node.js - 无法读取未定义的属性 'code'，解码 Firebase ID token 失败

Question

我在大约 5% 的请求中间歇性地收到此错误，但我不确定原因。它似乎在大多数情况下都有效，但我希望达到 100%。

{"name":"myapp","hostname":"worker-844ddfbc9f-ntlmz","pid":18,"level":50,
"err":"[Throws: Cannot read property 'code' of undefined]",
"msg":"Context creation failed: Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.",
"time":"2020-02-12T02:16:33.538Z","v":0}
TypeError: Cannot read property 'code' of undefined
    at FirebaseAuthError.get [as code] (/app/node_modules/firebase-admin/lib/utils/error.js:51:35)
    at FirebaseAuthError.FirebaseError.toJSON (/app/node_modules/firebase-admin/lib/utils/error.js:67:24)
    at JSON.stringify (<anonymous>)
    at prettyJSONStringify (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:257:17)
    at throwHttpGraphQLError (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:26:42)
    at Object.<anonymous> (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:66:28)
    at Generator.next (<anonymous>)
    at fulfilled (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:4:58)
    at process._tickCallback (internal/process/next_tick.js:68:7)

客户端

const authLink = setContext(async (_, { headers }) => {
    let token;
    if (firebase.auth().currentUser) {
        token = await firebase.auth().currentUser.getIdToken();
    }
    return {
        headers: {
            ...headers,
            authorization: `Bearer ${token}`,
        },
    };
});

服务器

            let token = req.headers.authorization;

            if (!token || !token.length) {
                console.log('no token');
            }

            token = token.split('Bearer ')[1];

            // validate JWT and pluck user id
            const { uid } = await firebase.auth().verifyIdToken(token);

            // find the user based on id
            const user = await firebase.auth().getUser(uid);

Answer 1

如果 firebase.auth().currentUser 为 false，您的客户端代码将导致 Bearer undefined 的授权 header 。此授权 header 不会导致服务器代码中记录no token(其长度为16)。运行 firebase.auth().verifyIdToken('undefined') 时，服务器代码将会失败。

如果 firebase.auth().currentUser 为 false，您需要阻止客户端发送请求，或者捕获服务器代码中未定义的 token 。

注意:在模板字符串中使用 undefined variable 会导致字符串“未定义”(不是空字符串)。