对Node.js应用程序使用Firebase身份验证 [英] Using firebase authentication for a nodejs application

问题描述

我不知道这是否行得通，还是正确的选择.

I don't know if this will work out, or is it the right thing to do.

我创建了一个angularjs应用程序，并使用firebase为我的应用程序提供了一个后端"，或包含我的应用程序需要的任何数据.

I have created an angularjs application and used firebase to provide my application a "backend", or to contain any data that my application needs.

我也不希望在进行身份验证时费心，FirebaseSimpleLogin只是完成这项工作的好工具.

Also I do not want to bother myself when dealing with authentication, and FirebaseSimpleLogin is just awesome tool for the job.

我可以做到:

resolve : {
   'isAuthenticated': isLoggedIn
}

在我的路线中，这样我就可以防止他们转向安全路线.所以没有问题，我已经有一个经过身份验证的用户.

in my routes so I would be able to prevent them from moving to secured routes. So there is no problem, I already have an authenticated user.

问题是，我只使用firebase来保存用户数据和进行身份验证，而没有其他用途.

The problem is, i only used firebase to save user data and for auth, and nothing else.

现在，我想在服务器中执行一些服务器任务，但是我只希望经过身份验证的用户执行该任务.

Now I want to do some server tasks in my server, but I want only authenticated users to do that.

我如何确定用户在Firebase中已通过身份验证?

How would I determine that the user is authenticated in firebase?

这是 firebase令牌生成器的目的.

还是我应该使用nodejs创建一个身份验证系统?

Or should I just, create an authentication system using nodejs?

推荐答案

查看队列模式.让用户将项目写入队列，让服务器对其进行响应.

Check out the queue pattern. Have the user write items to the queue, have the server respond to them.

使用Firebase作为API/中间人的真正好处是，工作人员(即服务器)无需担心客户端是否已通过身份验证. 安全规则会处理此问题.

The really great part of using Firebase as the API/middle-man is that the worker (i.e. server) does not need to worry about if the client has authenticated. Security rules take care of this.

只需编写一条规则，仅允许已登录的用户写入队列:

Just write a rule to only allow logged-in users to write into the queue:

{
  "rules": {
     "queue": {
         "in": {
            // I can only write if logged in
            ".write": "auth !== null",
            "user_id": {
               // I can only write to the queue as myself, this tells the server which
               // out/ queue the user will be listening on
               ".validate": "auth.uid === newData.val()"
            }
         }, 
         "out": {
            "$userid": {
               // I can only listen to my out queue
               ".read": "auth.uid === $userid"
            }
         }
     }
  }
}

现在，用户只需使用push()将记录写入in/中，然后侦听out/，直到服务器回复.

Now the user simply writes a record to in/ using push(), then listens on out/ until the server replies.

服务器从in/队列中读取记录，对其进行处理，然后将其写回到out/user_id路径.

The server reads records out of the in/ queue, processes them, and writes them back to the out/user_id path.

没有RESTful协议，没有快递服务器，没有麻烦.

No RESTful protocols, no express servers, no headaches.

这篇关于对Node.js应用程序使用Firebase身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！