在 Express.js 中使用 Firebase 作为身份验证中间件
Using Firebase as an Authenticating Middleware in Express.js
我目前正在创建一个身份验证中间件,以确保请求中有一个有效的 firebase 令牌 header。代码如下:
auth.ts
import * as firebase from 'firebase-admin';
import { NextFunction, Request, Response } from 'express';
const getAuthToken = (req: Request, res: Response, next: NextFunction) => {
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
req.authToken = req.headers.authorization.split(' ')[1];
} else {
req.authToken = null;
}
next();
};
export const checkIfAuthenticated = (req: Request, res: Response, next: NextFunction) => {
getAuthToken(req, res, async () => {
try {
const { authToken } = req;
const userInfo = await firebase.auth().verifyIdToken(authToken);
req.authId = userInfo.uid;
return next();
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});
};
export const checkIfAdmin = (req: Request, res: Response, next: NextFunction) => {
getAuthToken(req, res, async () => {
try {
const authToken = req;
const userInfo = await firebase.auth().verifyIdToken(authToken);
if (userInfo.admin === true) {
req.authId = userInfo.uid;
return next();
}
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});
};
app.ts
app.get('/api/users', checkIfAuthenticated, (req, res) => {
executeQuery('SELECT * from user')
.then(function (results: unknown) {
res.send(results);
})
.catch(function (err: unknown) {
res.status(400).send(err);
});
});
但是,在 auth.ts 中,我不断收到以下错误,我该如何解决它们:
1.在 getAuthToken
Error:(6, 9) TS2339: Property 'authToken' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
Error:(8, 9) TS2339: Property 'authToken' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
2。在 checkIfAuthenticated
Error:(16, 15) TS2339: Property 'authToken' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
Error:(18, 11) TS2339: Property 'authId' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
3。在检查IfAdmin
Error:(30, 60) TS2345: Argument of type 'Request<ParamsDictionary, any, any, ParsedQs>' is not assignable to parameter of type 'string'.
Error:(32, 13) TS2339: Property 'authId' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
修正如下:
import * as firebase from 'firebase-admin';
import { NextFunction, Request, Response } from 'express';
export interface IGetAuthTokenRequest extends Request {
authToken: string;
authId: string;
}
const getAuthToken = (req: IGetAuthTokenRequest, res: Response, next: NextFunction) => {
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
req.authToken = req.headers.authorization.split(' ')[1];
} else {
req.authToken = null;
}
next();
};
export const checkIfAuthenticated = (
req: IGetAuthTokenRequest,
res: Response,
next: NextFunction
) => {
getAuthToken(req, res, async () => {
try {
const { authToken } = req;
const userInfo = await firebase.auth().verifyIdToken(authToken);
req.authId = userInfo.uid;
return next();
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});
};
export const checkIfAdmin = (req: IGetAuthTokenRequest, res: Response, next: NextFunction) => {
getAuthToken(req, res, async () => {
try {
const userInfo = await firebase.auth().verifyIdToken(req.authToken);
if (userInfo.admin === true) {
req.authId = userInfo.uid;
return next();
}
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});
我目前正在创建一个身份验证中间件,以确保请求中有一个有效的 firebase 令牌 header。代码如下:
auth.ts
import * as firebase from 'firebase-admin';
import { NextFunction, Request, Response } from 'express';
const getAuthToken = (req: Request, res: Response, next: NextFunction) => {
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
req.authToken = req.headers.authorization.split(' ')[1];
} else {
req.authToken = null;
}
next();
};
export const checkIfAuthenticated = (req: Request, res: Response, next: NextFunction) => {
getAuthToken(req, res, async () => {
try {
const { authToken } = req;
const userInfo = await firebase.auth().verifyIdToken(authToken);
req.authId = userInfo.uid;
return next();
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});
};
export const checkIfAdmin = (req: Request, res: Response, next: NextFunction) => {
getAuthToken(req, res, async () => {
try {
const authToken = req;
const userInfo = await firebase.auth().verifyIdToken(authToken);
if (userInfo.admin === true) {
req.authId = userInfo.uid;
return next();
}
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});
};
app.ts
app.get('/api/users', checkIfAuthenticated, (req, res) => {
executeQuery('SELECT * from user')
.then(function (results: unknown) {
res.send(results);
})
.catch(function (err: unknown) {
res.status(400).send(err);
});
});
但是,在 auth.ts 中,我不断收到以下错误,我该如何解决它们:
1.在 getAuthToken
Error:(6, 9) TS2339: Property 'authToken' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
Error:(8, 9) TS2339: Property 'authToken' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
2。在 checkIfAuthenticated
Error:(16, 15) TS2339: Property 'authToken' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
Error:(18, 11) TS2339: Property 'authId' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
3。在检查IfAdmin
Error:(30, 60) TS2345: Argument of type 'Request<ParamsDictionary, any, any, ParsedQs>' is not assignable to parameter of type 'string'.
Error:(32, 13) TS2339: Property 'authId' does not exist on type 'Request<ParamsDictionary, any, any, ParsedQs>'.
修正如下:
import * as firebase from 'firebase-admin';
import { NextFunction, Request, Response } from 'express';
export interface IGetAuthTokenRequest extends Request {
authToken: string;
authId: string;
}
const getAuthToken = (req: IGetAuthTokenRequest, res: Response, next: NextFunction) => {
if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
req.authToken = req.headers.authorization.split(' ')[1];
} else {
req.authToken = null;
}
next();
};
export const checkIfAuthenticated = (
req: IGetAuthTokenRequest,
res: Response,
next: NextFunction
) => {
getAuthToken(req, res, async () => {
try {
const { authToken } = req;
const userInfo = await firebase.auth().verifyIdToken(authToken);
req.authId = userInfo.uid;
return next();
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});
};
export const checkIfAdmin = (req: IGetAuthTokenRequest, res: Response, next: NextFunction) => {
getAuthToken(req, res, async () => {
try {
const userInfo = await firebase.auth().verifyIdToken(req.authToken);
if (userInfo.admin === true) {
req.authId = userInfo.uid;
return next();
}
} catch (e) {
return res.status(401).send({ error: 'You are not authorized to make this request' });
}
});