对Node.js应用程序使用Firebase身份验证 [英] Using firebase authentication for a nodejs application
问题描述
我不知道这是否行得通,还是正确的选择.
I don't know if this will work out, or is it the right thing to do.
我创建了一个angularjs应用程序,并使用firebase为我的应用程序提供了一个后端",或包含我的应用程序需要的任何数据.
I have created an angularjs application and used firebase to provide my application a "backend", or to contain any data that my application needs.
我也不希望在进行身份验证时费心,FirebaseSimpleLogin只是完成这项工作的好工具.
Also I do not want to bother myself when dealing with authentication, and FirebaseSimpleLogin is just awesome tool for the job.
我可以做到:
resolve : {
'isAuthenticated': isLoggedIn
}
在我的路线中,这样我就可以防止他们转向安全路线.所以没有问题,我已经有一个经过身份验证的用户.
in my routes so I would be able to prevent them from moving to secured routes. So there is no problem, I already have an authenticated user.
问题是,我只使用firebase来保存用户数据和进行身份验证,而没有其他用途.
The problem is, i only used firebase to save user data and for auth, and nothing else.
现在,我想在服务器中执行一些服务器任务,但是我只希望经过身份验证的用户执行该任务.
Now I want to do some server tasks in my server, but I want only authenticated users to do that.
我如何确定用户在Firebase中已通过身份验证?
How would I determine that the user is authenticated in firebase?
这是 firebase令牌生成器的目的.
还是我应该使用nodejs创建一个身份验证系统?
Or should I just, create an authentication system using nodejs?
推荐答案
查看队列模式.让用户将项目写入队列,让服务器对其进行响应.
Check out the queue pattern. Have the user write items to the queue, have the server respond to them.
使用Firebase作为API/中间人的真正好处是,工作人员(即服务器)无需担心客户端是否已通过身份验证. 安全规则会处理此问题.
The really great part of using Firebase as the API/middle-man is that the worker (i.e. server) does not need to worry about if the client has authenticated. Security rules take care of this.
只需编写一条规则,仅允许已登录的用户写入队列:
Just write a rule to only allow logged-in users to write into the queue:
{
"rules": {
"queue": {
"in": {
// I can only write if logged in
".write": "auth !== null",
"user_id": {
// I can only write to the queue as myself, this tells the server which
// out/ queue the user will be listening on
".validate": "auth.uid === newData.val()"
}
},
"out": {
"$userid": {
// I can only listen to my out queue
".read": "auth.uid === $userid"
}
}
}
}
}
现在,用户只需使用push()将记录写入in/中,然后侦听out/,直到服务器回复.
Now the user simply writes a record to in/ using push(), then listens on out/ until the server replies.
服务器从in/队列中读取记录,对其进行处理,然后将其写回到out/user_id路径.
The server reads records out of the in/ queue, processes them, and writes them back to the out/user_id path.
没有RESTful协议,没有快递服务器,没有麻烦.
No RESTful protocols, no express servers, no headaches.
这篇关于对Node.js应用程序使用Firebase身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!