问题描述
每当我尝试从服务器端引用用户的 idToken 时,我都会收到一条消息,说没有用户登录。我已经坚持了一段时间,所以任何帮助都会很棒
这是 start.js 文件:
const cookieParser = require("cookie-parser");
const csrf = require("csurf");
const bodyParser = require("body-parser");
const path = require('path');
const express = require('express');
const admin = require("firebase-admin");
// const fbAuth = require('./routes/fbAuth');
const serviceAccount = require("./serviceAccountKey.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),databaseURL: "",});
app.get("/view",function (req,res) {
const sessionCookie = req.cookies.session || "";
admin
.auth()
.verifySessionCookie(sessionCookie,true /** checkRevoked */)
.then(() => {
res.render("view.html");
})
.catch((error) => {
res.redirect("/login");
});
});
app.post("/sessionLogin",(req,res) => {
const idToken = req.body.idToken.toString();
const expiresIn = 60 * 60 * 24 * 5 * 1000;
admin
.auth()
.createSessionCookie(idToken,{ expiresIn })
.then(
(sessionCookie) => {
const options = { maxAge: expiresIn,httpOnly: true };
res.cookie("session",sessionCookie,options);
res.end(JSON.stringify({ status: "success" }));
},(error) => {
res.status(401).send("UNAUTHORIZED REQUEST!");
}
);
});
app.listen(PORT,() => { console.log(`Server listening on port ${PORT}`); });
这里是客户端登录:
window.addEventListener("DOMContentLoaded",() =>
{
const firebaseConfig = {
config stuff goes here...
};
firebase.initializeApp(firebaseConfig);
firebase.analytics();
firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION);
document
.getElementById("login")
.addEventListener("submit",(event) =>
{
event.preventDefault();
const login = event.target.login.value;
const password = event.target.password.value;
firebase
.auth()
.signInWithEmailAndPassword(login,password)
.then((
{
user
}) =>
{
return user.getIdToken().then((idToken) =>
{
return fetch("/sessionLogin",{
method: "POST",headers:
{
Accept: "application/json","Content-Type": "application/json","CSRF-Token": Cookies.get("XSRF-TOKEN"),},body: JSON.stringify(
{
idToken
}),});
});
})
.then(() =>
{
console.log(firebase.auth().currentUser);
window.location.assign("/view");
});
return false;
});
});
这里是我尝试在名为 oss.js 的路由文件之一中引用令牌的地方(第 9 行是确定问题的地方):
axios(config)
.then(function(response)
{
response = response.data;
console.log(response.progress,response.status);
if (response.progress === "complete")
{
if (response.status === "success")
{
console.log("JOB COMPLETE");
// upload to firebase here
var user = firebase.auth().currentUser;
if (user)
{
admin.auth().verifyIdToken(idToken)
.then(function(decodedToken) {
var uid = decodedToken.uid;
console.log("uid ->",uid);
return uid;
}).catch(function(error)
{
//Handle error
});
}
else
{
console.log("There is no current user.");
}
}
}
})
});
解决方法
好的,这个需要一点冗长,但这是我当然在一些帮助下得到的答案。
首先,为了从客户端引用 uid,我需要能够使用“localStorage.setItem”将其存储在浏览器中。用户登录后,我将其存储在客户端脚本中,如下所示(请注意第 12 行):
firebase
.auth()
.signInWithEmailAndPassword(login,password)
.then((
{
user
}) =>
{
localStorage.setItem('uid',user.uid);
return user.getIdToken().then((idToken) =>
{
localStorage.setItem('token',idToken);
return fetch("/sessionLogin",{
method: "POST",headers:
{
Accept: "application/json","Content-Type": "application/json","CSRF-Token": Cookies.get("XSRF-TOKEN"),},body: JSON.stringify(
{
idToken
}),});
});
})
设置好后,我需要在其他页面上引用它(我现在没有使用任何前端框架),这是使用嵌套在 html 文件中的脚本文件中的以下代码完成的。这是附加到一个函数,该函数启动一个允许我引用它的函数(请注意第 11 和 12 行):
$('#hiddenUploadField').change(function () {
var node = $('#appBuckets').jstree(true).get_selected(true)[0];
var _this = this;
if (_this.files.length == 0) return;
var file = _this.files[0];
switch (node.type) {
case 'bucket':
var formData = new FormData();
formData.append('fileToUpload',file);
formData.append('bucketKey',node.id);
let uid = localStorage.getItem('uid');
let token = localStorage.getItem('token');
$.ajax({
url: `/api/forge/oss/objects?uid=${uid}&token=${token}`,data: formData,processData: false,contentType: false,type: 'POST',success: function (data) {
$('#appBuckets').jstree(true).refresh_node(node);
_this.value = '';
}
});
break;
}
});
});
从那里,我能够使用以下(第 14 和 15 行)将 uid 和令牌从浏览器调用到后端中的所需位置:
router.post('/objects',multer(
{
dest: 'uploads/'
}).single('fileToUpload'),async (req,res,next) =>
{
fs.readFile(req.file.path,async (err,data) =>
{
if (err)
{
next(err);
}
try
{
let uid = req.query.uid;
let token =req.query.token;
此时我可以使用以下代码引用上面代码中的 UID 和令牌:
var user = firebase.auth();
const customToken = admin.auth().createCustomToken(uid)
firebase.auth().onAuthStateChanged(function()
{
if (user)
{
admin.auth().verifyIdToken(token)
.then(function(decodedToken)
{
var uid = decodedToken.uid;
console.log("uid ->",uid);
return uid;
}).catch(function(error)
{
//Handle error
});
}
else
{
console.log("There is no current user.");
}
});