有没有一种方法可以限制可访问的Firebase公用函数的访问权限 [英] Is there a way to restrict public access from firebase callable could functions

问题描述

Firebase可调用云功能，该客户端SDK需要有效的身份验证上下文进行身份验证和授权.但是同时，它也作为HTTP终结点公开，因此可以被调用，但会收到未经授权的响应. 我的问题是，是否有一种方法可以完全限制对可调用云功能的公共访问?因为Firebase会根据功能执行来收取云功能.即使返回未经授权的响应，请求也已经传递给功能，因此在DDoS攻击期间这可能会成为问题.

Firebase callable cloud functions can be accessed via client sdks, which requires a valid auth context for authentication and authorization. But and at the same time it is exposed as an HTTP endpoint, thus can be called but will receive an unauthorized response. My questions is, is there a way to completely restrict public access for a callable cloud functions? since firebase will charge cloud functions based on function executions. Even to return an unauthorized response, the request has already gone through to the function, thus during a DDoS attack this could be problematic.

推荐答案

没有内置的支持，可以在对Cloud Function的请求到达您的代码之前拒绝该请求.如果您需要这种功能，请考虑在您的Cloud Functions之前设置Cloud Endpoint.

There is no built-in support for rejecting a request to a Cloud Function before it reaches your code. If you want such functionality consider setting up Cloud Endpoints in front of your Cloud Functions.

仅使用Cloud Functions可以做的最好的事情就是检查调用者是否被授权为函数代码中的第一件事，从而减少了该函数处于活动状态的时间.在这种情况下，您仍然需要为调用付费，但是您将使GB-秒和CPU-秒最小化.

The best you can with just Cloud Functions do is check whether the caller is authorized as the first thing in your function code, so that you reduce the amount of time the function is active. You'll still be charged for the invocation in that case, but you'll minimize the GB-seconds and CPU-seconds.

这篇关于有没有一种方法可以限制可访问的Firebase公用函数的访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！