NodeJS示例 - Firebase云功能 - 实例化Admin SDK目录服务对象

时间:2017-11-08 22:18:27

标签: node.js jwt google-cloud-functions google-admin-sdk service-accounts

目标

使用googleapis与Firebase云功能一起获取G Suite域中所有用户的列表。

问题

我如何Instantiate an Admin SDK Directory service object。我没有看到NodeJS示例,我也不清楚如何使用googleapis设置和发出请求。

上下文

此代码从Firebase云功能运行,似乎验证正常。现在,如何在//TODO中通过以下代码设置服务对象:

// Firebase Admin SDK
const functions = require('firebase-functions')
const admin = require('firebase-admin')
admin.initializeApp(functions.config().firebase)

// Google APIs
const googleapis = require('googleapis')
const drive = googleapis.drive('v3')
const gsuiteAdmin = googleapis.admin('directory_v1')

// Service Account Key - JSON
let privatekey = require("./privatekey.json")

let jwtClient = new googleapis.auth.JWT(
    privatekey.client_email,
    null,
    privatekey.private_key,
    ['https://www.googleapis.com/auth/drive',
        'https://www.googleapis.com/auth/admin.directory.user'])

// Firebase Cloud Functions - REST
exports.authorize = functions.https.onRequest((request, response) => {
    //authenticate request
    jwtClient.authorize(function (err, tokens) {
        if (err) {
            console.log(err)
            return
        } else {
            console.log("Successfully connected!")
        }

        // TODO
        // USE SERVICE OBJECT HERE??
        // WHAT DOES IT LOOK LIKE?

        response.send("Successfully connected!")
    })
})

1 个答案:

答案 0 :(得分:2)

运营顺序:

  1. 在Google Cloud Console中创建服务帐户凭据
  2. 将域范围的委派添加到服务帐户
  3. 在G Suite中授权API - 安全 - 高级
  4. 返回服务帐户并下载--- layout: default --- <hr> {% if site.posts.size == 0 %} <h2>Sorry :(</h2> <p>At the moment, content isn't available for you. Check me later!</p> <hr> {% else %} {% for post in site.posts %} <h2> <a href="{{ post.url | relative_url }}">{{ post.title | escape }}</a> </h2> <p>{{ post.date | date: "%Y-%m-%d" }}</p> <hr> {% endfor %} {% endif %} <p>Subscribe <a href="{{ "/feed.xml" | relative_url }}">via RSS</a>.</p> 密钥文件

    5. 我过早下载了.json密钥文件,例如,在授权G Suite中的API之前。订单,使用DwD设置​​服务帐户并然后授权G Suite API中的API以及然后下载.json密钥文件非常重要。

    示例

    .json

    更新

    上面的示例不安全。云功能,尤其是G Suite域范围的委派,不应响应http请求,除非它们来自您的应用程序。请参阅云端功能使用// Firebase Admin SDK const functions = require('firebase-functions') const admin = require('firebase-admin') admin.initializeApp(functions.config().firebase) // Google APIs const googleapis = require('googleapis') const drive = googleapis.drive('v3') const directory = googleapis.admin('directory_v1') // Service Account Key - JSON let privatekey = require("./privatekey.json") let impersonator = 'example@example.com' let jwtClient = new googleapis.auth.JWT( privatekey.client_email, null, // not using path option privatekey.private_key, ['https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/admin.directory.user', 'https://www.googleapis.com/auth/admin.directory.user.readonly'], impersonator ) // Firebase Cloud Functions - REST exports.getUsers = functions.https.onRequest((request, response) => { //authenticate request jwtClient.authorize(function (err, tokens) { if (err) { console.log(err) return } else { console.log("Successfully connected!") } //Google Drive API directory.users.list ({ auth: jwtClient, domain: 'example.com', maxResults: 10, orderBy: 'email', viewType: 'domain_public' }, function(err, res) { if (err) { console.log('The API returned an error: ' + err) return; } var users = res.users; if (users.length == 0) { console.log('No users in the domain.'); } else { console.log('Users:'); for (var i = 0; i < users.length; i++) { var user = users[i]; console.log('%s (%s)', user.primaryEmail, user.name.fullName) } response.send(users) } }) }) }) 的{​​{3}}来验证Firebase是否对该请求进行了身份验证。

    如果您没有正确处理G Suite DwD云功能,您可能会向公众公开您的G Suite API。

相关问题
最新问题