如何通过身份验证从 firebase https 函数调用 firebase 可调用函数?
how to Invoke a firebase callable function from firebase https function with authentication?
我试图了解我们如何从 firebase https 函数安全地调用 firebase 可调用函数,这里需要身份验证,以便可调用函数不是 public,它应该只能由该 https 函数访问。
注意:我是 gcloud 和 firebase 的新手:(
Https 函数:
import * as functions from "firebase-functions";
import * as app from "firebase/app";
//import * as auth from "firebase/auth"
import { getFunctions, httpsCallable } from "firebase/functions";
const firebaseConfig = {
apiKey: "WEBAPIKEY",
authDomain: "project.firebaseapp.com",
databaseURL: "https://project.firebaseio.com", // not required though
projectId: "project-id",
storageBucket: "project.appspot.com", // not required
//appId: process.env.APP_ID, // not sure what to provide
messagingSenderId: "1234324" // default service account id
};
const firebaseApp = app.initializeApp(firebaseConfig);
export const caller = functions.https.onRequest((request, response) => {
let messageText = "hi";
const gfunctions = getFunctions(firebaseApp);
const funtionB = httpsCallable(gfunctions, 'funtionB');
funtionB({ text: messageText })
.then((result: any) => {
// Read result of the Cloud Function.
console.log(result);
response.send(result);
});
});
可调用函数:
import * as functions from "firebase-functions";
export const funtionB = functions.https.onCall((data, context) => {
console.log(context.auth); // not getting anything
/* if (!context.auth) { //trying to include this.
return {status: "error", code: 401, message: "Not signed in"};
} */
return new Promise((resolve, reject) => {
resolve({data: "YO", input: data});
});
});
一些日志,让我心情不好,
Callable request verification passed {"verifications":{"app":"MISSING","auth":"MISSING"}}
我不会在用户浏览器上使用这个https功能,不确定我们是否可以在没有浏览器的情况下使用auth check。有什么方法可以保护这个可调用函数?我想从主体中删除所有用户对这两个函数的访问权限以使其私有化。
我会说这是不可能的,因为正如您提到的,没有浏览器就无法进行身份验证检查,而且 httpsCallable 接口不允许通过作为参数传递来强制上下文.
我认为最好的选择是将 Callable Function 转换为 Http Function,您可以在其中实施自己的身份验证检查,documentation 可能对此有用。
我试图了解我们如何从 firebase https 函数安全地调用 firebase 可调用函数,这里需要身份验证,以便可调用函数不是 public,它应该只能由该 https 函数访问。
注意:我是 gcloud 和 firebase 的新手:(
Https 函数:
import * as functions from "firebase-functions";
import * as app from "firebase/app";
//import * as auth from "firebase/auth"
import { getFunctions, httpsCallable } from "firebase/functions";
const firebaseConfig = {
apiKey: "WEBAPIKEY",
authDomain: "project.firebaseapp.com",
databaseURL: "https://project.firebaseio.com", // not required though
projectId: "project-id",
storageBucket: "project.appspot.com", // not required
//appId: process.env.APP_ID, // not sure what to provide
messagingSenderId: "1234324" // default service account id
};
const firebaseApp = app.initializeApp(firebaseConfig);
export const caller = functions.https.onRequest((request, response) => {
let messageText = "hi";
const gfunctions = getFunctions(firebaseApp);
const funtionB = httpsCallable(gfunctions, 'funtionB');
funtionB({ text: messageText })
.then((result: any) => {
// Read result of the Cloud Function.
console.log(result);
response.send(result);
});
});
可调用函数:
import * as functions from "firebase-functions";
export const funtionB = functions.https.onCall((data, context) => {
console.log(context.auth); // not getting anything
/* if (!context.auth) { //trying to include this.
return {status: "error", code: 401, message: "Not signed in"};
} */
return new Promise((resolve, reject) => {
resolve({data: "YO", input: data});
});
});
一些日志,让我心情不好,
Callable request verification passed {"verifications":{"app":"MISSING","auth":"MISSING"}}
我不会在用户浏览器上使用这个https功能,不确定我们是否可以在没有浏览器的情况下使用auth check。有什么方法可以保护这个可调用函数?我想从主体中删除所有用户对这两个函数的访问权限以使其私有化。
我会说这是不可能的,因为正如您提到的,没有浏览器就无法进行身份验证检查,而且 httpsCallable 接口不允许通过作为参数传递来强制上下文.
我认为最好的选择是将 Callable Function 转换为 Http Function,您可以在其中实施自己的身份验证检查,documentation 可能对此有用。