如果我在Firebase云功能中将请求的模式设置为“ no-cors”,将会发生什么? [英] What will happen if I set the request's mode to 'no-cors' in my firebase cloud function?
问题描述
这是对这个问题。我有一个Firebase功能,该功能应该进行OTP验证,然后根据密码是否正确来更改用户密码(由于某种原因,我无法使用Firebase的内置密码重置功能)。以下是我的函数:
This is a follow up to this question. I have a firebase function which is supposed to take an OTP, validate it and then change a user's password based on whether it is correct or not (for some reason I'm not able to use firebase's inbuild password reset functionality). Following is my function:
exports.resetPassword = functions.https.onCall((data, context) => {
return new Promise((resolve, reject) => {
if(data.sesId && data.otp){
admin.firestore().collection('verification').doc(data.sesId).get().then(verSnp => {
if(verSnp.data().attempt != 'verified'){
var now = new Date().getTime()
if(verSnp.data().expiring > now){
if(data.email == verSnp.data().email){
if(verSnp.data().attempt > 0){
if(data.otp == verSnp.data().otp){
admin.auth().getUserByEmail(data.email).then(user => {
admin.auth().updateUser(user.uid,{
password: data.password
}).then(() => {
admin.firestore().collection('verification').doc(data.sesId).update({
attempt: 'verified'
}).then(() => {
Promise.resolve()
}).catch(() => {
throw new Error('Error updating the database.')
})
}).catch(() => {
throw new Error('Error updating the password. Please try again.')
})
}).catch(() => {
throw new Error('Incorrect email. How did you get here?')
})
} else {
var redAttempt = verSnp.data().attempt - 1
admin.firestore().collection('verification').doc(data.sesId).update({
attempt: redAttempt
}).then(() => {
throw new Error(`Incorrect OTP. You have ${redAttempt} attempts remaining.`)
}).catch(() => {
throw new Error('Wrong OTP, try again.')
})
}
} else {
throw new Error('Incorrect OTP. You have exhausted your attempts. Please request a new OTP.')
}
} else {
throw new Error('Incorrect email. How did you get here?')
}
} else {
throw new Error('OTP is expired. Please request a new OTP.')
}
} else {
throw new Error('OTP is invalid. Please request a new OTP.')
}
}).catch(() => {
throw new Error('Invalid session id. Please request the OTP through Forgot Password.')
})
} else {
throw new Error('Enter OTP')
}
})
})
当我运行该函数时,它会被执行,因为我可以在控制台语句中看到它,但是我在客户端遇到了以下错误。
When I run the function, it gets executed, because I can see it in the console statements, but I'm getting following error on my client side.
Access to fetch at 'https://us-central1-project-name.cloudfunctions.net/functionName' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
,当我记录从函数接收到的响应时,它显示 {代码:内部}
。
and when I log the response received from the function, it shows {"code":"internal"}
.
什么是cors包?我该如何解决这个问题?
What is the cors package? How do I solve this problem?
第2部分(无关)
此外,在函数的第11行和第12行上,我正在使用
Also, on lines 11 and 12 of my function, I'm using
admin.auth().getUserByEmail(data.email).then(user => {
admin.auth().updateUser(user.uid, {password: data.password})
})
这是否正确?
对于第1部分,我提到了此一个问题,但没有答案。
For part 1 I referred to this question, but it has no answers.
推荐答案
看看文档适用于可调用云函数:
Have a look at the documentation for Callable Cloud Functions:
- 您不需要将其封装在
中返回新的Promise((resolve,reject)=> {})
; - 您需要返回可以是JSON的数据编码;
- 您需要通过抛出(或返回被拒绝的Promise)函数实例来正确管理错误。 https.HttpsError ;
- 您需要正确地链接由异步方法返回的所有promise。
- You don't need to encapsulate it in
return new Promise((resolve, reject) => {})
; - You need to return data that can be JSON encoded;
- You need to manage the errors correctly, by by throwing (or returning a Promise rejected with) an instance of
functions.https.HttpsError
; - You need to correctly chain all the promises returned by the asynchronous methods.
