【发布时间】:2020-05-05 16:59:09
【问题描述】:
我正在尝试在 firebase 云函数中使用 firebase-tools 的递归删除。我正在用模拟器对此进行测试。
但目前,我并不是很成功。
CLI 似乎正在使用 Firestore REST API。模拟器可以用吗?
我的功能是这样的:
import * as firebaseTools from 'firebase-tools';
import { db } from './admin';
const DEBUG = true;
export async function deleteUserData(userId) {
if (DEBUG) console.log('Delete user data', userId);
await firebaseTools.firestore.delete(`users/${userId}/contacts/`, {
project: db._projectId,
recursive: true,
yes: true, // auto-confirmation
});
if (DEBUG) console.log('User data deleted', userId);
}
这是来自模拟器的日志:
i functions: Beginning execution of "deleteUserData"
> Delete user data 4AiyOyCnAPSrKhc1Ycf6nVDqLoD2
> i You have set FIRESTORE_EMULATOR_HOST=tornado.local:3344, this command will execute against the firestore emulator running at that address.
⚠ Google API requested!
- URL: "https://cloudresourcemanager.googleapis.com/v1/projects/myapp-dev-f7v4:testIamPermissions"
- Be careful, this may be a production service.
⚠ External network resource requested!
- URL: "http://tornado.local:3344/v1beta1/projects/myapp-dev-f7v4/databases/(default)/documents/users/4AiyOyCnAPSrKhc1Ycf6nVDqLoD2:runQuery"
- Be careful, this may be a production service.
> Error with Delete FirebaseError: Failed to delete documents FirebaseError: HTTP Error: 403,
> Null value error. for 'list' @ L11
> at Timeout.<anonymous> (/Users/pitouli/Documents/GIT/myapp-app/functions/node_modules/firebase-tools/lib/firestore/delete.js:251:28)
> at listOnTimeout (internal/timers.js:549:17)
> at processTimers (internal/timers.js:492:7) {
> name: 'FirebaseError',
> children: [],
> context: undefined,
> exit: 1,
> message: 'Failed to delete documents FirebaseError: HTTP Error: 403, \n' +
> "Null value error. for 'list' @ L11",
> original: undefined,
> status: 500
> }
i functions: Finished "deleteUserData" in ~1s
感谢您的帮助!
编辑 1:REST API 似乎应该与模拟器一起使用,因为它在此处作为示例给出:https://firebase.google.com/docs/emulator-suite/connect_and_prototype#clear_your_database_between_tests
我注意到,在我的例子中,请求是在v1beta1 端点上发出的,而它是在文档示例中的v1 端点上发出的。
编辑 2:遵循@sam 的建议,我使用非限制性规则进行了测试,并且可以正常工作。但据我所知,Cloud Functions 应该忽略规则(#gangsta)
这是我的“正常”规则:
service cloud.firestore {
match /databases/{database}/documents {
// Make sure the uid of the requesting user matches name of the user
// document. The wildcard expression {userId} makes the userId variable
// available in rules.
match /users/{userId} {
allow read, update, delete: if request.auth.uid == userId;
allow create: if request.auth.uid != null;
}
match /users/{userId}/{document=**} {
allow create, read, update, delete: if request.auth.uid == userId;
}
}
}
这是我用于测试的那些:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
【问题讨论】:
-
[Firebaser here] 这应该在模拟器中工作,但看起来你发现了一个错误。如果您临时调整安全规则以允许所有删除,这是否有效?
-
你好@SamStern:你明白了:)“开放规则”,它有效。我编辑我的帖子以提供我的规则。我相信它们是正确的(非常宽容,但它们应该足以防止用户访问另一个用户的数据);如果你确认,我会开一个bug票
-
谢谢!我在这里提交了一个修复 (github.com/firebase/firebase-tools/pull/2211),它将包含在下一个 CLI 版本中。
标签: firebase google-cloud-firestore google-cloud-functions firebase-tools