有没有一种方法可以在触发云功能之前检查用户是否具有Firebase授权? (或在函数内)

最佳答案

是。您将需要将Firebase ID令牌与请求一起发送(例如,在AJAX请求的Authorization标头中),然后使用Firebase Admin SDK对其进行验证。 Cloud Functions for Firebase示例存储库中有一个in-depth example。看起来像这样(为SO post简化了):

const functions = require('firebase-functions');
const admin = require('firebase-admin');
const cors = require('cors')();

const validateFirebaseIdToken = (req, res, next) => {
  cors(req, res, () => {
    const idToken = req.headers.authorization.split('Bearer ')[1];
    admin.auth().verifyIdToken(idToken).then(decodedIdToken => {
      console.log('ID Token correctly decoded', decodedIdToken);
      req.user = decodedIdToken;
      next();
    }).catch(error => {
      console.error('Error while verifying Firebase ID token:', error);
      res.status(403).send('Unauthorized');
    });
  });
};

exports.myFn = functions.https.onRequest((req, res) => {
  validateFirebaseIdToken(req, res, () => {
    // now you know they're authorized and `req.user` has info about them
  });
});

关于firebase - 用于Firebase的Cloud Functions的安全HTTP触发器,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/45078844/

10-11 22:52
查看更多