有了 Admin SDK,您可以運用完整管理員權限 讀取及寫入即時資料庫資料 也能使用精細的有限權限 在本文件中,我們會逐步引導您加入 Firebase Admin SDK ,即可存取 Firebase 即時資料庫。
Admin SDK 設定
如要在伺服器上開始使用 Firebase 即時資料庫,請按照下列步驟操作: 就必須先設定 Firebase Admin SDK。
Admin SDK 驗證
如要透過 Firebase Admin SDK 從伺服器存取 Firebase 即時資料庫,您必須 透過 Firebase 驗證你的伺服器驗證伺服器時,不要使用 和在用戶端應用程式中一樣,您必須透過 服務帳戶 Firebase 可以透過這組識別碼 識別你的伺服器
使用 Firebase Admin SDK:
| Firebase Admin SDK 驗證存取層級 | |
|---|---|
| 管理員權限 | 具備專案即時資料庫的完整讀取和寫入權限。與以下項目搭配使用: 執行管理工作 (例如資料遷移或重組) 取得專案資源的無限制存取權 |
| 有限權限 | 只能存取專案的即時資料庫 伺服器需求在這個層級完成定義明確的管理工作 存取需求舉例來說,執行摘要工作時,系統會讀取 可以設定唯讀 接著,在權限受限的情況下初始化 Admin SDK 套用該規則 |
使用管理員權限進行驗證
使用服務的憑證初始化 Firebase Admin SDK 時 具備 Firebase 專案「編輯者」角色的帳戶,該執行個體 具備專案即時資料庫的完整讀取和寫入權限。
Java
// Fetch the service account key JSON file contents
FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccount.json");
// Initialize the app with a service account, granting admin privileges
FirebaseOptions options = FirebaseOptions.builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount))
// The database URL depends on the location of the database
.setDatabaseUrl("https://DATABASE_NAME.firebaseio.com")
.build();
FirebaseApp.initializeApp(options);
// As an admin, the app has access to read and write all data, regardless of Security Rules
DatabaseReference ref = FirebaseDatabase.getInstance()
.getReference("restricted_access/secret_document");
ref.addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
Object document = dataSnapshot.getValue();
System.out.println(document);
}
@Override
public void onCancelled(DatabaseError error) {
}
});
Node.js
var admin = require("firebase-admin");
// Fetch the service account key JSON file contents
var serviceAccount = require("path/to/serviceAccountKey.json");
// Initialize the app with a service account, granting admin privileges
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
// The database URL depends on the location of the database
databaseURL: "https://DATABASE_NAME.firebaseio.com"
});
// As an admin, the app has access to read and write all data, regardless of Security Rules
var db = admin.database();
var ref = db.ref("restricted_access/secret_document");
ref.once("value", function(snapshot) {
console.log(snapshot.val());
});
Python
import firebase_admin
from firebase_admin import credentials
from firebase_admin import db
# Fetch the service account key JSON file contents
cred = credentials.Certificate('path/to/serviceAccountKey.json')
# Initialize the app with a service account, granting admin privileges
firebase_admin.initialize_app(cred, {
'databaseURL': 'https://databaseName.firebaseio.com'
})
# As an admin, the app has access to read and write all data, regradless of Security Rules
ref = db.reference('restricted_access/secret_document')
print(ref.get())
Go
ctx := context.Background()
conf := &firebase.Config{
DatabaseURL: "https://databaseName.firebaseio.com",
}
// Fetch the service account key JSON file contents
opt := option.WithCredentialsFile("path/to/serviceAccountKey.json")
// Initialize the app with a service account, granting admin privileges
app, err := firebase.NewApp(ctx, conf, opt)
if err != nil {
log.Fatalln("Error initializing app:", err)
}
client, err := app.Database(ctx)
if err != nil {
log.Fatalln("Error initializing database client:", err)
}
// As an admin, the app has access to read and write all data, regradless of Security Rules
ref := client.NewRef("restricted_access/secret_document")
var data map[string]interface{}
if err := ref.Get(ctx, &data); err != nil {
log.Fatalln("Error reading from database:", err)
}
fmt.Println(data)
以有限的權限進行驗證
根據最佳做法,服務只能存取所需的資源。若要取得 更精細地控管 Firebase 應用程式執行個體可使用的資源 存取時,請使用安全性規則中的專屬 ID 代表您的服務接著設定適當的規則來授予服務存取權 所需的資源例如:
{
"rules": {
"public_resource": {
".read": true,
".write": true
},
"some_resource": {
".read": "auth.uid === 'my-service-worker'",
".write": false
},
"another_resource": {
".read": "auth.uid === 'my-service-worker'",
".write": "auth.uid === 'my-service-worker'"
}
}
}
接著,在伺服器上初始化 Firebase 應用程式時,使用
databaseAuthVariableOverride 選項可覆寫自己使用的 auth 物件
您的資料庫規則在這個自訂 auth 物件中,將 uid 欄位設為
。
Java
// Fetch the service account key JSON file contents
FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountCredentials.json");
// Initialize the app with a custom auth variable, limiting the server's access
Map<String, Object> auth = new HashMap<String, Object>();
auth.put("uid", "my-service-worker");
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredential(FirebaseCredentials.fromCertificate(serviceAccount))
// The database URL depends on the location of the database
.setDatabaseUrl("https://DATABASE_NAME.firebaseio.com")
.setDatabaseAuthVariableOverride(auth)
.build();
FirebaseApp.initializeApp(options);
// The app only has access as defined in the Security Rules
DatabaseReference ref = FirebaseDatabase
.getInstance()
.getReference("/some_resource");
ref.addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
String res = dataSnapshot.getValue();
System.out.println(res);
}
});
Node.js
var admin = require("firebase-admin");
