无法读取未定义的 属性 'code',解码 Firebase ID 令牌失败
Cannot read property 'code' of undefined, Decoding Firebase ID token failed
我在大约 5% 的请求中间歇性地收到此错误,我不确定为什么。它似乎在大部分时间都有效,但我想将其达到 100%。
{"name":"myapp","hostname":"worker-844ddfbc9f-ntlmz","pid":18,"level":50,
"err":"[Throws: Cannot read property 'code' of undefined]",
"msg":"Context creation failed: Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.",
"time":"2020-02-12T02:16:33.538Z","v":0}
TypeError: Cannot read property 'code' of undefined
at FirebaseAuthError.get [as code] (/app/node_modules/firebase-admin/lib/utils/error.js:51:35)
at FirebaseAuthError.FirebaseError.toJSON (/app/node_modules/firebase-admin/lib/utils/error.js:67:24)
at JSON.stringify (<anonymous>)
at prettyJSONStringify (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:257:17)
at throwHttpGraphQLError (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:26:42)
at Object.<anonymous> (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:66:28)
at Generator.next (<anonymous>)
at fulfilled (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:4:58)
at process._tickCallback (internal/process/next_tick.js:68:7)
客户端
const authLink = setContext(async (_, { headers }) => {
let token;
if (firebase.auth().currentUser) {
token = await firebase.auth().currentUser.getIdToken();
}
return {
headers: {
...headers,
authorization: `Bearer ${token}`,
},
};
});
服务器
let token = req.headers.authorization;
if (!token || !token.length) {
console.log('no token');
}
token = token.split('Bearer ')[1];
// validate JWT and pluck user id
const { uid } = await firebase.auth().verifyIdToken(token);
// find the user based on id
const user = await firebase.auth().getUser(uid);
如果 firebase.auth().currentUser 是假的,您的客户端代码将导致 header 的 Bearer undefined 授权。此授权header 不会导致no token 登录服务器代码(其长度为16)。当 运行 firebase.auth().verifyIdToken('undefined').
时,服务器代码将失败
如果 firebase.auth().currentUser 为假,您需要阻止客户端发送请求,或者在服务器代码中捕获未定义的令牌。
注意:在模板字符串中使用未定义的变量会导致字符串 'undefined'(不是空字符串)。
我在大约 5% 的请求中间歇性地收到此错误,我不确定为什么。它似乎在大部分时间都有效,但我想将其达到 100%。
{"name":"myapp","hostname":"worker-844ddfbc9f-ntlmz","pid":18,"level":50,
"err":"[Throws: Cannot read property 'code' of undefined]",
"msg":"Context creation failed: Decoding Firebase ID token failed. Make sure you passed the entire string JWT which represents an ID token. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.",
"time":"2020-02-12T02:16:33.538Z","v":0}
TypeError: Cannot read property 'code' of undefined
at FirebaseAuthError.get [as code] (/app/node_modules/firebase-admin/lib/utils/error.js:51:35)
at FirebaseAuthError.FirebaseError.toJSON (/app/node_modules/firebase-admin/lib/utils/error.js:67:24)
at JSON.stringify (<anonymous>)
at prettyJSONStringify (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:257:17)
at throwHttpGraphQLError (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:26:42)
at Object.<anonymous> (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:66:28)
at Generator.next (<anonymous>)
at fulfilled (/app/node_modules/apollo-server-core/dist/runHttpQuery.js:4:58)
at process._tickCallback (internal/process/next_tick.js:68:7)
客户端
const authLink = setContext(async (_, { headers }) => {
let token;
if (firebase.auth().currentUser) {
token = await firebase.auth().currentUser.getIdToken();
}
return {
headers: {
...headers,
authorization: `Bearer ${token}`,
},
};
});
服务器
let token = req.headers.authorization;
if (!token || !token.length) {
console.log('no token');
}
token = token.split('Bearer ')[1];
// validate JWT and pluck user id
const { uid } = await firebase.auth().verifyIdToken(token);
// find the user based on id
const user = await firebase.auth().getUser(uid);
如果 firebase.auth().currentUser 是假的,您的客户端代码将导致 header 的 Bearer undefined 授权。此授权header 不会导致no token 登录服务器代码(其长度为16)。当 运行 firebase.auth().verifyIdToken('undefined').
如果 firebase.auth().currentUser 为假,您需要阻止客户端发送请求,或者在服务器代码中捕获未定义的令牌。
注意:在模板字符串中使用未定义的变量会导致字符串 'undefined'(不是空字符串)。