Case 1: The user has already created their account, and you want to restrict one cloud function to specific email addresses.
You can get the user info associated with the cloud function call, and check their email. You can then call the external database if they have the correct email domain. You should also do some UI changes so the user doesn't just get errors if they don't have @cat.com
.
Case 2: Restrict all users in your Firebase project to emails containing @cat.com
?
If so, you can't restrict the emails directly in firebase authentication, so you'd have to stick user registration code behind a cloud function, creating user accounts there. You can then check their email when they try to register.
You can do this with the Firebase Admin SDK in a cloud function. docs
admin.auth().createUser({
email: '[email protected]',
emailVerified: false,
phoneNumber: '+11234567890',
password: 'secretPassword',
displayName: 'John Doe',
photoURL: 'http://www.example.com/12345678/photo.png',
disabled: false
})
.then(function(userRecord) {
// See the UserRecord reference doc for the contents of userRecord.
console.log('Successfully created new user:', userRecord.uid);
})
.catch(function(error) {
console.log('Error creating new user:', error);
});
The client will call the cloud function with their desired email and password, and before calling this .createUser
, and you can check for the correct email before creating the user with "[email protected]".toLowerCase().endsWith("cat.com")
.
Also, using email domain as a form of access control doesn't sound like a good idea. During the account creation process, you manually add access to the user's document based on the email. What happens when you want to give someone an email but don't want to give them access to the database?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…