如果用户通过firebase登录,如何显示不同的页面 [英] How to show different page if user is logged in via firebase
问题描述
我有一个小问题,似乎是一个容易的事情,但我似乎并没有把我的头围绕在做什么。
I have a slight problem, and it seems to be an easy one, but I cannot seem to wrap my head around what to do.
我有一个快递应用程序,它使用Firebase来存储数据。我可以通过客户端脚本登录,注册和注销,但我的问题是:如果用户登录,我如何通过快速检查,以便能够向登录的用户发送不同的页面?
I have an express app, that uses Firebase to store data. I am able to login, register and log out trough a client side script, but my problem is: How do I check via express if a user is logged in, to be able to send a different page to the logged in users?
这是我的代码到目前为止:
This is my code so far:
var firebase = require('firebase');
// Initialize Firebase
var config = {
serviceAccount: "./Chat Application-ad4eaaee3fcc.json",
databaseURL: "MY_DATABASE_URL"
};
firebase.initializeApp(config);
然后我想为登录用户显示一个特殊页面,这是我试过的:
and then I want to show a special page for logged in users, and this is what I have tried:
router.get("/special-page", function(req, res, next) {
var user = firebase.auth().currentUser;
console.log(user); // this variable gets undefined
if(user) {
res.render("special-page");
} else {
res.redirect("/");
}
});
我知道这可能是一个容易的问题,但任何帮助将不胜感激!
I know this might seem like an easy question, but any help would be much appreciated!
提前感谢
推荐答案
用户端和服务器端完全不同的执行领域。因此,您可能会猜到,如果在客户端上发生身份验证,则在服务器上调用 firebase.auth()。currentUser 将无法正常工作。
The user side, and server side, are completely different execution areas. Hence, as you probably guessed, calling firebase.auth().currentUser on the server cannot work if the authentication occurred on the client.
服务器进程根本没有这个信息,除非客户告诉他。
The server process just does not have this information, unless the client tells him.
你可以只有一个请求标题告诉我以XXX记录,但是它不会安全,因为服务器将无法验证该信息,恶意用户可能假装是另一个。
You could just have a request header telling "i am logged as XXX", but it would not be secure, because the server would not be able to verify that information, and a malicious user could pretend to be another one.
在您的用例中,唯一的解决方案是向服务器提供Firebase令牌,然后服务器需要根据firebase服务器验证此令牌,只有这样,它将是100%肯定的关于客户端身份验证。
The only solution to this, in your use case, is to provide the Firebase token to the server, and then the server needs to verify this token against firebase server, and only then it will be 100% sure about the client authentication.
我需要在我的React应用程序中进行服务器端渲染,这是我如何做到的。
I needed that in my React app for Server Side Rendering, here is how I did it.
- 在用户身份验证时,设置包含firebase标记的cookie
- 用户注销时取消设置cookie
- 在服务器中,读取cookie,以便在每个请求下验证客户端用户。
客户端的代码:
const setAppCookie = () => firebase.auth().currentUser &&
firebase.auth().currentUser.getToken().then(token => {
cookies.set('token', token, {
domain: window.location.hostname,
expire: 1 / 24, // One hour
path: '/',
secure: true // If served over HTTPS
});
});
const unsetAppCookie = () =>
cookies.remove('token', {
domain: window.location.hostname,
path: '/',
});
// triggered by firebase auth changes, this is where you deal
// with your users authentication in your app
fbAuth.onAuthStateChanged(user => {
if (!user) {
// user is logged out
return;
}
// user is logged in
setAppCookie();
// Reset cookie before hour expires
// (firebase tokens are short lived, say the docs)
setInterval(setAppCookie, 3500);
});
[...]
// In the logout code
unsetAppCookie();
服务器中的代码:
// Before serving express app, enable cookie parsing
app.use(cookieParser());
// In the code dealing with your requests
const { token } = req.cookies;
if (!token) {
// renderWithoutUser();
}
//
// If user found in cookie, verify the token and render with logged in store
//
console.log('Verifying token', token);
firebase.auth().verifyIdToken(token)
.then(decodedToken => {
const uid = decodedToken.sub;
console.log('User is authenticated for this request', uid);
// renderWithUser();
})
.catch(err => {
console.error('WARNING token invalid or user not found', err);
// renderWithoutUser();
});
这篇关于如果用户通过firebase登录,如何显示不同的页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
