Ced*_*ian 5 javascript node.js firebase firebase-authentication firebase-realtime-database
我使用此链接在我的 firebase 项目上实现了 cookie 会话。
我试图让idToken客户端将其发送到服务器端。
这是我在客户端使用的代码:
$(function(){
$.ajax({
url: "/checkSession",
type: 'post',
success: function(data) {
if(data.status === "ok" && data.user){
const user = data.user;
const emailVerified = user.email_verified;
const uid = user.uid;
if (emailVerified){
firebase.database().ref().child("users").child(uid).child("username").once("value", snapshot => {
const username = snapshot.val();
firebase.auth().currentUser.getIdToken(true).then(idToken => {
// Doesn't work...
})
}).catch(err => {
console.log(err)
});
}
}
}
});
});
这是检查会话的服务器:
app.post("/checkSession", (req, res, next) => {
const sessionCookie = req.cookies.session || '';
admin
.auth()
.verifySessionCookie(sessionCookie, true)
.then(user => {
res.json({
status: "ok",
user
})
})
.catch((error) => {
res.json({
status: "error",
})
});
})
除了这个函数之外,一切正常:firebase.auth().currentUser.getIdToken(true).then(idToken => {...})并且它抛出Cannot read property 'getIdToken' of null错误。
更新:这是我正在使用的登录方法。我将 false 传递给httpOnly并且secure因为我正在本地测试它。
app.post("/SignInUser", (req, res, next) => {
const idToken = req.body.idToken.toString();
const expiresIn = 60 * 60 * 24 * 10 * 1000; // 10 days
admin
.auth()
.verifyIdToken(idToken)
.then(function (decodedClaims) {
if (new Date().getTime() / 1000 - decodedClaims.auth_time < 5 * 60) {
return admin.auth().createSessionCookie(idToken, { expiresIn });
}
})
.then(function (sessionCookie) {
const options = { maxAge: expiresIn, httpOnly: false, secure: false};
res.cookie("session", sessionCookie, options);
return res.json({
status: "ok"
})
})
.catch(function (error) {
return res.json({
status: "error",
message: "Unauthorized request!"
})
});
})
更新 2:我使用 idToken 来验证来自用户的请求实际上是来自用户而不是来自外部来源,这是一个示例代码:
function getUserSnapshotOrVerifyUserId(username, idToken, cb) {
if (username == null || username.length == 0 || idToken == null || idToken.length == 0)
return cb({
status: "error",
errorMessage: "Missing params."
}, null);
admin.auth().verifyIdToken(idToken).then(decodedToken => {
let uid = decodedToken.uid;
admin.database().ref().child("users").orderByChild("username").equalTo(username).once('value', snapshot => {
if (!snapshot.exists())
return cb({
status: "error",
message: "invalid-profile"
});
snapshot.forEach(child => {
const id = child.val().id;
if (id !== uid)
return cb({
status: "error",
message: "Invalid ID"
});
admin.database().ref("users/" + id).once("value", snapshot => {
if (!snapshot.exists())
return cb({
status: "error",
errorMessage: "user not found."
});
return cb(null, id, snapshot);
});
});
});
}).catch(err => cb({
status: "error",
message: err
}));
}
app.post("/getUserProfile", (req, res, next) => {
const username = req.body.username || req.query.username;
const idToken = req.body.idToken;
getUserSnapshotOrVerifyUserId(username, idToken, (err, id, snapshot) => {
if (err) return res.json(err);
let userdata = {
username: snapshot.val().username,
name: snapshot.val().name,
}
res.json({
status: "ok",
userdata
})
})
})
| 归档时间: |
|
| 查看次数: |
318 次 |
| 最近记录: |