// Fetch the service account key JSON file contents
var serviceAccount = require("path/to/serviceAccountKey.json");
// Initialize the app with a custom auth variable, limiting the server's access
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
// The database URL depends on the location of the database
databaseURL: "https://DATABASE_NAME.firebaseio.com",
databaseAuthVariableOverride: {
uid: "my-service-worker"
}
});
// The app only has access as defined in the Security Rules
var db = admin.database();
var ref = db.ref("/some_resource");
ref.once("value", function(snapshot) {
console.log(snapshot.val());
});
Python
import firebase_admin
from firebase_admin import credentials
from firebase_admin import db
# Fetch the service account key JSON file contents
cred = credentials.Certificate('path/to/serviceAccountKey.json')
# Initialize the app with a custom auth variable, limiting the server's access
firebase_admin.initialize_app(cred, {
'databaseURL': 'https://databaseName.firebaseio.com',
'databaseAuthVariableOverride': {
'uid': 'my-service-worker'
}
})
# The app only has access as defined in the Security Rules
ref = db.reference('/some_resource')
print(ref.get())
Go
ctx := context.Background()
// Initialize the app with a custom auth variable, limiting the server's access
ao := map[string]interface{}{"uid": "my-service-worker"}
conf := &firebase.Config{
DatabaseURL: "https://databaseName.firebaseio.com",
AuthOverride: &ao,
}
// Fetch the service account key JSON file contents
opt := option.WithCredentialsFile("path/to/serviceAccountKey.json")
app, err := firebase.NewApp(ctx, conf, opt)
if err != nil {
log.Fatalln("Error initializing app:", err)
}
client, err := app.Database(ctx)
if err != nil {
log.Fatalln("Error initializing database client:", err)
}
// The app only has access as defined in the Security Rules
ref := client.NewRef("/some_resource")
var data map[string]interface{}
if err := ref.Get(ctx, &data); err != nil {
log.Fatalln("Error reading from database:", err)
}
fmt.Println(data)
在某些情況下,您可能會想將 Admin SDK 視為
未經驗證的用戶端做法是提供
null,用於資料庫驗證變數覆寫。
Java
// Fetch the service account key JSON file contents
FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountCredentials.json");
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredential(FirebaseCredentials.fromCertificate(serviceAccount))
// The database URL depends on the location of the database
.setDatabaseUrl("https://DATABASE_NAME.firebaseio.com")
.setDatabaseAuthVariableOverride(null)
.build();
FirebaseApp.initializeApp(options);
// The app only has access to public data as defined in the Security Rules
DatabaseReference ref = FirebaseDatabase
.getInstance()
.getReference("/public_resource");
ref.addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
String res = dataSnapshot.getValue();
System.out.println(res);
}
});
Node.js
var admin = require("firebase-admin");
// Fetch the service account key JSON file contents
var serviceAccount = require("path/to/serviceAccountKey.json");
// Initialize the app with a null auth variable, limiting the server's access
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
// The database URL depends on the location of the database
databaseURL: "https://DATABASE_NAME.firebaseio.com",
databaseAuthVariableOverride: null
});
// The app only has access to public data as defined in the Security Rules
var db = admin.database();
var ref = db.ref("/public_resource");
ref.once("value", function(snapshot) {
console.log(snapshot.val());
});
Python
import firebase_admin
from firebase_admin import credentials
from firebase_admin import db
# Fetch the service account key JSON file contents
cred = credentials.Certificate('path/to/serviceAccountKey.json')
# Initialize the app with a None auth variable, limiting the server's access
firebase_admin.initialize_app(cred, {
'databaseURL': 'https://databaseName.firebaseio.com',
'databaseAuthVariableOverride': None
})
# The app only has access to public data as defined in the Security Rules
ref = db.reference('/public_resource')
print(ref.get())
Go
ctx := context.Background()
// Initialize the app with a nil auth variable, limiting the server's access
var nilMap map[string]interface{}
conf := &firebase.Config{
DatabaseURL: "https://databaseName.firebaseio.com",
AuthOverride: &nilMap,
}
// Fetch the service account key JSON file contents
opt := option.WithCredentialsFile("path/to/serviceAccountKey.json")
app, err := firebase.NewApp(ctx, conf, opt)
if err != nil {
log.Fatalln("Error initializing app:", err)
}
client, err := app.Database(ctx)
if err != nil {
log.Fatalln("Error initializing database client:", err)
}
// The app only has access to public data as defined in the Security Rules
ref := client.NewRef("/some_resource")
var data map[string]interface{}
if err := ref.Get(ctx, &data); err != nil {
log.Fatalln("Error reading from database:", err)
}
fmt.Println(data)
後續步驟
- 瞭解如何針對即時資料庫建立資料結構。
- 在多個資料庫執行個體中調度資料資源。
- 儲存資料。
- 擷取資料。
- 在以下位置查看資料庫: Firebase 控制台。