如何阻止未经身份验证的用户使用我的 Cloud Functions?
[英]How can I block unauthenticated user use my Cloud Functions?
问题描述
My approach to block unauthenticated user to use my Firebase Cloud Functions is to add this boilerplate code in the beginning of all functions.
我阻止未经身份验证的用户使用我的 Firebase 云功能的方法是在所有功能的开头添加此样板代码。 Please note that I am using Callable Function functions.https.onCall , NOT HTTP Function functions.https.onRequest请注意,我使用的是 Callable Function functions.https.onCall ,而不是HTTP Function functions.https.onRequest
if (!context.auth) {
// Throwing an HttpsError so that the client gets the error details.
throw new functions.https.HttpsError(
"failed-precondition",
"The function must be called while authenticated."
);
}
Is there a better way to block unauthenticated user so that invalid call can NOT even invoke my function?有没有更好的方法来阻止未经身份验证的用户,以便无效调用甚至不能调用我的 function?
1 个解决方案
解决方案1
0 2022-11-21 03:23:11
If you are using Firebase Authentication and also use custom claims, using context auth might be easiest way to do check that.如果您使用 Firebase 身份验证并且还使用自定义声明,则使用context身份验证可能是最简单的检查方法。 Alternatively, you can allow only allAuthenticatedUsers to invoke the Cloud Function as shown below:或者,您可以仅允许allAuthenticatedUsers调用 Cloud Function,如下所示:
However, in this case you'll have to add and verify that Authorization header manually.但是,在这种情况下,您必须手动添加并验证授权 header。 You can use gcloud auth print-identity-token to get your token (different that Firebase Auth's ID token) for testing.您可以使用gcloud auth print-identity-token获取您的令牌(不同于 Firebase Auth 的 ID 令牌)进行测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.