[英]How can I block unauthenticated user use my Cloud Functions?
My approach to block unauthenticated user to use my Firebase Cloud Functions is to add this boilerplate code in the beginning of all functions.我阻止未经身份验证的用户使用我的 Firebase 云功能的方法是在所有功能的开头添加此样板代码。 Please note that I am using Callable Function
functions.https.onCall
, NOT HTTP Function functions.https.onRequest
请注意,我使用的是 Callable Function
functions.https.onCall
,而不是HTTP Function functions.https.onRequest
if (!context.auth) {
// Throwing an HttpsError so that the client gets the error details.
throw new functions.https.HttpsError(
"failed-precondition",
"The function must be called while authenticated."
);
}
Is there a better way to block unauthenticated user so that invalid call can NOT even invoke my function?有没有更好的方法来阻止未经身份验证的用户,以便无效调用甚至不能调用我的 function?
If you are using Firebase Authentication and also use custom claims, using context
auth might be easiest way to do check that.如果您使用 Firebase 身份验证并且还使用自定义声明,则使用
context
身份验证可能是最简单的检查方法。 Alternatively, you can allow only allAuthenticatedUsers
to invoke the Cloud Function as shown below:或者,您可以仅允许
allAuthenticatedUsers
调用 Cloud Function,如下所示:
However, in this case you'll have to add and verify that Authorization header manually.但是,在这种情况下,您必须手动添加并验证授权 header。 You can use
gcloud auth print-identity-token
to get your token (different that Firebase Auth's ID token) for testing.您可以使用
gcloud auth print-identity-token
获取您的令牌(不同于 Firebase Auth 的 ID 令牌)进行测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.