如何仅允许经过身份验证的用户通过后端访问特定页面
[英]How to allow only authenticated users to access a certain page via backend
问题描述
I am liking firebase and what it offers for app development, still learning it.. 
我喜欢firebase及其为应用程序开发提供的功能,但仍在学习中。
So I was wondering how could I allow certain pages to be only accessible authenticated users via cloud funtions? 因此,我想知道如何允许某些页面仅通过云功能访问经过身份验证的用户?
I know I can do it in the client side which is easy by putting this code just at the top of your main script 我知道我可以在客户端做到这一点,只需将这段代码放在主脚本的顶部即可轻松实现
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
//do something
} else {
// redirect to login page
}
});
It works fine, but what about on the backend? 它工作正常,但是在后端呢?
I have tried it this way -- index.js for the cloud functions. 我已经尝试过这种方法-云功能的index.js。
const functions = require('firebase-functions');
const firebase = require('firebase');
const config = {
// needed configs here
};
firebase.initializeApp(config);
exports.api = functions.https.onRequest((req, res) => {
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
res.status(200).send("logged in")
} else {
res.status(200).send("not logged in")
}
});
});
So I have configured the rewrite rules like this 所以我已经配置了这样的重写规则
{
"database": {
"rules": "database.rules.json"
},
"hosting": {
"public": "public",
"rewrites": [ {
"source": "/getstarted", "function": "api"
} ]
}
}
When I access /getstarted page it will check if authenticated if not just send unauthorized text / redirect to them /login page 当我访问/ getstarted页面时,它将检查是否已通过身份验证,而不只是发送未经授权的文本/将其重定向到/ login页面
So in my case after logging in the frontend, and I try to access /getstarted page it will still show not logged in 所以在我的情况下,登录前端后,我尝试访问/ getstarted页面,它将仍然显示未登录
I must be doing something wrong.. 我一定做错了什么..
1 个解决方案
解决方案1
0 已采纳 2017-06-23 06:56:17
Firebase cloud code runs on a remote server, not the clients web browser. Firebase云代码在远程服务器上运行,而不是在客户端Web浏览器上运行。 The firebase variable in your cloud code has admin privileges by default, but will not be logged in as the same user as the client that makes a request to that piece of cloud code. 默认情况下,您的云代码中的firebase变量具有管理员权限,但不会以与请求该云代码的客户端相同的用户身份登录。
Also, onAuthStateChanged is an asynchronous function, that in practice will often return a null value on page load, quickly followed by returning an actual user once the page realizes a user was logged in. Because of its asynchronous nature, it is not fit for a single time (synchronous) check of if a user is logged in. 另外, onAuthStateChanged是一个异步函数,实际上在页面加载时通常会返回null值,一旦页面意识到用户已登录,很快就会返回实际用户。由于其异步特性,它不适合用于一次(同步)检查用户是否已登录。
Instead, your first example with an asynchronous action on the client side is a good solution. 相反,第一个在客户端执行异步操作的示例是一个很好的解决方案。 It can result in "flashing" of a users only one to your clients, but that can be eliminated in many ways. 这可能会导致仅一个用户“闪烁”到您的客户端,但是可以通过多种方式消除。 One example would be to initially display a loading screen, and then to code 一个示例是首先显示一个加载屏幕,然后进行编码
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// remove div containing loading screen
} else {
// redirect to login page
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.