如何仅允许经过身份验证的用户通过后端访问特定页面 [英] How to allow only authenticated users to access a certain page via backend

问题描述

我喜欢firebase及其为应用程序开发提供的功能，但仍在学习中.

I am liking firebase and what it offers for app development, still learning it..

所以我想知道如何才能仅允许某些页面通过云功能访问经过身份验证的用户?

So I was wondering how could I allow certain pages to be only accessible authenticated users via cloud funtions?

我知道我可以在客户端完成此操作，只需将这段代码放在主脚本的顶部即可，这很容易

I know I can do it in the client side which is easy by putting this code just at the top of your main script

firebase.auth().onAuthStateChanged(function(user) {
  if (user) {
    //do something
  } else {
   // redirect to login page
  }
});

它工作正常，但是在后端呢?

It works fine, but what about on the backend?

我已经尝试过了-用于云功能的index.js.

I have tried it this way -- index.js for the cloud functions.

const functions = require('firebase-functions');
const firebase = require('firebase');

  const config = {
    // needed configs here 

  };
  firebase.initializeApp(config);

exports.api = functions.https.onRequest((req, res) => {

firebase.auth().onAuthStateChanged(function(user) {
  if (user) {
    res.status(200).send("logged in")
  } else {
    res.status(200).send("not logged in")
  }
});

});

所以我已经配置了这样的重写规则

So I have configured the rewrite rules like this

{
  "database": {
    "rules": "database.rules.json"
  },
  "hosting": {
    "public": "public",
    "rewrites": [ {
      "source": "/getstarted", "function": "api"
    } ]
  }
}

当我访问/getstarted页面时，它将检查是否已通过身份验证，而不只是发送未经授权的文本/将其重定向到/login页面

When I access /getstarted page it will check if authenticated if not just send unauthorized text / redirect to them /login page

所以在我的情况下，登录前端后，我尝试访问/getstarted页面，它仍将显示未登录

So in my case after logging in the frontend, and I try to access /getstarted page it will still show not logged in

我一定做错了..

推荐答案

Firebase云代码在远程服务器上运行，而不是在客户端Web浏览器上运行.默认情况下，云代码中的 firebase 变量具有管理员权限，但不会以与请求该云代码段的客户端相同的用户身份登录.

Firebase cloud code runs on a remote server, not the clients web browser. The firebase variable in your cloud code has admin privileges by default, but will not be logged in as the same user as the client that makes a request to that piece of cloud code.

此外， onAuthStateChanged 是一个异步函数，实际上在页面加载时通常会返回null值，一旦页面意识到用户已登录，很快就会返回一个实际用户.它具有异步性，因此不适合一次(同步)检查用户是否已登录.

Also, onAuthStateChanged is an asynchronous function, that in practice will often return a null value on page load, quickly followed by returning an actual user once the page realizes a user was logged in. Because of its asynchronous nature, it is not fit for a single time (synchronous) check of if a user is logged in.

相反，您的第一个在客户端执行异步操作的示例是一个很好的解决方案.这可能会导致仅一个用户闪动"到您的客户端，但是可以通过多种方式消除.一个示例是首先显示一个加载屏幕，然后进行编码

Instead, your first example with an asynchronous action on the client side is a good solution. It can result in "flashing" of a users only one to your clients, but that can be eliminated in many ways. One example would be to initially display a loading screen, and then to code

firebase.auth().onAuthStateChanged(function(user) {
  if (user) {
    // remove div containing loading screen
  } else {
    // redirect to login page 
  }
});

这篇关于如何仅允许经过身份验证的用户通过后端访问特定页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！