Cloud Firestore Authorisation and Security Rule
[Ko]
- 현재 보안 규칙은 테스트용으로 만들었기 때문에 공개라서 누구나 read, write가 가능함. 이를 인증이 요구되도록 보안 규칙을 바꾸자.
- firebase - database - rules(규칙) —> 자세히 알아보기 —>
https://firebase.google.com/docs/firestore/security/get-started?authuser=1
—> 인증 필요(AUTH REQUIRED) —> copy
—> 현재 보안 규칙 덮어쓰기 —> 게시(publish) 클릭
- 변경 전
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write;
}
}
}
- 변경 후
// Allow read/write access on all documents to any user signed in to the application
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid != null;
}
}
}
- 왼편 시뮬레이터에서 보안 규칙이 정상적으로 작동하는지를 테스트 함.
—> get, location : /documents/messages, authenticated를 토글하면서 테스트
[En]
- Since the current security rules are made for testing, anyone can read and write because they are public. Let's change the security rules to require authentication.
- firebase-database-rules —> learn more —>
https://firebase.google.com/docs/firestore/security/get-started?authuser=1
—> AUTH REQUIRED —> copy
—> Overwrite current security rules —> Click Publish
Before change
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write;
}
}
}
After change
// Allow read/write access on all documents to any user signed in to the application
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid != null;
}
}
}
- Tested whether the security rules work normally in the simulator on the left.
—> Get, location: test while toggling / documents / messages, authenticated