我有一个 JavaScript 网页,它将 MQTT 数据发送到运行 Mosquitto 的服务器。我想对用户隐藏 MQTT 服务器名称、用户名和密码。我知道使用纯 JavaScript 是不可能的,因为源在控制台中可见。
是否可以使用 Firebase 云功能来做到这一点?如果是的话怎么办?
最佳答案
这实际上是 Cloud Functions for Firebase documentation 中提到的关键功能之一:
Keeps your logic private and secure
In many cases, developers prefer to control application logic on the server to avoid tampering on the client side. Also, sometimes it's not desirable to allow that code to be reverse engineered. Cloud Functions is fully insulated from the client, so you can be sure it is private and always does exactly what you want
Firebase 的 functions-samples repo 中有相当多的示例。
例如,向用户发送电子邮件确认的示例需要 gmail 凭据才能发送电子邮件。您永远不会希望将这些凭据嵌入到应用程序代码中,因为恶意用户可能会在应用程序代码中找到它们并滥用它们。因此,这段代码非常适合在 Cloud Functions 中运行。 code that reads these values从这个样本:
// Configure the email transport using the default SMTP transport and a GMail account. // For other types of transports such as Sendgrid see https://nodemailer.com/transports/ // TODO: Configure the `gmail.email` and `gmail.password` Google Cloud environment variables. const gmailEmail = encodeURIComponent(functions.config().gmail.email); const gmailPassword = encodeURIComponent(functions.config().gmail.password); const mailTransport = nodemailer.createTransport( `smtps://${gmailEmail}:${gmailPassword}@smtp.gmail.com`);
您可以对电子邮件地址和密码进行硬编码,因为只有您项目的开发人员才能看到它。但在这种情况下,示例做得更好,并将凭据保留在使用 functions.config() 读取的服务器端配置中。要了解如何设置这些,请阅读documentation for the sample :
Set the
gmail.emailandgmail.passwordGoogle Cloud environment variables to match the email and password of the Gmail account used to send emails (or the app password if your account has 2-step verification enabled). For this use:firebase functions:config:set gmail.email="myusername@gmail.com" gmail.password="secretpassword"
关于node.js - 我可以使用 Firebase Cloud Functions 隐藏 JavaScript 代码吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46752177/