我使用Firebase的目的很简单-只是为WordPress创建一个实时按钮,该按钮在单击后就会消失。没有用户/身份验证。
如何制定安全规则,以防止他人篡改数据库,但允许按钮正常工作?我知道的简单方法是设置安全性write": false,但此按钮将无法工作,因为Firebase变量无法更改/更新。 Documentation似乎更针对具有用户的应用程序,但是似乎提到了能够为某些路径设置读/写/等限制。
也许我可以做到,以便仅更新使用的Firebase路径/变量?
var database = firebase.database();
//firebase queue
//**************
///timer fb
let timestamp;
let now = new Date().getTime();
let endTimeRef = firebase.database().ref("server");
let endTime;
let minutes;
let secondsDisplay;
let distance= endTime-now;
let buttonDisplay= document.getElementById("queue");
let timerDisplay = document.getElementById("timer_fb");
let message= document.getElementById("timer_div");
function displayTimer(){
minutes = Math.floor((distance % (1000 * 60 * 60)) / (1000 * 60));
secondsDisplay= Math.floor((distance % (1000 * 60)) / 1000);
let s;
if (minutes >= 1 || secondsDisplay >= 1) {
if (minutes >= 1 && secondsDisplay >= 10) {
s = "Time Until Next Person: " + minutes + ":" + secondsDisplay;
} else if (minutes >= 1) {
s = "Time Until Next Person: " + minutes + ":0" + secondsDisplay;
} else {
s = "Time Until Next Person: " + secondsDisplay + "s";
}
} else {
s = "";
}
document.getElementById("timer_fb").innerHTML = s;
}
function setTimer() {
let interval = setInterval(function() {
now = new Date().getTime();
distance= endTime-now;
//update timer display
displayTimer();
if (distance <= 0) {
buttonDisplay.style.display = "block";
timer_div.style.display = "block";
document.getElementById("timer_div").innerHTML = "This session is open!";
clearInterval(interval);
timerState.set('off');
endTimeRef.set(0);
}
}, 1000);
}
//display timer
//state machine
let timerState = firebase.database().ref("timerState");
let timer;
timerState.on("value", function(snapshot) {
timer= snapshot.val();
if(timer == "on"){
buttonDisplay.style.display = "none";
message.style.display = "none";
endTimeRef.once("value", function(snap) {
let endStamp = snap.val();
console.log("stored button snap value check: ", snap.val());
now = new Date().getTime();
endTime= endStamp +100000;
distance= endTime-now;
//show display right after button is pressed
displayTimer();
setTimer();
});
}
});
//********
//*****on click handler
document.getElementById("queue").onclick = function() {
//hide button
buttonDisplay.style.display = "none";
message.style.display = "none";
//set time button comes back
now = new Date().getTime();
endTime= now + 100000;
endTimeRef.set(now);
//firebase state machine
timerState.set('on');
//setInterval handler, used for timer/countdown
//need to wrap interval in function so that it can be reused
};
答案 0 :(得分:0)
我不明白您的意思是仅使用的Firebase路径/变量可以更新? 但是,如果您不使用身份验证,如何区分哪些用户可以访问该值,哪些用户不能访问该值?或者要使所有用户仅在某些情况下可以读取此值,才能进行修改?