下面我根据上面的观点尝试重新组织了代码,但是由于您的业务逻辑很复杂,因此我无法对其进行测试,并且可能其他处理所有案件的方法...由您来抛光这是第一次尝试!希望它会有所帮助。
I've tried below to re-organized your code in the lights of the points above, but since your business logic is complex I cannot test it and there might be other approaches to manage all the cases... Up to you to "polish" this first attempt! Hoping it will help.
exports.resetPassword = functions.https.onCall((data, context) => {
if(data.sesId && data.otp){
let dataOptCorresponds = true;
return admin.firestore().collection('verification').doc(data.sesId).get()
.then(verSnp => {
if(verSnp.data().attempt != 'verified'){
var now = new Date().getTime()
if(verSnp.data().expiring > now){
if(data.email == verSnp.data().email){
if(verSnp.data().attempt > 0){
if(data.otp == verSnp.data().otp){
return admin.auth().getUserByEmail(data.email);
} else {
dataOptCorresponds = false;
var redAttempt = verSnp.data().attempt - 1
return admin.firestore().collection('verification').doc(data.sesId).update({
attempt: redAttempt
})
}
} else {
throw new Error('Incorrect OTP. You have exhausted your attempts. Please request a new OTP.')
}
} else {
throw new Error('Incorrect email. How did you get here?')
}
} else {
throw new Error('OTP is expired. Please request a new OTP.')
}
} else {
throw new Error('OTP is invalid. Please request a new OTP.')
}
})
.then(user => {
if(dataOptCorresponds) {
return admin.auth().updateUser(user.uid,{
password: data.password
})
} else {
throw new Error(`Incorrect OTP. You have xxxx attempts remaining.`)
}
})
.then(() => {
return admin.firestore().collection('verification').doc(data.sesId).update({
attempt: 'verified'
})
.then(() => {
return {result: "success"}
})
.catch(error => {
throw new functions.https.HttpsError('internal', error.message);
})
} else {
throw new functions.https.HttpsError('invalid-argument', 'Enter OTP');
}
})
更新以下Bergi的评论:
如果您希望能够区分返回到前面的错误类型,结束(特别是如果OTP不正确,无效或已过期,或者如果电子邮件返回了无效参数
HttpsError
是不正确的),您可以在 then()
方法中使用第二个参数。
If you want to be able to differentiate the kind of errors returned to the front-end (in particular sending back an invalid-argument
HttpsError
if the OTP is incorrect, invalid or expired or if the email is incorrect) you may use a second argument in the then()
method.
exports.resetPassword = functions.https.onCall((data, context) => {
if(data.sesId && data.otp){
let dataOptCorresponds = true;
return admin.firestore().collection('verification').doc(data.sesId).get()
.then(
verSnp => {
if(verSnp.data().attempt != 'verified'){
var now = new Date().getTime()
if(verSnp.data().expiring > now){
if(data.email == verSnp.data().email){
if(verSnp.data().attempt > 0){
if(data.otp == verSnp.data().otp){
return admin.auth().getUserByEmail(data.email);
} else {
dataOptCorresponds = false;
var redAttempt = verSnp.data().attempt - 1
return admin.firestore().collection('verification').doc(data.sesId).update({
attempt: redAttempt
})
}
} else {
throw new Error('Incorrect OTP. You have exhausted your attempts. Please request a new OTP.')
}
} else {
throw new Error('Incorrect email. How did you get here?')
}
} else {
throw new Error('OTP is expired. Please request a new OTP.')
}
} else {
throw new Error('OTP is invalid. Please request a new OTP.')
}
},
error => {
throw new functions.https.HttpsError('invalid-argument', error.message);
}
)
.then(user => {
if(dataOptCorresponds) {
return admin.auth().updateUser(user.uid,{
password: data.password
})
} else {
throw new Error(`Incorrect OTP. You have xxxx attempts remaining.`)
}
})
.then(() => {
return admin.firestore().collection('verification').doc(data.sesId).update({
attempt: 'verified'
})
.then(() => {
return {result: "success"}
})
.catch(error => {
throw new functions.https.HttpsError('internal', error.message);
})
} else {
throw new functions.https.HttpsError('invalid-argument', 'Enter OTP');
}
})
这篇关于如果我在Firebase云功能中将请求的模式设置为“ no-cors”,将会发生什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!