在 Express.js 中使用 Firebase 作为身份验证中间件

问题描述 投票:0回答:2

我目前正在创建一个身份验证中间件,以确保请求标头中有一个有效的 firebase 令牌。代码如下:

auth.ts

import * as firebase from 'firebase-admin';
import { NextFunction, Request, Response } from 'express';

const getAuthToken = (req: Request, res: Response, next: NextFunction) => {
  if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
    req.authToken = req.headers.authorization.split(' ')[1];
  } else {
    req.authToken = null;
  }
  next();
};

export const checkIfAuthenticated = (req: Request, res: Response, next: NextFunction) => {
  getAuthToken(req, res, async () => {
    try {
      const { authToken } = req;
      const userInfo = await firebase.auth().verifyIdToken(authToken);
      req.authId = userInfo.uid;
      return next();
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
};

export const checkIfAdmin = (req: Request, res: Response, next: NextFunction) => {
  getAuthToken(req, res, async () => {
    try {
      const authToken = req;
      const userInfo = await firebase.auth().verifyIdToken(authToken);
      if (userInfo.admin === true) {
        req.authId = userInfo.uid;
        return next();
      }
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
};

app.ts

app.get('/api/users', checkIfAuthenticated, (req, res) => {
  executeQuery('SELECT * from user')
    .then(function (results: unknown) {
      res.send(results);
    })
    .catch(function (err: unknown) {
      res.status(400).send(err);
    });
});

但是,在 auth.ts 中我不断收到以下错误,如何修复它们:

1。在 getAuthToken 中

错误:(6, 9) TS2339:类型“Request”上不存在属性“authToken”。

错误:(8, 9) TS2339:类型“Request”上不存在属性“authToken”。

2。在 checkIfAuthenticated

错误:(16, 15) TS2339:类型“Request”上不存在属性“authToken”。

错误:(18, 11) TS2339:类型“Request”上不存在属性“authId”。

3.在checkIfAdmin

错误:(30, 60) TS2345:“Request”类型的参数不可分配给“string”类型的参数。

错误:(32, 13) TS2339:类型“Request”上不存在属性“authId”。

node.js typescript express firebase-authentication firebase-admin
2个回答
5
投票

修复如下:

import * as firebase from 'firebase-admin';
import { NextFunction, Request, Response } from 'express';

export interface IGetAuthTokenRequest extends Request {
  authToken: string;
  authId: string;
}

const getAuthToken = (req: IGetAuthTokenRequest, res: Response, next: NextFunction) => {
  if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
    req.authToken = req.headers.authorization.split(' ')[1];
  } else {
    req.authToken = null;
  }
  next();
};

export const checkIfAuthenticated = (
  req: IGetAuthTokenRequest,
  res: Response,
  next: NextFunction
) => {
  getAuthToken(req, res, async () => {
    try {
      const { authToken } = req;
      const userInfo = await firebase.auth().verifyIdToken(authToken);
      req.authId = userInfo.uid;
      return next();
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
};

export const checkIfAdmin = (req: IGetAuthTokenRequest, res: Response, next: NextFunction) => {
  getAuthToken(req, res, async () => {
    try {
      const userInfo = await firebase.auth().verifyIdToken(req.authToken);
      if (userInfo.admin === true) {
        req.authId = userInfo.uid;
        return next();
      }
    } catch (e) {
      return res.status(401).send({ error: 'You are not authorized to make this request' });
    }
  });
0
投票

我在接受的答案中遇到了一些错误,所以我根据之前的答案编写了一个快速修复:

import * as firebase from "firebase-admin";
import { NextFunction, Request, Response } from "express";

declare global {
  namespace Express {
    export interface Request {
      authToken?: string;
      authId?: string;
    }
  }
}

const getAuthToken = (req: Request, res: Response, next: NextFunction) => {
  if (
    req.headers.authorization &&
    req.headers.authorization.split(" ")[0] === "Bearer"
  ) {
    req.authToken = req.headers.authorization.split(" ")[1];
  } else {
    req.authToken = "";
  }
  next();
};

export const checkIfAuthenticated = (
  req: Request,
  res: Response,
  next: NextFunction
) => {
  getAuthToken(req, res, async () => {
    try {
      const { authToken } = req;
      if (!authToken) throw new Error("Unauthenticated!");

      const userInfo = await firebase.auth().verifyIdToken(authToken);
      req.authId = userInfo.uid;
      return next();
    } catch (e) {
      return res
        .status(401)
        .send({ error: "You are not authorized to make this request" });
    }
  });
};

export const checkIfAdmin = (req: Request, res: Response, next: NextFunction) => {
    getAuthToken(req, res, async () => {
      try {
        if (!req.authToken) throw new Error("Unauthenticated!");
        const userInfo = await firebase.auth().verifyIdToken(req.authToken);
        if (userInfo.admin === true) {
          req.authId = userInfo.uid;
          return next();
        }
      } catch (e) {
        return res.status(401).send({ error: 'You are not authorized to make this request' });
      }
    });
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.