firebase-meetup-#11-2019-02-18

55c65de66a523fad9f41b21e70dcfa29?s=47 Tomokazu Kozuma
February 18, 2019
Programming
6
1.1k

 firebase-meetup-#11-2019-02-18

55c65de66a523fad9f41b21e70dcfa29?s=128

Tomokazu Kozuma

February 18, 2019
Tweet

Want more?

55c65de66a523fad9f41b21e70dcfa29?s=48 tomokazukozuma
0
110
55c65de66a523fad9f41b21e70dcfa29?s=48 tomokazukozuma
2
220
55c65de66a523fad9f41b21e70dcfa29?s=48 tomokazukozuma
4
1.7k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
1
100
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
1
54
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
60
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
4
120
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
3
140
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
2
210
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
2
390
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
110
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
200

Transcript

  1. 1.

    'JSFTUPSFSVMFTͷӡ༻ͱ -PDBM&NVMBUPSΛ࢖ͬͨςετ Tomokazu Kozuma 2019 / 02 / 18 /

    MON Firebase Meetup #11
  2. 2.

    A B O U T M Y S E L

    F ࣗݾ঺հ Tomokazu Kozuma @Tomokazu106 ౦ژ޻ۀେֶେֶӃଔۀޙɺαΠόʔΤʔδΣϯτͰεϚϗήʔϜͷαʔόɺΠϯ ϑϥશൠΛ୲౰ɻԾ૝௨՟ʹ͍ٕͭͯज़ϒϩάΛॻ͍ͯΔ͏ͪʹ຅಄͠ɺຊ৬ͱ ͯ͠஫ྗ͢ΔͨΊʹ(JODPʹೖࣾɻ(JODPͰ͸ϒϩοΫνΣʔϯͷϊʔυӡ༻ɺϋʔ υϑΥʔΫରԠɺόοΫΤϯυͳͲ޿ൣғΛ୲౰ɻ
  3. 3.

    Company Profile

  4. 4.

    ·ͱΊͯͻͱͭʹ BITCOIN Blockchain BITCOIN CASH Blockchain LITECOIN Blockchain XRP(Ripple) Blockchain

    ETHEREUM CLASSIC Blockchain ETHEREUM Blockchain
  5. 5.

    ෳ਺ͷԾ૝௨՟Λ·ͱΊͯ؅ཧ

  6. 6.

    T I T L E T E X T શମߏ੒

  7. 7.

    ֓ཁ • 'JSFTUPSFͰى͍ͬͯ͜ΔηΩϡϦςΟ໰୊ • (JODPͷSVMFTӡ༻ͷมભ • -PDBM&NVMBUPSΛ࢖ͬͨςετ A G E

    N D A
  8. 8.

    'JSFTUPSFͰى͍ͬͯ͜Δ໰୊ P A R T 1

  9. 9.

    S e c u r i t y P r

    o b l e m ԯ݅ͷػີ৘ใ͕ެ։͞Ε͍ͯΔ • 'JSFCBTF%BUBCBTFΛ࢖͍ͬͯΔ಺ͷ͕࿙Ӯ • ݪҼ͸SVMFTΛ͖ͪΜͱઃఆͰ͖͍ͯͳ͍ h t t p s : / / w w w . a p p t h o r i t y . c o m / c o m p a n y / p r e s s / p r e s s - r e l e a s e s / 6 2 - o f - e n t e r p r i s e s - e x p o s e d - t o - s e n s i t i v e - d a t a - l o s s - v i a - f i r e b a s e - v u l n e r a b i l i t y
  10. 10.

    'JSFTUPSFͷηΩϡϦςΟجૅ • ΫϥΠΞϯτ͔Β௚઀'JSFTUPSFΞΫηεͰ͖Δ • ΞΫηεʹ͸"1*Ωʔ͕ඞཁ • "1*Ωʔ͸ΫϥΠΞϯτʹຒΊࠐΉͷͰ୭Ͱ΋ΈΕΔ • ୭Ͱ΋ΞΫηεͰ͖Δ͔ΒSVMFTͰ੍ޚ A

    b o u t F i r e s t o r e
  11. 11.

    'JSFTUPSFSVMFT • SFBEXSJUFݖݶ • σʔλͷόϦσʔγϣϯ T I T L E

    T E X T Firestore Cloud 3VMFT "1*ΩʔͰΞΫηε
  12. 12.

    • SFBE୯ҰEPDΛऔಘ͢ΔHFUͱෳ਺औಘ͢ΔMJTU • XSJUFDSFBUF VQEBUF EFMFUF SFBEXSJUFݖݶ R e a

    d R e s t r i c t i o n match /Users/{uid} { allow get: if someCondition(); allow create: if someCondition(); } function someCondition() { … }
  13. 13.

    • ϦΫΤετσʔλɿSFRVFTUSFTPVSDFEBUB • 'JSFTUPSFσʔλɿSFTPVSDFEBUB • ܕɿJOU TUSJOH CPPM UJNFTUBNQͳͲ •

    LFZɿIBT"MM IBT0OMZ IBT"OZ σʔλͷόϦσʔγϣϯ D a t a V a l i d a t i o n match /Users/{uid} { allow update: if request.resource.data.keys().hasAll(["name", "age"]) && request.resource.data.name is string && request.resource.data.name != "" && request.resource.data.age == resource.data.age }
  14. 14.

    5 S e t t i n g s e

    c u r e r u l e s ػີσʔλ͸ผ֊૚ผSVMFTʹ͢Δ ϫΠϧυΧʔυͰͷSVMFTઃఆʹؾΛ͚ͭΔ ৘ใ࿙Ӯ͠ͳ͍ͨΊͷSVMFTઃఆ
  15. 15.

