具有有限权限的云功能认证(Cloud function authentication with limited privileges)

具有有限权限的云功能认证(Cloud function authentication with limited privileges)

我正在使用云功能为我的Firebase数据库创建一个RESTful API。 我发现的所有教程和指南都建议使用firebase-admin来获取管理员对数据库的访问权限。

这里是我的问题：有没有办法像用户直接访问数据库一样？ 就像从用户那里获取认证令牌一样，并将其传递到数据库，以便按照用户的相同方式进行更改。 如果我尝试对其他用户进行更改，安全规则应该阻止我。

可能的解决方案：使用数据库的内置REST API访问数据库，并使用?auth=CREDENTIAL来验证用户。 是否有使用firebase SDK的替代方案？

I am creating a RESTful API for my firebase database using Cloud functions. All the tutorials and guides I found suggest using firebase-admin to get admin access to the database.

Here is my question: Is there a way to access the database the same way as the user would have directly? Like getting the auth token from the user and passing it on to the database to make changes the same way the user would. The security rules should prevent me if I try to make changes to a different user.

Possible solution: Access the database using the built-in REST API of the database and use ?auth=CREDENTIAL to authenticate the user. Is there an alternative using the firebase SDK?

最满意答案

有没有办法像用户直接访问数据库一样？

是的，我建议你在这里查看样品 。 但它要求您的代码解码并验证该用户的JWT。 最简单的方法是使用Admin SDK。

该示例使用JavaScript SDK从客户端获取令牌：

firebase.auth().currentUser.getToken()

它将此令牌传递给服务器，然后使用Admin SDK验证它：

admin.auth().verifyIdToken(idToken)

然后，您可以创建管理SDK的第二个实例并为您的数据库请求设置此UID ：

admin.initializeApp({ credential: admin.credential.cert(serviceAccount), databaseURL: "https://databaseName.firebaseio.com", databaseAuthVariableOverride: { uid: "my-service-worker" } });

Is there a way to access the database the same way as the user would have directly?

Yes there is, I recommend you check out the sample here. But it requires that your code decodes and verifies the JWT of that user. The easiest way to do this is with the Admin SDK.

The sample uses the JavaScript SDK to get the token from the client:

firebase.auth().currentUser.getToken()

It passes this token to the server, which then verifies it using the Admin SDK:

admin.auth().verifyIdToken(idToken)

You can then create a second instance of the admin SDK and set this UID for your database requests:

admin.initializeApp({ credential: admin.credential.cert(serviceAccount), databaseURL: "https://databaseName.firebaseio.com", databaseAuthVariableOverride: { uid: "my-service-worker" } });