有没有办法限制来自firebase可调用函数的公共访问 [英] Is there a way to restrict public access from firebase callable could functions

问题描述

Firebase 可调用云函数可以通过客户端 sdks 访问，这需要有效的身份验证上下文来进行身份验证和授权.但同时它被暴露为 HTTP 端点，因此可以调用但会收到未经授权的响应.我的问题是，有没有办法完全限制可调用云功能的公共访问?因为 firebase 将根据函数执行对云函数收费.即使返回未经授权的响应，请求也已经通过函数，因此在 DDoS 攻击期间这可能是有问题的.

Firebase callable cloud functions can be accessed via client sdks, which requires a valid auth context for authentication and authorization. But and at the same time it is exposed as an HTTP endpoint, thus can be called but will receive an unauthorized response. My questions is, is there a way to completely restrict public access for a callable cloud functions? since firebase will charge cloud functions based on function executions. Even to return an unauthorized response, the request has already gone through to the function, thus during a DDoS attack this could be problematic.

推荐答案

没有内置支持在云函数到达您的代码之前拒绝它.如果您想要此类功能，请考虑在您的 Cloud Functions 前面设置 Cloud Endpoints.

There is no built-in support for rejecting a request to a Cloud Function before it reaches your code. If you want such functionality consider setting up Cloud Endpoints in front of your Cloud Functions.

仅使用 Cloud Functions 所能做的最好的事情就是检查调用者是否被授权为函数代码中的第一件事，以便减少函数处于活动状态的时间.在这种情况下，您仍需为调用付费，但您将最小化 GB 秒和 CPU 秒.

The best you can with just Cloud Functions do is check whether the caller is authorized as the first thing in your function code, so that you reduce the amount of time the function is active. You'll still be charged for the invocation in that case, but you'll minimize the GB-seconds and CPU-seconds.

这篇关于有没有办法限制来自firebase可调用函数的公共访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！