node.js – NodeJS示例 – Firebase云功能 – 实例化Admin SDK目录服务对象

目标

将googleapis与Firebase云功能配合使用可获取G Suite域中所有用户的列表.

我如何Instantiate an Admin SDK Directory service object.我没有看到NodeJS示例,我不清楚如何使用googleapis设置和发出请求.

上下文

此代码从Firebase云功能运行,似乎验证正常.现在,如何在以下代码中的// TODO设置服务对象:

// Firebase Admin SDK
const functions = require('firebase-functions')
const admin = require('firebase-admin')
admin.initializeApp(functions.config().firebase)

// Google APIs
const googleapis = require('googleapis')
const drive = googleapis.drive('v3')
const gsuiteAdmin = googleapis.admin('directory_v1')

// Service Account Key - JSON
let privatekey = require("./privatekey.json")

let jwtClient = new googleapis.auth.JWT(
    privatekey.client_email,
    null,
    privatekey.private_key,
    ['https://www.googleapis.com/auth/drive',
        'https://www.googleapis.com/auth/admin.directory.user'])

// Firebase Cloud Functions - REST
exports.authorize = functions.https.onRequest((request, response) => {
    //authenticate request
    jwtClient.authorize(function (err, tokens) {
        if (err) {
            console.log(err)
            return
        } else {
            console.log("Successfully connected!")
        }

        // TODO
        // USE SERVICE OBJECT HERE??
        // WHAT DOES IT LOOK LIKE?

        response.send("Successfully connected!")
    })
})
最佳答案
运营顺序:

>在Google Cloud Console中创建服务帐户凭据
>将域范围的委派添加到服务帐户
>在G Suite中授权API – 安全 – 高级
>返回服务帐户并下载.json密钥文件

我很快就下载了.json密钥文件,例如,在授权G Suite中的API之前.订单,使用DwD设置​​服务帐户,然后在G Suite API中授权API,然后下载.json密钥文件非常重要.

这个例子

// Firebase Admin SDK
const functions = require('firebase-functions')
const admin = require('firebase-admin')
admin.initializeApp(functions.config().firebase)

// Google APIs
const googleapis = require('googleapis')
const drive = googleapis.drive('v3')
const directory = googleapis.admin('directory_v1')

// Service Account Key - JSON
let privatekey = require("./privatekey.json")
let impersonator = 'example@example.com'

let jwtClient = new googleapis.auth.JWT(
    privatekey.client_email,
    null, // not using path option
    privatekey.private_key,
    ['https://www.googleapis.com/auth/drive',
        'https://www.googleapis.com/auth/admin.directory.user',
        'https://www.googleapis.com/auth/admin.directory.user.readonly'],
    impersonator
)

// Firebase Cloud Functions - REST
exports.getUsers = functions.https.onRequest((request, response) => {
    //authenticate request
    jwtClient.authorize(function (err, tokens) {
        if (err) {
            console.log(err)
            return
        } else {
            console.log("Successfully connected!")
        }
        //Google Drive API
        directory.users.list ({
            auth: jwtClient,
            domain: 'example.com',
            maxResults: 10,
            orderBy: 'email',
            viewType: 'domain_public'
          }, function(err, res) {
            if (err) {
              console.log('The API returned an error: ' + err)
              return;
            }
            var users = res.users;
            if (users.length == 0) {
              console.log('No users in the domain.');
            } else {
              console.log('Users:');
              for (var i = 0; i < users.length; i++) {
                var user = users[i];
                console.log('%s (%s)', user.primaryEmail, user.name.fullName)
              }
              response.send(users)
            }        
        })
    })
})

UPDATE

上面的例子并不安全.云功能,尤其是G Suite域范围的委派,不应响应http请求,除非它们来自您的应用程序.请参阅in this example,云功能使用admin.auth().verifyIdToken(idToken)…来验证Firebase是否对请求进行了身份验证.

如果您未正确处理G Suite DwD云功能,则可能会向公众公开您的G Suite API.

转载注明原文:node.js – NodeJS示例 – Firebase云功能 – 实例化Admin SDK目录服务对象 - 代码日志