CloudBase Node.js 身份验证指南：服务器端用户管理与自定义登录实现

auth-nodejs-cloudbase by tencentcloudbase/skills

569 周安装量

41 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/tencentcloudbase/skills --skill auth-nodejs-cloudbase

Node.js 云服务安全

🇨🇳中文介绍

何时使用此技能

当任务涉及 CloudBase 项目中的服务器端身份验证或身份管理，且代码运行在 Node.js 环境中时，请使用此技能，例如：

需要知道谁在调用的 CloudBase 云函数（Node 运行时）
使用 CloudBase Node SDK 来查找用户信息的 Node 服务
为 Web/移动客户端签发自定义登录票据的后端
需要检查 CloudBase 终端用户资料的管理员或运维工具

以下情况请勿使用此技能：

使用 @cloudbase/js-sdk 的前端 Web 登录/注册流程（使用 auth-web 技能处理，而非此 Node 技能）。
直接的 HTTP 身份验证 API 集成（此技能不描述原始 HTTP 端点；请改用 http-api 技能）。
不涉及身份验证的数据库或存储操作（请使用数据库/存储文档或技能）。

当用户请求混合了前端和后端关注点时（例如，“构建一个 Web 登录页面和一个能识别用户的 Node API”），请分开处理：

客户端登录和用户体验方面，使用 Web 端身份验证文档/技能。
后端如何识别和使用已认证用户方面，使用此 Node Auth 技能。

如何使用此技能（针对编码代理）

当你加载此技能来处理任务时：

明确运行时环境和职责

询问用户：
- 此 Node 代码运行在何处？
  - CloudBase 云函数
  - 使用 CloudBase 的长期运行的 Node 服务

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

Node 身份验证架构 – Node 如何融入 CloudBase Auth

CloudBase Auth v2 将用户登录的位置与后端代码运行的位置分离开来：

用户通过支持的认证方法（匿名、用户名/密码、短信、邮箱、微信、自定义登录等）使用客户端 SDK 或 HTTP 接口登录，如官方 CloudBase Auth 概述文档所述。
一旦登录，CloudBase 会将用户身份和令牌附加到环境中。
然后，Node 代码使用 Node SDK 读取该身份，或使用自定义登录桥接外部身份到 CloudBase。

在实践中，Node 代码通常执行以下一项或多项操作：

识别当前调用者
- 在云函数中，使用 auth.getUserInfo() 读取 uid、openId 和 customUserId。
- 使用此身份进行授权决策、日志记录和个性化设置。
查找其他用户
- 当你知道 CloudBase uid 时，使用 auth.getEndUserInfo(uid)。
- 当你只有登录标识符（如电话、邮箱、用户名或自定义 ID）时，使用 auth.queryUserInfo({ platform, platformId, uid? })。
签发自定义登录票据
- 当你已经拥有自己的用户系统时，你的 Node 后端可以调用 auth.createTicket(customUserId, options) 并将票据返回给受信任的客户端。
- 客户端（通常是 Web）然后使用此票据配合 Web SDK，将用户登录到 CloudBase，而无需强制他们再次注册。
记录客户端 IP 以用于安全
- 在云函数中，auth.getClientIP() 返回调用者 IP，你可以将其用于审计日志、异常检测或访问控制。

本文档后面的场景将这些职责转化为明确、可复制粘贴的模式。

此技能涵盖的 Node Auth API

此技能涵盖 CloudBase Node SDK 上的以下 auth 方法。在使用此技能时，将这些方法签名视为 Node 身份验证流程唯一受支持的入口点：

getUserInfo(): IGetUserInfoResult 返回当前调用者的 { openId, appId, uid, customUserId }。
getEndUserInfo(uid?: string, opts?: ICustomReqOpts): Promise<{ userInfo: EndUserInfo; requestId?: string }> 返回给定 uid 或当前调用者（当省略 uid 时）的详细 CloudBase 终端用户资料。
queryUserInfo(query: IUserInfoQuery, opts?: ICustomReqOpts): Promise<{ userInfo: EndUserInfo; requestId?: string }> 通过登录标识符（platform + platformId）或 uid 查找用户。
getClientIP(): string 在受支持的环境（例如云函数）中运行时，返回调用者的 IP 地址。
createTicket(customUserId: string, options?: ICreateTicketOpts): string 为给定的 customUserId 创建一个自定义登录票据，客户端可以将其交换为 CloudBase 登录。

