问题描述
我正在学习一种使用应用程序级中间件对所有API进行身份验证的新方法。我研究了多个示例。我尝试了以下代码作为其中一种方法。
下面是我的代码,我正在已有的必填字段的帮助下编写firebase函数。我使用“ firebase serve”在本地托管我的功能。
const express = require('express')
const bodyParser = require('body-parser')
const cookieParser = require('cookie-parser')()
const cors = require('cors')({ origin: true })
const app = express()
const router = express.Router()
app.use(cors)
app.use(cookieParser)
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: false }))
app.use(async (err,req,res,next) => {
console.log('Middleware')
try {
const { authorization } = req.headers
if (!authorization) {
throw new ErrorHandler(401,"User is not unathorized")
}
if (!authorization.startsWith('Bearer')) {
throw new ErrorHandler(401,"User is not unathorized")
}
const split = authorization.split('Bearer ')
if (split.length !== 2) {
throw new ErrorHandler(401,"User is not unathorized")
}
const token = split[1]
const decodedToken = await admin.auth().verifyIdToken(token);
res.setHeader("email",decodedToken.email)
next()
} catch (error) {
console.log("END")
next(error)
}
});
router.get('/',(req,res) => {
res.end(`${Date.now()}`)
})
router.post('/data',async (req,next) => {
res.setHeader("Content-Type","application/json")
console.log('DATA')
try {
// my other logic goes here
res.end()
} catch (error) {
next(error)
}
})
app.use('/api',router)
app.use((err,next) => {
if (err) {
handleError(err,res);
}
console.log(JSON.stringify(req.body))
});
exports.app = functions.https.onRequest(app)
我创建了一个名为app的云函数。我正在使用这样的API:
http:// localhost:5000 / app / api / data
我编写了一个中间件,用于授权所有即将发布的API。中间件正在获取承载令牌,并且令牌正在Firebase的帮助下进行验证。
但是,当我从邮递员或网络调用“ / api / data”时,不会调用中间件。出于调试目的,我使用console.log进行了检查。
我当前的流程是POSTMAN-> DATA
我想要的是:
邮递员-> MIDDLEWARE(如果已验证)->数据
POSTMAN-> MIDDLEWARE(如果未通过身份验证)-> END
请让我知道我的代码有什么问题。
解决方法
从中间件中删除err参数,您将其设置为错误处理程序而不是中间件,这就是代码未得到执行的原因, 每次您访问/ api路由时,下面的代码将执行处理程序
const express = require('express')
const bodyParser = require('body-parser')
const cookieParser = require('cookie-parser')()
const cors = require('cors')({ origin: true })
const app = express()
const router = express.Router()
app.use(cors)
app.use(cookieParser)
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: false }))
app.use(async (req,res,next) => {
console.log('Middleware')
try {
const { authorization } = req.headers
if (!authorization) {
throw new ErrorHandler(401,"User is not unathorized")
}
if (!authorization.startsWith('Bearer')) {
throw new ErrorHandler(401,"User is not unathorized")
}
const split = authorization.split('Bearer ')
if (split.length !== 2) {
throw new ErrorHandler(401,"User is not unathorized")
}
const token = split[1]
const decodedToken = await admin.auth().verifyIdToken(token);
res.setHeader("email",decodedToken.email)
next()
} catch (error) {
console.log("END")
next(error)
}
});
router.get('/',(req,res) => {
res.end(`${Date.now()}`)
})
router.post('/data',async (req,next) => {
res.setHeader("Content-Type","application/json")
console.log('DATA')
try {
// my other logic goes here
res.end()
} catch (error) {
next(error)
}
})
app.use('/api',router)
app.use((err,req,next) => {
if (err) {
handleError(err,res);
}
console.log(JSON.stringify(req.body))
});
exports.app = functions.https.onRequest(app)