删除用户不会撤销该用户的现有令牌.请参阅Firebase 身份验证在用户删除时未撤销?.如果您使用的是标准身份提供商之一，则这意味着在您删除帐户后的一小时内，用户仍然可以访问数据.

Deleting a user doesn't revoke existing tokens for that user. See Firebase authentication not revoked when user deleted?. If you're using one of the standard identity providers, this means that the users may still be able to access the data for an hour after you delete the account.

没有 API 可以让您的代码检查给定的 uid 是否仍然存在.即使存在这样的 API，在这种情况下也无济于事，因为恶意用户可以绕过该检查并直接调用 API.

There is no API for you code to check whether a given uid still exists. And even if such an API existed, it wouldn't help in this case, since a malicious user could just bypass that check and call the API directly.

处理这种情况的一种简单方法是在您的数据库中保留允许用户的白名单或不允许的用户黑名单.对于黑名单，您需要保留禁止/删除用户的***(世界可读，管理员只能写)列表:

A simple way to deal with this scenario is to keep a whitelist of allowed or blacklist of disallowed users in your database. For a blacklist, you'd keep a top-level (world readable, admin only writeable) list of banned/deleted users:

banned
  uid12345: true

当您的管理员删除用户时，他们也会将其添加到此列表中.

When your admins delete a user, they also add them to this list.

然后在您的安全规则中，您检查并禁止被禁止的用户访问.例如:

And then in your security rules, you check and disallow access for banned users. E.g.:

"posts": {
  ".read": "auth != null && !root.child('banned').child(auth.uid).exists()"
}