EndUserInfo、IUserInfoQuery 和 ICreateTicketOpts 的确切字段名和允许值由官方 CloudBase Node SDK 类型定义和文档定义。编写 Node 代码时，请勿猜测结构；遵循 SDK 类型和本文档中的示例。

场景 – Node 身份验证模式

场景 1：在 CloudBase 函数中初始化 Node SDK 和 auth

当编写需要与 Auth 交互的 CloudBase 云函数时使用：

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  // 你的逻辑写在这里
};

使用与函数 CloudBase 环境配置相同的 env。
避免硬编码敏感值；优先使用环境变量或函数配置。

场景 2：在 CloudBase 函数中获取调用者身份

当你需要知道谁在调用你的云函数时使用：

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  const { openId, appId, uid, customUserId } = auth.getUserInfo();

  console.log("Caller identity", { openId, appId, uid, customUserId });

  // 使用 uid / customUserId 进行授权决策
  // 例如，检查角色、权限或数据所有权
};

将 uid 视为规范的 CloudBase 用户标识符。
仅当你启用了自定义登录并映射了你自己的用户时，才使用 customUserId。
切勿仅依赖 openId/appId 进行授权；它们是微信特定的标识符。

场景 3：通过 UID 获取完整的终端用户资料

当你知道用户的 CloudBase uid（例如，来自数据库记录）并且需要详细的资料信息时使用：

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  const uid = "user-uid";

  try {
    const { userInfo } = await auth.getEndUserInfo(uid);
    console.log("User profile", userInfo);
  } catch (error) {
    console.error("Failed to get end user info", error.message);
  }
};

仅从受信任的后端代码调用 getEndUserInfo；不要直接将其暴露给不受信任的客户端。
为调试记录最少必要的数据；避免在生产环境中记录完整的资料。

场景 4：获取当前调用者的完整资料

当你想要当前调用者的完整资料，而无需手动传递 uid 时使用：

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  try {
    const { userInfo } = await auth.getEndUserInfo();
    console.log("Current caller profile", userInfo);
  } catch (error) {
    console.error("Failed to get current caller profile", error.message);
  }
};

这依赖于环境提供调用者的身份（例如，在 CloudBase 云函数内）。如果在没有调用者上下文的地方调用，请参考官方文档并优雅地处理错误。

场景 5：通过登录标识符查询用户

当你只知道用户的登录标识符（电话、邮箱、用户名或自定义 ID）并需要其 CloudBase 资料时使用：

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  try {
    // 通过电话号码查找
    const { userInfo: byPhone } = await auth.queryUserInfo({
      platform: "PHONE",
      platformId: "+86 13800000000",
    });

    // 通过邮箱查找
    const { userInfo: byEmail } = await auth.queryUserInfo({
      platform: "EMAIL",
      platformId: "test@example.com",
    });

    // 通过 customUserId 查找
    const { userInfo: byCustomId } = await auth.queryUserInfo({
      platform: "CUSTOM",
      platformId: "your-customUserId",
    });

    console.log({ byPhone, byEmail, byCustomId });
  } catch (error) {
    console.error("Failed to query user info", error.message);
  }
};

当你已有 uid 时，优先使用它；仅在需要时使用 queryUserInfo。
确保 platformId 使用你注册时使用的确切格式（例如，+86 + 电话号码）。

场景 6：在函数中获取客户端 IP

用于日志记录或基本的基于 IP 的检查：

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  const ip = auth.getClientIP();
  console.log("Caller IP", ip);

  // 例如，阻止或标记可疑 IP
};

自定义登录票据（仅限 Node 端）

自定义登录允许你保留现有的用户系统，同时将每个用户映射到 CloudBase 账户。

场景 7：使用自定义登录凭据初始化 Node SDK

在签发票据之前，从 CloudBase 控制台安装自定义登录私钥文件并在 Node 中加载：

import tcb from "@cloudbase/node-sdk";
import path from "node:path";

const app = tcb.init({
  env: "your-env-id",
  credentials: require(path.join(__dirname, "tcb_custom_login.json")),
});

const auth = app.auth();

保持 tcb_custom_login.json 的机密性，切勿将其打包到前端代码中。

场景 8：为给定的 customUserId 签发自定义登录票据

在已经认证了你自己的用户并希望让他们登录 CloudBase 的后端代码中使用：

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({
  env: "your-env-id",
  credentials: require("/secure/path/to/tcb_custom_login.json"),
});

const auth = app.auth();

exports.main = async (event, context) => {
  const customUserId = "your-customUserId";

  const ticket = auth.createTicket(customUserId, {
    refresh: 3600 * 1000,       // access_token 刷新间隔（毫秒）
    expire: 24 * 3600 * 1000,   // 票据过期时间（毫秒）
  });

  // 将票据返回给受信任的客户端（例如，通过 HTTP 响应）
  return { ticket };
};

customUserId 的限制（来自官方文档）：

长度 4–32 个字符。
允许的字符：字母、数字和 _-#@(){}[]:.,<>+#~。

仅在你自己的用户认证成功后签发票据。
将 customUserId 存储在你自己的用户数据库中，并保持其长期稳定。
不要将 customUserId 重复用于多个不同的个人。

场景 9：这与 Web 自定义登录如何配对

此技能仅涵盖 Node 端 的票据签发。对于 客户端 流程：

在客户端（Web），使用 @cloudbase/js-sdk 的自定义登录支持：
- 调用返回 ticket 的后端端点。
- 配置 auth.setCustomSignFunc(async () => ticketFromBackend)。
- 调用 auth.signInWithCustomTicket() 完成登录。

保持职责清晰：

Node：认证你自己的用户 → 创建票据 → 安全地返回票据。
Web：接收票据 → 使用文档化的 Web SDK API 登录 CloudBase。

Node 身份验证最佳实践

身份的唯一真实来源
- 在关联终端用户记录时，将 CloudBase uid 视为主键。
- 仅将 customUserId 用作与你自己的用户系统的桥梁。
最小权限原则
- 在 Node 中使用 uid、角色和所有权执行授权检查，而不仅仅是登录成功。
- 避免将原始的 getEndUserInfo / queryUserInfo 结果直接暴露给客户端。
错误处理
- 当 auth.* 调用返回 Promise 时，将其包装在 try/catch 中。
- 记录 error.message（以及 error.code，如果存在），但避免记录敏感数据。
安全性
- 像保护任何私钥一样保护 tcb_custom_login.json。
- 必要时根据 CloudBase 指南轮换自定义登录密钥。
- 在客户端和 Node 后端之间交换票据时，使用 HTTPS 和适当的身份验证。

当你需要执行以下操作时，请使用此 Node Auth 技能：

知道谁在调用你在 CloudBase 中的 Node 代码。
通过 uid 或登录标识符查找 CloudBase 用户。
使用自定义登录票据将现有用户系统桥接到 CloudBase。
应用一致、安全的服务器端身份验证最佳实践。

对于端到端体验，请将此技能与以下内容配对使用：

Web 端身份验证文档（用于所有使用 @cloudbase/js-sdk 的浏览器端登录和用户体验）。
CloudBase HTTP 身份验证文档（用于语言无关的 HTTP 集成，如果你正在使用这些）。

将官方 CloudBase Auth Node SDK 文档视为 Node 身份验证 API 的规范参考，并将本文档中的场景视为经过验证的最佳实践构建块。

🇺🇸English

When to use this skill

Use this skill whenever the task involves server-side authentication or identity in a CloudBase project, and the code is running in Node.js , for example:

CloudBase 云函数 (Node runtime) that needs to know who is calling
Node services that use CloudBase Node SDK to look up user information
Backends that issue custom login tickets for Web / mobile clients
Admin or ops tools that need to inspect CloudBase end-user profiles

Do NOT use this skill for:

Frontend Web login / sign-up flows using @cloudbase/js-sdk (handle those with the auth-web skill, not this Node skill).
Direct HTTP auth API integrations (this skill does not describe raw HTTP endpoints; use the http-api skill instead).
Database or storage operations that do not involve identity (use database/storage docs or skills).

When the user request mixes frontend and backend concerns (e.g. "build a web login page and a Node API that knows the user"), treat them separately:

Use Web-side auth docs/skills for client login and UX.
Use this Node Auth skill for how the backend sees and uses the authenticated user.

How to use this skill (for a coding agent)

When you load this skill to work on a task:

Clarify the runtime and responsibility

Ask the user:

 * Where does this Node code run? 
   * CloudBase 云函数
   * Long‑running Node service using CloudBase
 * What do they need from auth? 
   * Just the **caller identity** for authorization?
   * **Look up arbitrary users** by UID / login identifier?
   * **Bridge their own user system** into CloudBase via custom login?

