澄清使用Firebase和React JS
因此,最近我正在研究A React JS 项目,在我开始搜索的所有内容之前,发现了使用 firebase 的最佳方法带有 react 是通过明确的,一切都很好,直到有人告诉我我正在使用它,他解释说有一个firbase auth < /code>(我正在使用)和Firebase Admin SDK,必须在客户端使用第一个,并且必须在服务器端使用第二个。
基本上,我正在使用axios将数据发送到express,然后运行我的firebase Authentication然后对我的客户端响应,这是错误的吗?这是检查用户是否登录的一个示例:
server.js
const firebaseDb=require("firebase/database");
const firebaseAuth=require("firebase/auth");
const path = require('path');
const express= require("express");
var cors = require('cors');
const bodyParser = require("body-parser");
const app=express();
app.use(express.json());
app.use(cors());
app.use(bodyParser.urlencoded({extended: true}));
const db=firebaseDb.getDatabase();
const auth=firebaseAuth.getAuth();
app.get('/checkAuth',(req, res)=>{
const user=auth.currentUser;
if (user) {
// User is signed in.
return res.status(200).send("auth ok");
} else {
// User is signed out
return res.status(404).send("auth error");
}
});
此工作起作用?还是我应该直接在客户端实施壁垒?还是我应该在服务器上使用Firebase Admin SDK?
在我的客户端使用Firebase会使我的应用程序脆弱吗? 感谢您即使在阅读文档后仍感到迷失的任何帮助。
So lately I'm working on a react js project, before I start everything I searched and found that best way to use firebase with react is through express, everything was fine untill someone told me that I'm using it wrong, he explained that there's a firebase auth (which I'm using ) and firebase admin sdk, the first one must be used on the client side and the second one must be used on server side.
Basically I'm using Axios to send data to express and then run my firebase Authentication and then responding to my client side, is it wrong? Here's an example of checking if the user is logged in :
Server.js
const firebaseDb=require("firebase/database");
const firebaseAuth=require("firebase/auth");
const path = require('path');
const express= require("express");
var cors = require('cors');
const bodyParser = require("body-parser");
const app=express();
app.use(express.json());
app.use(cors());
app.use(bodyParser.urlencoded({extended: true}));
const db=firebaseDb.getDatabase();
const auth=firebaseAuth.getAuth();
app.get('/checkAuth',(req, res)=>{
const user=auth.currentUser;
if (user) {
// User is signed in.
return res.status(200).send("auth ok");
} else {
// User is signed out
return res.status(404).send("auth error");
}
});
Does this work ? Or should I implement firebase on the client side directly? Or should I use firebase admin sdk here on my server?
Does using firebase on my client side makes my app vulnerable??
I appreciate any help I felt lost even after hours reading documentations.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我在项目中集成Firebase Auth时使用的流量如下:
我在前端进行身份验证,并通过Firebase SDK提供的auth令牌传递给授权标题中的服务器
的服务器,我使用Firebase Admin SDK验证令牌
上述代码被用作前端提供的Firebase令牌的明确中间件,一旦进行了认证,我确定前端提供的令牌是有效的,并且请求可以处理。
在前端,我使用firebase/auth库,在后端我使用firebase admin SDK
希望这可以回答您的查询。
The flow I use when integrating firebase auth in my project is as follows
I do the authentication on the front end side and pass auth token provided by Firebase SDK to the server in the Authorization header
On the server-side, I use Firebase Admin SDK to verify the token
The above code is used as an express middleware to the firebase token provided by the frontend, once authenticated then I am sure that the token provided by the frontend is valid and the request can be processed.
On the frontend I use the firebase/auth library and on the backend I use Firebase Admin SDK
Hope this answers your query.