将Firebase用作Express.js中的身份验证中间件

编程问答 2022-06-10

问题描述

我目前正在创建auth中间件,以确保请求标头中存在有效的firebase令牌。代码如下:

身份验证 

import * as firebase from 'firebase-admin';
import { NextFunction,Request,Response } from 'express';

const getAuthToken = (req: Request,res: Response,next: NextFunction) => {
  if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
    req.authToken = req.headers.authorization.split(' ')[1];
  } else {
    req.authToken = null;
  }
  next();
};

export const checkIfAuthenticated = (req: Request,next: NextFunction) => {
  getAuthToken(req,res,async () => {
    try {
      const { authToken } = req;
      const userInfo = await firebase.auth().verifyIdToken(authToken);
      req.authId = userInfo.uid;
      return next();
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
};

export const checkIfAdmin = (req: Request,async () => {
    try {
      const authToken = req;
      const userInfo = await firebase.auth().verifyIdToken(authToken);
      if (userInfo.admin === true) {
        req.authId = userInfo.uid;
        return next();
      }
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
};

app.ts 

app.get('/api/users',checkIfAuthenticated,(req,res) => {
  executeQuery('SELECT * from user')
    .then(function (results: unkNown) {
      res.send(results);
    })
    .catch(function (err: unkNown) {
      res.status(400).send(err);
    });
});

但是,在auth.ts中,我不断遇到以下错误,该如何解决它们:

1。在getAuthToken

错误:(6,9)TS2339:类型'Request '上不存在属性'authToken'。

错误:(8,9)TS2339:类型'Request '上不存在属性'authToken'。

2。在checkIfAuthenticated

错误:(16、15)TS2339:类型'Request '上不存在属性'authToken'。

错误:(18,11)TS2339:类型'Request '上不存在属性'authId'。

3。在checkIfAdmin

错误:(30,60)TS2345:无法将类型'Request '的参数分配给类型'string'的参数。

错误:(32,13)TS2339:类型'Request '上不存在属性'authId'。

解决方法

修复如下:

import * as firebase from 'firebase-admin';
import { NextFunction,Request,Response } from 'express';

export interface IGetAuthTokenRequest extends Request {
  authToken: string;
  authId: string;
}

const getAuthToken = (req: IGetAuthTokenRequest,res: Response,next: NextFunction) => {
  if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
    req.authToken = req.headers.authorization.split(' ')[1];
  } else {
    req.authToken = null;
  }
  next();
};

export const checkIfAuthenticated = (
  req: IGetAuthTokenRequest,next: NextFunction
) => {
  getAuthToken(req,res,async () => {
    try {
      const { authToken } = req;
      const userInfo = await firebase.auth().verifyIdToken(authToken);
      req.authId = userInfo.uid;
      return next();
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
};

export const checkIfAdmin = (req: IGetAuthTokenRequest,next: NextFunction) => {
  getAuthToken(req,async () => {
    try {
      const userInfo = await firebase.auth().verifyIdToken(req.authToken);
      if (userInfo.admin === true) {
        req.authId = userInfo.uid;
        return next();
      }
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
expressexpressexpressfirebase-adminfirebase-authenticationtypescripttypescripttypescript

相关问答

Selenium Web驱动程序和Java元素在(x,y)点处不可单击其他元素将获得点击?
Selenium Web驱动程序和Java。元素在(x,y)点处不可单击。其...
Python-如何使用点“” 访问字典成员?
Python-如何使用点“。” 访问字典成员?
Java 字符串是不可变的到底是什么意思?
Java 字符串是不可变的。到底是什么意思?
Java中的“ final”关键字如何工作?我仍然可以修改对象
Java中的“ final”关键字如何工作?(我仍然可以修改对象。...
“loop:”在Java代码中这是什么,为什么要编译?
“loop:”在Java代码中。这是什么,为什么要编译?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbcDriver发生异常为什么?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbc...