      // open is the creation time
      ".validate": "newData.child('open').val() === now"
    },
    "boxes": {
      ".read": "true",

      // write only allowed for 15 sec after the padlock is open
      ".write": "root.child('padlock').child('open').val() > now - 15000"
    }
  }
}