php - Firebase .on not working with authentication -

-

update

i able @ least client side code work authentication using firebase-simple-login.js , auth.login('anonymous'). server side (ie "write") still not work.

original question

i creating app firebase integration , need secure firebase data. being able delete if know firebase url , without authentication less ideal.

i not trying log users in (or @ least not in traditional sense), want make sure there sort of authentication going on when read , write firebase data. have spent hours on , cannot seem make work (so "easy").

first, firebase security rules - simple

{     "rules": {       ".read" : "auth != null",       ".write": "auth != null"     } }

i pushing firebase server side code , reading results client side. simple polling app - poll responses pushed firebase in following format: clients\clienta\polls\pollid(random)\randomdataid(from firebase)\response data. using firebase/php-jwt generate server side jwt:

    <?php  class generatefirebasetoken {     public static function generate(array $data = array())     {         $key = 'firebase secret key';         $token = array(             'iss' => 'https://example.com',             'iat' => time()         );         // add additional data token         $token = array_merge($token, $data);         $jwt = jwt::encode($token, $key);          return $jwt;     } }

i pushing data firebase following code. there several variables user's session included. uses class wrote prepares curl request firebase. works fine if remove auth != null firebase rules. otherwise, nothin':

$fbdata = array(             'name' => "{$this->user->first_name} {$this->user->last_name}",             'answer' => $fbanswer,             'gravatar' => gravatar::src($this->user->email)         );         $token = generatefirebasetoken::generate();         $fb = new firebase("clients/{$this->client->nickname}/polls/{$poll->uniquid}.json?auth=$token", $fbdata);         $fb->execute('post');

source of $fb->execute()

public function execute($method)     {         $data_string = json_encode($this->data);          $ch = curl_init($this->root . $this->path); // http://myapp.firebaseio.com/         curl_setopt($ch, curlopt_customrequest, $method);         curl_setopt($ch, curlopt_postfields, $data_string);         curl_setopt($ch, curlopt_returntransfer, true);         curl_setopt($ch, curlopt_httpheader, array(                 'content-type: application/json',                 'content-length: ' . strlen($data_string))         );          $result = curl_exec($ch);         return $result;     }

client side not work. retrieve jwt performing $.getjson request server side code , pass on firebase. seems authenticate correctly receive error firebase warning: on() or once() /clients/exampleclient/polls/fdv4rm9lhcob7u7w failed: error: permission_denied: client doesn't have permission access desired data.. here client side code:

    $.getjson('/secure/jwt-token', function(json) {         jwttoken = json.token;         launchfirebase(jwttoken);     }); function launchfirebase(token) {     var fb = new firebase('https://myapp.firebaseio.com/clients/exampleclient/polls/' + pollid);     fb.auth(token, function(e) {         if(e) {             alert('authentication error : ' + e);         } else {             alert('authenticated'); // alert shows, assume authenticated             fb.on('child_added', function(snapshot) {                 // stuff                 // error occurs here.             });         }     }); }

i assuming missing simple here, perhaps not understand how use jwt.. whatever case, appreciated. thanks!

hours of wasted effort found problem, helps else new using firebase. goes show if you're working on same issue hours, take break , fog begin clear.

okay, problem -- of course -- simple. using firebase/php-jwt library. had right except fact did not add 'd' token data array - this auth comes from. so, security rules checking auth, missing because did not add d token.

here fixed code:

$key = 'your-security-key';         $token = array(             'iss' => 'https://example.com',             'iat' => time(),             'd' => array(                 'foo' => 'bar' // gives auth variable!!!!!             )         );         // add additional data token         $token = array_merge($token, $data);         $jwt = jwt::encode($token, $key);          return $jwt;

if write code people plug service, in case, please provide better documentation. seems such things entirely omitted, perhaps because developer should know intrinsically? discovered answer reading docs making token without use of helper library (like one).


Comments

Post a Comment

Popular posts from this blog

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

-
i read alot other solution still confused should mine... #include <opencv2/objdetect/objdetect.hpp> #include <opencv2/highgui/highgui.hpp> #include <opencv2/imgproc/imgproc.hpp> #include <iostream> #include <stdio.h> using namespace std; using namespace cv; int main(int argc, const char** argv) { //create cascade classifier object used face detection cascadeclassifier face_cascade; //use haarcascade_frontalface_alt.xml library face_cascade.load("haarcascade_frontalface_alt.xml"); //setup video capture device , link first capture device videocapture capturedevice; capturedevice.open(0); //setup image files used in capture process mat captureframe; mat grayscaleframe; //create window present results namedwindow("outputcapture", 1); //create loop capture , find faces while (true) { //capture new image frame capturedevice >> captureframe; ...
Read more

php - render data via PDO::FETCH_FUNC vs loop -

-
i've been using 2 methods render data. the first one: function name($id,$name){ return '<div id="'.$id.'">'.$name.'</div>'; } echo implode($pdo->query("select id,name user")->fetchall(pdo::fetch_func,'name')); the second one: $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); foreach($users $user){ echo name($user->id,$user->name); } i don't understand how pdo::fetch_func works. tried figure out. however, not well-documented. could please explain fetch mode? , also, 1 performs better? thank you. both methods wrong , have learn how use templates , how separate business logic presentation logic. $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); tpl::assign('users', $users); is code business logic part. then in template <?php foreach $users $row): ?> <div id="<?=$...
Read more

The canvas has been tainted by cross-origin data in chrome only -

-
uncaught securityerror: failed execute 'getimagedata' on 'canvasrenderingcontext2d': canvas has been tainted cross-origin data i getting above error in chrome. code(following) works fine in mozilla. have not corss domain issue. why above error in chrome? var wheel_canvas, wheel_context, can_w, can_h, wheel_grd; var large_radius = 160; var small_radius = 120; var wheel_canvas = document.getelementbyid('wheel_canvas'); var wheel_context = wheel_canvas.getcontext('2d'); var can_w = $(wheel_canvas).width(); var can_h = $(wheel_canvas).height(); var centerx = can_w / 2, centery = can_h / 2; var wheel_grd = null; test('#ff0000'); function test(hex) { $('#clrpicker').css({'left': 210, 'top': 210 }); inverted = hexbw(hex); $('#color_val_show').val(hex); current_color_hex_val_selected = hex; $('#color_val_show').css({'color':inverted,'background':hex}); fillgradient...
Read more