问题描述
在最新的 Firebase 更新 中引入了可调用函数.我的问题是这种新方式是否比旧" http 触发器 以及它是否更安全.
With the latest Firebase Update callable functions were introduced. My question is whether this new way is faster than the "old" http triggers and if it is more secure.
我没有这方面的专业知识,但我认为 HTTP 与 HTTPS 可能会有所不同.
I have no expertise in this field, but I think the HTTP vs HTTPS might make a difference.
这对我来说很有趣,因为如果 可调用函数速度更快,它们就有这个优势,但它们的缺点在于灵活性的本质:其他来源无法访问它们.
This is interesting to me because if the callable functions are faster, they have that advantage, but their disadvantage lies in the nature of flexibility: They cannot be reached by other sources.
如果可调用函数在速度或安全性方面没有优势,我认为没有理由切换它.
If the callable functions have no advantages in terms of speed or security I do not see a reason to switch it up.
推荐答案
可调用函数与 HTTP 函数完全相同,只是提供的 SDK 为您做了一些您不必做的额外工作.这包括在客户端:
Callable functions are exactly the same as HTTP functions, except the provided SDKs are doing some extra work for you that you don't have to do. This includes, on the client:
- 使用请求处理 CORS(针对 Web 客户端)
- 发送已验证用户的令牌
- 发送设备实例 ID
- 序列化您在客户端上传递的输入对象
- 反序列化客户端中的响应对象
在函数的后端:
- 验证用户令牌并从中提供用户对象
- 反序列化函数中的输入对象
- 在函数中序列化响应对象
这在文档中都有说明.如果您可以自己完成所有这些工作,则不要使用可调用对象.如果您希望自动完成这项工作,那么可调用对象会很有帮助.
This is all stated in the documentation. If you are OK with doing all this work yourself, then don't use callables. If you want this work done automatically, then callables are helpful.
如果您需要直接控制 HTTP 协议的详细信息(方法、标头、内容正文),则不要使用可调用对象,因为它会隐藏所有这些详细信息.
If you need direct control over the details of the HTTP protocol (method, headers, content body), then don't use a callable, because it will hide all these details.
使用可调用对象没有安全优势.没有速度提升.
There are no security advantages to using callables. There are no speed improvements.
这篇关于可调用的云函数是否比 HTTP 函数更好?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!