2. Confirm CloudBase environment and SDK

 * Ask for: 
   * `env` – CloudBase environment ID
 * Install the latest `@cloudbase/node-sdk` from npm if it is not already available.
 * Always initialize the SDK using this pattern (values can change, shape must not):

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

3. Pick the relevant scenario from this file

 * For **caller identity inside a function** , use the `getUserInfo` scenarios.
 * For **full user profile or admin lookup** , use the `getEndUserInfo` and `queryUserInfo` scenarios.
 * For **client systems that already have their own users** , use the **custom login ticket** scenarios built on `createTicket`.
 * For **logging / security** , use the `getClientIP` scenario.

4. Follow Node SDK API shapes exactly

 * Treat all `auth.*` methods and parameter shapes in this file as canonical.
 * You may change variable names and framework (e.g. Express vs 云函数 handler), but **do not change SDK method names or parameter fields**.
 * If you see a method in older code that is not listed here or in the Node SDK docs mirror, treat it as suspect and avoid using it.

5. If you are unsure about an API

 * Consult the official CloudBase Auth Node SDK documentation.
 * Only use methods and shapes that appear in the official documentation.
 * If you cannot find an API you want: 
   * Prefer composing flows from the documented methods, or
   * Explain that this skill only covers Node SDK auth, and suggest using the relevant CloudBase Web or HTTP auth documentation for client-side or raw-HTTP flows.

Node auth architecture – how Node fits into CloudBase Auth

CloudBase Auth v2 separates where users log in from where backend code runs :

Users log in through the supported auth methods (anonymous, username/password, SMS, email, WeChat, custom login, etc.) using client SDKs or HTTP interfaces, as described in the official CloudBase Auth overview documentation.
Once logged in, CloudBase attaches the user identity and tokens to the environment.
Node code then reads that identity using the Node SDK, or bridges external identities into CloudBase using custom login.

In practice, Node code usually does one or more of:

Identify the current caller
- In 云函数, use auth.getUserInfo() to read uid, openId, and customUserId.
- Use this identity for authorization decisions , logging, and personalisation.
Look up other users
- Use auth.getEndUserInfo(uid) when you know the CloudBase uid.
- Use auth.queryUserInfo({ platform, platformId, uid? }) when you only have login identifiers such as phone, email, username, or a custom ID.
Issue custom login tickets

The scenarios later in this file turn these responsibilities into explicit, copy‑pasteable patterns.

Node Auth APIs covered by this skill

This skill covers the following auth methods on the CloudBase Node SDK. Treat these method signatures as the only supported entry points for Node auth flows when using this skill:

getUserInfo(): IGetUserInfoResult Returns { openId, appId, uid, customUserId } for the current caller.
getEndUserInfo(uid?: string, opts?: ICustomReqOpts): Promise<{ userInfo: EndUserInfo; requestId?: string }> Returns detailed CloudBase end‑user profile for a given uid or for the current caller (when uid is omitted).
queryUserInfo(query: IUserInfoQuery, opts?: ICustomReqOpts): Promise<{ userInfo: EndUserInfo; requestId?: string }> Finds a user by login identifier (platform + platformId) or .

The exact field names and allowed values for EndUserInfo, IUserInfoQuery, and ICreateTicketOpts are defined by the official CloudBase Node SDK typings and documentation. When writing Node code, do not guess shapes; follow the SDK types and the examples in this file.

Scenarios – Node auth patterns

Scenario 1: Initialize Node SDK and auth in a CloudBase function

Use this when writing a CloudBase 云函数 that needs to interact with Auth:

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  // Your logic here
};

Key points:

Use the same env as configured for the function’s CloudBase 环境.
Avoid hardcoding sensitive values; prefer environment variables or function configuration.

Scenario 2: Get caller identity in a CloudBase function

Use this when you need to know who is calling your cloud function:

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  const { openId, appId, uid, customUserId } = auth.getUserInfo();

  console.log("Caller identity", { openId, appId, uid, customUserId });

  // Use uid / customUserId for authorization decisions
  // e.g. check roles, permissions, or data ownership
};

Best practices:

Treat uid as the canonical CloudBase user identifier.
Use customUserId only when you have enabled 自定义登录 and mapped your own users.
Never trust openId/appId alone for authorization; they are WeChat‑specific identifiers.