    • ผ֊૚ʹͯ͠SVMFTઃఆΛݫ͘͢͠Δ ػີσʔλ͸ผ֊૚ D i v i d e S

    e c r e t D a t a match /Users/{uid} { // ೝূࡁϢʔβʹެ։ allow read: if isAuthUser(); // ࣗ෼ͷσʔλ͚ͩʹΞΫηεՄ match /Private/Info { allow read: if isMyData(uid); } } function isMyData(uid) { return request.auth.uid == uid; }
  16. 16.

    ϫΠϧυΧʔυͰͷSVMFTઃఆ • ϫΠϧυΧʔυͰෳ਺SVMF͕ద༻͞ΕͯڐՄ͞ΕΔ U s i n g w i

    l d c a r d match /Users/{uid} { // ৚݅1 match /{allChildren=**} { allow read: if isAuthUser(); } // ৚݅2 match /Private/Info { allow read: if isMyData(uid); } } function isMyData(uid) { return request.auth.uid == uid; }
  17. 17.

    (JODPͷSVMFTӡ༻ͷมભ P A R T 2

  18. 18.

    ϦϦʔεॳظ • ϦϦʔε౰ॳ͸SVMFTͷςετ͕ͳ͔ͬͨ • σϓϩΠ͔ͯ͠Βಈ࡞νΣοΫͳͷͰ͕͔͔࣌ؒΔ • ։ൃ؀ڥʹӨڹΛ༩͑ͯ͠·͏ E a r

    l y S t a g e
  19. 19.

    ϦϦʔεதظ • SVMFT͕ߦΛ௒͑͸͡Ίͯมߋ͕ࠔ೉ʹͳ͖ͬͯͨ • SVMFTΛมߋͰ͖ΔΑ͏ʹςετίʔυΛ࣮૷ • ςετ͢Δʹ͸ςετ༻ͷ'JSFCBTF1SPKFDU͕ඞཁ M i d

    d l e S t a g e
  20. 20.

    ςετ1SPKFDUΛ࢖ͬͨςετ

  21. 21.

    SVMFTͷςετํ๏ • 'JSFCBTF4%,ʹ͸$MJFOU4%,ͱ"ENJO4%,͕͋Δ • $MJFOU4%,͚ͩSVMFT͕ద༻͞ΕΔ • +BWB4DSJQU͚ͩͭͷ4%,͕͋Δ H o w

    t o t e s t Firestore Cloud $MJFOU4%, "ENJO4%, 3VMFT
  22. 22.

    • UFTUͷͨΊͷ'JSFCBTFϓϩδΣΫτΛ࡞੒ • 'JSFCBTF"VUIFOUJDBUJPOͰಗ໊ೝূΛ༗ޮԽ • ωοτϫʔΫӽ͠ͳͷͰ͕͔͔࣌ؒΔ • SVMFTͱςετσʔλͷڝ߹ ςετ1SPKFDUΛ࢖ͬͨํ๏ T

    e s t u s i n g p r o j e c t Firestore Cloud
  23. 23.

    ݱࡏ • ೥݄ʹ'JSFTUPSF-PDBM&NVMBUPSൃද • SVMFTͷςετ͸ϩʔΧϧ؀ڥ͚ͩͰ׬݁ • ଞਓͷ࡞ۀΛҙࣝ͠ͳͯ͘ྑ͘ͳͬͨͷͰSVMFTͷ௥Ճɺ मਖ਼͕͠΍͘͢ͳͬͨ P r

    e s e n t S t a g e
  24. 24.

    -PDBM&NVMBUPSΛ࢖ͬͨςετ P A R T 3

  25. 25.

    'JSFCBTF-PDBM&NVMBUPS • ςετʹ͸!pSFCBTFUFTUJOHϞδϡʔϧΛ࢖༻ • ೝূະೝূΞΧ΢ϯτɺ"ENJOΞΧ΢ϯτΛ؆୯ʹར ༻Ͱ͖Δ • ςετσʔλͷڝ߹͠ͳ͍͠ɺUSVODBUF͠ͳ͍͍ͯ͘ • ςετ࣮ߦ͕࣌ؒʹ࡟ݮ

    L o c a l E m u l a t o r
  26. 26.

    L o a d r u l e s SVMFTͷϩʔυ

    import * as firebase from ‘@firebase/testing’ // rulesͷϩʔυ firebase.loadFirestoreRules({ projectId: 'test-project-00', rules: fs.readFileSync("firestore.rules", "utf8") }) • SVMFTͷϩʔυ͸೚ҙͷQSPKFDU*EͰͰ͖Δ • QSPKFDU*EผʹݸผͷσʔλۭؒΛ࣋ͯΔ • ςετຖʹQSPKFDU*EΛมߋ͢Ε͹·ͬ͞Βͳঢ়ଶ
  27. 27.

    • ෳ਺ͷೝূΞΧ΢ϯτΛಉ࣌ʹѻ͑Δ L o a d r u l e

    s ΞΧ΢ϯτ࡞੒ // ೝূࡁΞΧ΢ϯτ const firestore = firebase .initializeTestApp({ projectId: ‘test-project-00', auth: {uid: ‘test-account’} }) .firestore(); // AdminΞΧ΢ϯτ const adminFirestore = firebase .initializeAdminApp({ projectId: 'test-project-00', auth: ‘admin-account’ }) .firestore();
  28. 28.

    ·ͱΊ • SVMFTͷઃఆͰجຊతʹ৘ใ࿙Ӯ͸๷͛Δ • ػີ৘ใ͸֊૚Λ෼͚ͯϫΠϧυΧʔυΛଟ༻͠ͳ͍ • SVMFTͷςετ͸-PDBM&NVMBUPSͰޮ཰Խ S u m

    m a r y