我正在尝试在保护数据时找出Firebase实时数据库结构的最佳实践 . 我已经阅读了有关如何使用Firebase Realtime Database Rules保护数据库的信息 .
例如:用户添加“注释”并与其他用户(成员)共享这些“注释”,然后他们可以编辑和评论这些“注释” . 让我们考虑一个如下所示的存储结构:
-categories
-uuid-cat1
-data
title: "my category 1"
-members
author: "uuid-user1"
-notes
-uuid-note1
-data
title: "Hello World!"
categoryId: "uuid-cat1"
-comments
-uuid-comment1
title: "Can you explain?"
author: "uuid-user2"
-uuid-comment2
title: "Certainly!"
author: "uuid-user1"
-members
author: "uuid-user1"
uuid-user2: "uuid-user2" //UPDATE 2 - This is another user with access to the note
-uuid-note2
-data
title: "Hello Universe!"
-categoryIds
uuid-2: "uuid-cat2"
-members
author: "uuid-user2"
-users
-uuid-user1
name: "Jane"
-uuid-user2
name: "Jane"
如果用户被列为“成员/作者”或“成员/用户ID”,则他们只能访问注释或类别 . 这是由Firebase实时数据库规则强制执行的 .
这会更大规模吗?假设我们存储了200000个音符 .
当请求从数据库中读取所有“注释”时,此结构是否会导致Firebase中出现性能问题 - 因为Firebase必须在返回列表之前通过所有“注释”循环以确定访问权限?
是否有更好的方法(最佳实践)来构建数据?
UPDATE
我的规则看起来像是:
{
"rules": {
"notes" : {
//indexes
".indexOn": ["data/title", "members/author"],
//access
".read": "
auth.uid != null &&
query.orderByChild == 'members/author' && query.equalTo == auth.uid
",
".write": "
auth.uid != null &&
query.orderByChild == 'members/author' && query.equalTo == auth.uid
",
"$noteid": {
"data": {
"title": {
".validate": "newData.isString() && newData.val().length > 0"
}
},
"members" : {
".read" : true,
".write": true,
//validation
".validate": "newData.hasChildren([
'author'
])",
"author" :{
".validate": "newData.isString()"
}
}
}
},
"categories": {
//The same type of rules as for "notes"
},
"users": {
"$userid": {
".read": "$userid === auth.uid",
".write": "$userid === auth.uid"
}
}
}
}
我的代码看起来有点像:
const myUid = firebase.auth().currentUser.uid;
const ref = firebase.database().ref('notes');
ref.orderByChild('members/author').equalTo(myUid).on('value', (snapshot) => {
console.log(snapshot.key)
const notesArray = []
snapshot.forEach( (childSnapshot) => {
notesArray.push({
id: childSnapshot.key,
data: childSnapshot.val()
});
});
console.log(notesArray);
}