分享程序员开发的那些事...
更新时间:2023-12-05 18:03:16
这是每个Firebase用户都必须处理的事情.一般如何解决?正如其他用户指出的那样,可以通过将其他用户信息添加到Firestore中来解决此问题.你能保证原子性吗?不,您不能,auth和db是两个不同的系统,您可以将用户添加到auth,并且在回调中发现您无法将用户添加到db,因为例如您没有Internet连接.人做什么?通常与它同住.
如果您的应用程序必须保证原子性,那么您可以加倍努力,并在firebase函数中实现身份验证.例如,这是两步登录的示例:
import { Request, Response } from "express";
import * as admin from 'firebase-admin'
export async function create(req: Request, res: Response) {
try {
const { displayName, password, email, role } = req.body
if (!displayName || !password || !email || !role) {
return res.status(400).send({ message: 'Missing fields' })
}
const { uid } = await admin.auth().createUser({
displayName,
password,
email
})
await admin.auth().setCustomUserClaims(uid, { role })
return res.status(201).send({ uid })
} catch (err) {
return handleError(res, err)
}
}
function handleError(res: Response, err: any) {
return res.status(500).send({ message: `${err.code} - ${err.message}` });
}
如果出现问题,您可以从auth添加用户删除.这样至少可以保证您的回滚代码将在Google服务器中执行.
此代码示例摘自 https://www.toptal.com/firebase/role-based-firebase-authentication
I'm building a website where I've integrated firebase authentication for login/signup of site users.
Users can login/signup via either email-password or mobile OTP method. I'm using official firebase js Auth UI Widget: firebaseui-web for this authentication process.
While signup, I also want to capture additional user details like full name, gender, age etc.
I found 2 approaches on the web for this:
Store extra info in firestore after successful signup.
Issue with this approach is I want to be it an atomic transaction. Means, either all the extra info should be stored during signup process or signup process shouldn't succeed. I'm not sure how to implement this flow or is it even possible at all.
Store extra info in firebase auth object field like in displayName, photoURL using JSON.stringify/JSON.parse method. I'm using their auth UI widget and not sure how to embed this info during email or mobile OTP signup.
So, how to save extra info of user during signup process? Any different approach maybe?
Website is hosted on firebase hosting. Site uses firestore for storing any additional data of users because firebase auth doesn't provide this functionality. I've also implemented firebase cloud functions (Typescript, node.js) for some basic CRUD operations. So in nutshell, a full firebase environment.
This is something that every firebase user has to deal with. How is generally solved? As other users point out, it is solved by adding the extra user information into Firestore. Can you guarantee that atomiticy? No, you can't, auth and db are two different systems, you can add the user to auth and in the callback find out you cannot add the user to db because you dont have internet connection for instance. What people do? Generally live with it.
If it is fundamental for your application to guarantee atomiticy you can go an extra mile and implement your authentication in a firebase function. For instance, this is an example of a two step sign in:
import { Request, Response } from "express";
import * as admin from 'firebase-admin'
export async function create(req: Request, res: Response) {
try {
const { displayName, password, email, role } = req.body
if (!displayName || !password || !email || !role) {
return res.status(400).send({ message: 'Missing fields' })
}
const { uid } = await admin.auth().createUser({
displayName,
password,
email
})
await admin.auth().setCustomUserClaims(uid, { role })
return res.status(201).send({ uid })
} catch (err) {
return handleError(res, err)
}
}
function handleError(res: Response, err: any) {
return res.status(500).send({ message: `${err.code} - ${err.message}` });
}
You could add the user removal from auth if something goes wrong. This guarantees at least that your rollback code will be executed in the Google servers.
This code example was extracted from https://www.toptal.com/firebase/role-based-firebase-authentication