我无法获得在firestore规则中工作的自定义声明。我正在使用nodeJS(本地)设置自定义声明并使用firebase中的服务帐户进行初始化。用户令牌会自动添加到请求标头中,并在节点上验证正常。
// Initialize
admin.initializeApp({
credential: admin.credential.cert(serviceAccount as admin.ServiceAccount), // Typing is wrong google!
databaseURL: `https://${serviceAccount.project_id}.firebaseio.com`
});
// Add custom claims for additional privileges.
const payload = await admin.auth().setCustomUserClaims(decodedToken.sub, {
customClaims })
.then(() => ({ ...decodedToken, customClaims }))
.catch(() => void 0);
if (!payload) { res.status(401).json({ error: 'Error setting custom claims on token' }); return; }
自定义声明对象:
// Define custom claims
const customClaims: CustomClaims = {
serverAuth: true,
domain: domainOfUser,
developer: isDeveloper,
admin: isAdmin,
};
Angular Fire 2:用户使用Google重定向登录然后刷新令牌:
if (!this.firebaseAuth.auth.currentUser) { return Promise.reject('User object not found in fireAuth service'); }
return this.firebaseAuth.auth.currentUser.getIdToken(true);
当我这样做时,我做:( fireAuthService是一个处理一些auth东西的自定义服务)
// On user change
this.fireAuthService.user$.pipe(
map(userAuth => { if (!userAuth) { this.userSource.next(null); } return userAuth; }),
filter(notNullOrUndefined),
switchMap(async userAuth => {
const userDoc = this.userCollection.doc<UserDb>(userAuth.uid);
const exists = await userDoc.get().toPromise().then(user => user.exists)
.catch(() => this.fireAuthService.signOut());
if (!exists) {
const res = await this.serverService.createNewUser(userAuth).catch(() => void 0);
if (!res) { this.fireAuthService.signOut(); }
}
return userAuth;
}),
switchMap(userAuth => this.userCollection.doc<UserDb>(userAuth.uid).valueChanges())
).subscribe(async userDb => {
await this.fireAuthService.getAuthToken();
const isAdmin = await this.fireAuthService
.getTokenPayload()
.then(payload => (payload.claims.customClaims as CustomClaims).admin);
this.userSource.next(new CurrentUser(userDb, this.serverService, isAdmin));
runAngularFire();
});
在有效载荷上是我此时的所有自定义声明。 firestore调用用户doc firestore调用是通过仅检查firestore规则中的uid来保护的,这是有效的。
在这一点上,我建立了我的听众。他们失败了,错误:
权限丢失或不足。
firestore规则设置如下:
service cloud.firestore {
match /databases/{database}/documents {
// Allow users to read documents in the user's collection
match /users/{userId} {
allow read: if request.auth.token.sub == userId;
}
// Allow only reads to the db
match /{document=**} {
allow read: if request.auth.token.serverAuth == true;
}
}
我几乎尝试过任何事情而且我很茫然。有什么建议吗?提前谢谢了!
编辑:我还检查了在通道上发送的令牌?database = ...此令牌具有自定义声明...
经过一夜的睡眠,我注意到了我的错误:
const payload = await admin.auth().setCustomUserClaims(decodedToken.sub, { customClaims });
至:
const payload = await admin.auth().setCustomUserClaims(decodedToken.sub, customClaims);
我也测试了一个对象的规则。对象可能在规则中不起作用。