用于Firebase云端功能的安全HTTP触发器 [英] Secure HTTP trigger for Cloud Functions for Firebase
本文介绍了用于Firebase云端功能的安全HTTP触发器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
解决方案
是的。您需要发送Firebase ID令牌以及请求(例如,在AJAX请求的 Authorization 标头中),然后使用Firebase Admin SDK对其进行验证。云端函数中有一个深入示例适用于Firebase样本库。它看起来像这样(对于SO后缩短):
$ b
const functions = require('火力函数);
const admin = require('firebase-admin');
const cors = require('cors')();
const validateFirebaseIdToken =(req,res,next)=> {
cors(req,res,()=> {
const idToken = req.headers.authorization.split('Bearer')[1];
admin.auth() verifyIdToken(idToken).then(decodedIdToken => {
console.log('ID Token correct decoding',decodedIdToken);
req.user = decodedIdToken;
next();
$ b console.error('验证Firebase ID令牌时出错',错误);
res.status(403).send('Unauthorized')$ catch(error => ;
});
});
};
$ b exports.myFn = functions.https.onRequest((req,res)=> {
validateFirebaseIdToken(req,res,()=> {
// now你知道他们是授权的,`req.user`有他们的信息
});
});
Is there a way to check if a user is firebase-authorized before triggering a cloud function? (Or within the function)
解决方案
Yes. You will need to send the Firebase ID token along with the request (for example in the Authorization header of an AJAX request), then verify it using the Firebase Admin SDK. There is an in-depth example in the Cloud Functions for Firebase samples repository. It looks something like this (made shorter for SO post):
const functions = require('firebase-functions');
const admin = require('firebase-admin');
const cors = require('cors')();
const validateFirebaseIdToken = (req, res, next) => {
cors(req, res, () => {
const idToken = req.headers.authorization.split('Bearer ')[1];
admin.auth().verifyIdToken(idToken).then(decodedIdToken => {
console.log('ID Token correctly decoded', decodedIdToken);
req.user = decodedIdToken;
next();
}).catch(error => {
console.error('Error while verifying Firebase ID token:', error);
res.status(403).send('Unauthorized');
});
});
};
exports.myFn = functions.https.onRequest((req, res) => {
validateFirebaseIdToken(req, res, () => {
// now you know they're authorized and `req.user` has info about them
});
});
这篇关于用于Firebase云端功能的安全HTTP触发器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
