gpt4 book ai didi

firebase - Cloud Functions for Firebase 的安全 HTTP 触发器

转载 作者:行者123 更新时间:2023-12-02 16:04:57 25 4
gpt4 key购买 nike

有没有办法在触发云功能之前检查用户是否经过 firebase 授权? (或在函数内)

最佳答案

是的。您需要将 Firebase ID token 与请求一起发送(例如在 AJAX 请求的 Authorization header 中),然后使用 Firebase Admin SDK 进行验证。有一个in-depth example在 Cloud Functions for Firebase 示例存储库中。它看起来像这样(为 SO 帖子而缩短):

const functions = require('firebase-functions');
const admin = require('firebase-admin');
const cors = require('cors')();

const validateFirebaseIdToken = (req, res, next) => {
cors(req, res, () => {
const idToken = req.headers.authorization.split('Bearer ')[1];
admin.auth().verifyIdToken(idToken).then(decodedIdToken => {
console.log('ID Token correctly decoded', decodedIdToken);
req.user = decodedIdToken;
next();
}).catch(error => {
console.error('Error while verifying Firebase ID token:', error);
res.status(403).send('Unauthorized');
});
});
};

exports.myFn = functions.https.onRequest((req, res) => {
validateFirebaseIdToken(req, res, () => {
// now you know they're authorized and `req.user` has info about them
});
});

关于firebase - Cloud Functions for Firebase 的安全 HTTP 触发器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43238611/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com