如何保护 Firebase Cloud Function HTTP 端点以仅允许经过 Firebase 身份验证的用户? [英] How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?
问题描述
借助新的 firebase 云功能,我决定将一些 HTTP 端点移至 firebase.一切都很好......但我有以下问题.我有两个由 HTTP 触发器(云函数)构建的端点
With the new firebase cloud function I've decided to move some of my HTTP endpoint to firebase. Everything works great... But i have the following issue. I have two endpoints build by HTTP Triggers (Cloud Functions)
- 用于创建用户并返回自定义令牌的 API 端点由 Firebase Admin SDK 生成.
- 用于获取特定用户详细信息的 API 端点.
虽然第一个端点很好,但对于我的第二个端点,我只想为经过身份验证的用户保护它.意思是拥有我之前生成的令牌的人.
While the first endpoint is fine, but for my second end point i would want to protect it for authenticated users only. meaning someone who has the token i generated earlier.
我该如何解决这个问题?
How do i go about solving this?
我知道我们可以使用
request.get('x-myheader')
但是有没有办法像保护实时数据库一样保护端点?
but is there a way to protect the endpoint just like protecting the real time data base?
推荐答案
官方有一个代码示例 用于您要执行的操作.它说明的是如何设置您的 HTTPS 功能,以要求带有客户端在身份验证期间收到的令牌的授权标头.该函数使用 firebase-admin 库来验证令牌.
There is an official code sample for what you're trying to do. What it illustrates is how to set up your HTTPS function to require an Authorization header with the token that the client received during authentication. The function uses the firebase-admin library to verify the token.
此外,您可以使用可调用函数"来制作大量此样板更简单,前提是您的应用能够使用 Firebase 客户端库.
Also, you can use "callable functions" to make a lot of this boilerplate easier, if your app is able to use Firebase client libraries.
这篇关于如何保护 Firebase Cloud Function HTTP 端点以仅允许经过 Firebase 身份验证的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
