Skip to main content

MastraAuthFirebase 类

🌐 MastraAuthFirebase Class

MastraAuthFirebase 类使用 Firebase 认证为 Mastra 提供身份验证。它通过 Firebase ID 令牌验证传入请求,并使用 auth 选项与 Mastra 服务器集成。

🌐 The MastraAuthFirebase class provides authentication for Mastra using Firebase Authentication. It verifies incoming requests using Firebase ID tokens and integrates with the Mastra server using the auth option.

用法示例
Direct link to 用法示例

🌐 Usage examples

使用环境变量的基本用法
Direct link to 使用环境变量的基本用法

🌐 Basic usage with environment variables

src/mastra/index.ts
import { Mastra } from "@mastra/core";
import { MastraAuthFirebase } from "@mastra/auth-firebase";

// Automatically uses FIREBASE_SERVICE_ACCOUNT and FIRESTORE_DATABASE_ID env vars
export const mastra = new Mastra({
  server: {
    auth: new MastraAuthFirebase(),
  },
});

自定义配置
Direct link to 自定义配置

🌐 Custom configuration

src/mastra/index.ts
import { Mastra } from "@mastra/core";
import { MastraAuthFirebase } from "@mastra/auth-firebase";

export const mastra = new Mastra({
  server: {
    auth: new MastraAuthFirebase({
      serviceAccount: "/path/to/service-account-key.json",
      databaseId: "your-database-id",
    }),
  },
});

构造函数参数
Direct link to 构造函数参数

🌐 Constructor parameters

serviceAccount?:

string
= process.env.FIREBASE_SERVICE_ACCOUNT
Path to the Firebase service account JSON file. This file contains the credentials needed to verify Firebase ID tokens on the server side.

databaseId?:

string
= process.env.FIRESTORE_DATABASE_ID || process.env.FIREBASE_DATABASE_ID
The Firestore database ID to use. Typically '(default)' for the default database.

name?:

string
= "firebase"
Custom name for the auth provider instance.

authorizeUser?:

(user: FirebaseUser) => Promise<boolean> | boolean
Custom authorization function to determine if a user should be granted access. Called after token verification. By default, checks for the presence of a document in the 'user_access' collection keyed by the user's UID.

环境变量
Direct link to 环境变量

🌐 Environment Variables

当没有提供构造函数选项时,会自动使用以下环境变量:

🌐 The following environment variables are automatically used when constructor options are not provided:

FIREBASE_SERVICE_ACCOUNT?:

string
Path to Firebase service account JSON file. Used if serviceAccount option is not provided.

FIRESTORE_DATABASE_ID?:

string
Firestore database ID. Primary environment variable for database configuration.

FIREBASE_DATABASE_ID?:

string
Alternative environment variable for Firestore database ID. Used if FIRESTORE_DATABASE_ID is not set.

默认授权行为
Direct link to 默认授权行为

🌐 Default Authorization Behavior

默认情况下,MastraAuthFirebase 使用 Firestore 来管理用户访问:

🌐 By default, MastraAuthFirebase uses Firestore to manage user access:

  1. 在成功验证 Firebase ID 令牌后,会调用 authorizeUser 方法
  2. 它会检查 user_access 集合中是否存在以用户 UID 作为文档 ID 的文档
  3. 如果文档存在,用户被授权;否则,拒绝访问
  4. 使用的 Firestore 数据库由 databaseId 参数或环境变量决定

Firebase 用户类型
Direct link to Firebase 用户类型

🌐 Firebase User Type

authorizeUser 函数中使用的 FirebaseUser 类型对应于 Firebase 的 DecodedIdToken 接口,其中包括:

🌐 The FirebaseUser type used in the authorizeUser function corresponds to Firebase's DecodedIdToken interface, which includes:

  • uid:用户的唯一标识
  • email:用户的电子邮件地址(如果有的话)
  • email_verified:电子邮件是否已验证
  • name:用户的显示名称(如果有的话)
  • picture:用户头像的 URL(如果可用)
  • auth_time:当用户通过身份验证时
  • 以及其他标准 JWT 声明

🌐 Related

MastraAuthFirebase 类

目录