Can't read data from Firebase after authentication

时间:2016-01-17 18:54:49

标签: javascript firebase firebase-security firebase-authentication

Hello guys I'm new to Firebase and I am trying to develop a simple chat app. So far I have got the authentication done following the steps on the Firebase documentation.

This is my login method

loginUser: function(){
        console.log("Login button");
        var self = this;
        ref.authWithOAuthPopup("github", function(error, authData) {
            if (error) { console.log("Login Failed!", error);} 
            else {
                console.log(authData);
                ref.child("users").child(authData.uid).set({
                    auth : authData.auth,
                    provider : authData.provider,
                    name : authData.github.displayName,
                    imgUrl : authData.github.profileImageURL,
                    token: authData.token
                });
                self.user.name = authData.github.displayName;
                self.user.imgUrl = authData.github.profileImageURL;
                self.user.provider = authData.provider;
                setTimeout(function(){ self.authenticated = true; }, 2000);
                this.getContacts();
            }
        },{ 
            remember : "sessionOnly", 
            scope: "user"
        });

    }

and this is the getContacts method (I tried to console the snapshot but I got nothing)

    getContacts: function(){
        console.log('GET CONTACTS');
        var self = this;
        //retrieving all the user, but for somehow this request doesn't execute
        ref.child('users').once('value',function(snapshot){
            var contacts = snapshot.val();
            console.log(contacts);
            for(var contact  in contacts){
             self.contacts.push({
                id: contact,
                name: contacts[contact].name,
                imgUrl: contacts[contact].imgUrl,
                provider: contacts[contact].provider
             });
            }
        });
    }

these are the security rules

{
  "rules": {
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
         ".write": "auth !== null && auth.uid === $uid",
         // grants read access to any user who is logged in with GitHub
         ".read": "auth !== null && auth.provider === 'github'"
       }
     }
 }

I have to mention that I'm using Vuejs

1 个答案:

答案 0 :(得分:4)

您授予特定用户访问权限:/users/$uid。但是,要能够对Firebase中的节点运行查询,您必须具有对该节点的读取权限。因此,Firebase会拒绝您的查询,因为您无法访问/users。该文档在"rules are not filters"部分中介绍了这一点。许多人遇到这个问题,因为这是关系数据库中非常常见的方法。 rules are not filterspermissions cascade down这一事实是Firebase安全模型最常见的两个陷阱。

在这种情况下,您可能希望授予所有用户访问整个/users节点的权限,因此您只需将读取权限提升一级:

{
  "rules": {
   // grants read access to any user who is logged in with GitHub
   ".read": "auth !== null && auth.provider === 'github'"
    "users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
         ".write": "auth !== null && auth.uid === $uid",
       }
     }
 }

通过这个每个github认证的用户,可以读取所有用户,因此查询不会被拒绝。

在其他情况下,您可能需要对数据进行不同的建模,以使用您想要的安全约束。

相关问题
最新问题