0

How could you setup rules on Firebase which would allow a user to become a paid user of your app? For example, if I have the following data structure:

{
  users: [
    {
      isPaid: false
    },
    {
      isPaid: true
    }
  ]
}

How could you setup firebase rules to not allow the user to update it themselves (by fudging a request), but still allow it to be updated automatically when they "pay" for your app?

I've thought about randomly generating a number and asking the user to enter that number or something like that, but I don't think that would work... Has anyone done something like this?

4

1 回答 1

1

您需要有一个服务器进程,该进程使用 Firebase 机密(可以在 Forge 上为您的 Firebase 找到)安全地写入付费标志。将 /users/isPaid 的“.write”规则设置为 false - 服务器代码可以绕过此规则,因为它知道秘密。您应该首先从您的服务器代码中调用 firebaseRef.auth(secret) 。

于 2013-10-11T18:41:08.823 回答