Firestoreのルール設定 割と何でも出来てビビる/Firestore rule setting

Transcript

1. Firestoreͷϧʔϧઃఆ ׂͱԿͰ΋ग़དྷͯϏϏΔ גࣜձࣾRe:Build Յ਺ ါىʢ@kkznchʣ 2019೥5݄17೔ʢۚʣ WebφΠτٶ࡚ Vol.4 ʙͯ͛FirebaseΛֶͼ͍ͨʙ

2. ͚͚ͣΜ @kkznch Յ਺ ါى 1990೥ͷԭೄੜ·Ε ిྗձࣾͷITΠϯϑϥɺηΩϡϦςΟ ↓ גࣜձࣾRe:BuildͰWebΤϯδχΞ

3. ձࣾ঺հ • גࣜձࣾRe:Buildʢ2017೥11݄ʹઃཱʣ • ݱࡏͷࣾһ਺͸໊̑ • ԭೄΛڌ఺ͱ͠ɺجຊతʹ͸Laravel΍Vue.jsΛ ࢖ͬͯडୗɾࣗࣾαʔϏε։ൃΛ͍ͯ͠Δ • ϦϞʔτϫʔΫɺࣗ༝ͳಇ͖ํΛਪ঑͍ͯ͠Δ

4. Firestore

5. Google͕ఏڙ͢ΔNoSQL DB

6. ֊૚ܕσʔλߏ଄ ΞΫηεϧʔϧΛઃఆͰ͖Δ

7. ΋͠ϧʔϧΛઃఆ͠ͳ͍ͱ…

8. Databaseͷϧʔϧ

9. ֊૚͝ͱʹϧʔϧΛద༻ usersͱɺͦͷதͷimagesʹ ରͯͦ͠ΕͧΕϧʔϧΛద༻Ͱ͖Δ service cloud.firestore { match /databases/{database}/documents { match

   /users/{userId} { // rules… match /images/{imageId} { // rules… } } } }

10. ֊૚ҎԼશͯʹϧʔϧΛద༻ service cloud.firestore { match /databases/{database}/documents { match /{users=**} {

    // rules… } } } usersͱͦͷԼҐશͯʹϧʔϧΛద༻

11. allowϧʔϧྫ̍ʢςετ༻ʣ service cloud.firestore { match /databases/{database}/documents { match /{document=**} {

    allow read, write: if true; } } } υΩϡϝϯτશମʹৗʹread, writeΛallow͢ΔΑ

12. allowϧʔϧྫ̎ service cloud.firestore { match /databases/{database}/documents { match /{document=**} {

    allow read, write: if request.auth != null; } } } ϩάΠϯ͍ͯ͠ΔͳΒread, writeΛallow͢ΔΑ

13. allowͷछྨ • read ‣ get ‣ list • write ‣

    create ‣ update ‣ delete

14. request, resource ม਺ • request ‣ ΫϥΠΞϯτ͔ΒͷϦΫΤετʹؔ ͢Δ৘ใΛࢀরͰ͖Δ • resource

    ‣ ݱࡏͷDBͷঢ়ଶΛࢀরͰ͖Δ

15. get(), exists() ϝιου • get() ‣ Ҿ਺ʹ༩͑ͨύε͔ΒΦϒδΣΫτ Λऔಘ͢Δ • exists()

    ‣ Ҿ਺ʹ༩͑ͨύεʹΦϒδΣΫτ͕ ଘࡏ͢Δ͔bool஋Ͱฦ͢

16. in ʹ͍ͭͯ • if x in y ‣ x͕഑ྻyʹؚ·Ε͍ͯΔ͔ΛνΣο Ϋ͢Δ

17. ૊Έ߹ΘͤΔͱ͍͍ײ͡ʹͳΔ service cloud.firestore { match /databases/{database}/documents { function getRoom(roomId) {

    return get(/databases/{database}/documents/rooms/{roomId}); } match /rooms/{roomId} { allow read, update: if request.auth != null && request.auth.uid in getRoom(roomId).data.users; } } } ྫɿϧʔϜϝϯόʔͰ͋Ε͹read, update͕Ͱ͖Δ

18. ·ͱΊ

19. ·ͱΊ • Firestore͸ϦιʔεຖʹೝՄͷઃఆ͕Ͱ͖Δ • allow, function, request/resourceม਺, get()/ exists()ͳͲΛ૊Έ߹Θͤͯࡉ͔͍ઃఆ͕Մೳ •

    ద੾ʹϧʔϧΛઃఆͯ͠৘ใΛकΓ·͠ΐ͏