Scenario 3: Get full end‑user profile by UID

Use this when you know a user’s CloudBase uid (for example, from a database record) and you need detailed profile information:

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  const uid = "user-uid";

  try {
    const { userInfo } = await auth.getEndUserInfo(uid);
    console.log("User profile", userInfo);
  } catch (error) {
    console.error("Failed to get end user info", error.message);
  }
};

Best practices:

Call getEndUserInfo from trusted backend code only; do not expose it directly to untrusted clients.
Log minimal necessary data for debugging; avoid logging full profiles in production.

Scenario 4: Get full profile for the current caller

Use this when you want the current caller’s full profile without manually passing uid:

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  try {
    const { userInfo } = await auth.getEndUserInfo();
    console.log("Current caller profile", userInfo);
  } catch (error) {
    console.error("Failed to get current caller profile", error.message);
  }
};

This relies on the environment providing the caller’s identity (e.g. within a CloudBase 云函数). If called where no caller context exists, refer to the official docs and handle errors gracefully.

Scenario 5: Query user by login identifier

Use this when you only know a user’s login identifier (phone, email, username, or custom ID) and need their CloudBase profile:

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  try {
    // Find by phone number
    const { userInfo: byPhone } = await auth.queryUserInfo({
      platform: "PHONE",
      platformId: "+86 13800000000",
    });

    // Find by email
    const { userInfo: byEmail } = await auth.queryUserInfo({
      platform: "EMAIL",
      platformId: "test@example.com",
    });

    // Find by customUserId
    const { userInfo: byCustomId } = await auth.queryUserInfo({
      platform: "CUSTOM",
      platformId: "your-customUserId",
    });

    console.log({ byPhone, byEmail, byCustomId });
  } catch (error) {
    console.error("Failed to query user info", error.message);
  }
};

Best practices:

Prefer uid when you already have it; use queryUserInfo only when needed.
Make sure platformId uses the exact format you used at sign‑up (e.g. +86 + phone number).

Scenario 6: Get client IP in a function

Use this for logging or basic IP‑based checks:

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({ env: "your-env-id" });
const auth = app.auth();

exports.main = async (event, context) => {
  const ip = auth.getClientIP();
  console.log("Caller IP", ip);

  // e.g. block or flag suspicious IPs
};

Custom login tickets (Node side only)

Custom login lets you keep your existing user system while still mapping each user to a CloudBase account.

Scenario 7: Initialize Node SDK with custom login credentials

Before issuing tickets, install the custom login private key file from the CloudBase console and load it in Node:

import tcb from "@cloudbase/node-sdk";
import path from "node:path";

const app = tcb.init({
  env: "your-env-id",
  credentials: require(path.join(__dirname, "tcb_custom_login.json")),
});

const auth = app.auth();

Keep tcb_custom_login.json secret and never bundle it into frontend code.

Scenario 8: Issue a custom login ticket for a given customUserId

Use this in backend code that has already authenticated your own user and wants to let them log into CloudBase:

import tcb from "@cloudbase/node-sdk";

const app = tcb.init({
  env: "your-env-id",
  credentials: require("/secure/path/to/tcb_custom_login.json"),
});

const auth = app.auth();

exports.main = async (event, context) => {
  const customUserId = "your-customUserId";

  const ticket = auth.createTicket(customUserId, {
    refresh: 3600 * 1000,       // access_token refresh interval (ms)
    expire: 24 * 3600 * 1000,   // ticket expiration time (ms)
  });

  // Return the ticket to the trusted client (e.g. via HTTP response)
  return { ticket };
};

Constraints for customUserId (from official docs):

Length 4–32 characters.
Allowed characters: letters, digits, and _-#@(){}[]:.,<>+#~.

Best practices:

Only issue tickets after your own user authentication succeeds.
Store customUserId in your own user database and keep it stable over time.
Do not reuse customUserId for multiple distinct people.

Scenario 9: How this pairs with Web custom login

This skill only covers Node-side ticket issuance. For the client-side flow:

On the client (Web), use @cloudbase/js-sdk's custom login support:
- Call your backend endpoint that returns ticket.
- Configure auth.setCustomSignFunc(async () => ticketFromBackend).
- Call auth.signInWithCustomTicket() to finish login.

Keep the responsibility clear:

Node: authenticate your own user → create ticket → return ticket securely.
Web: receive ticket → sign into CloudBase using documented Web SDK APIs.

Node auth best practices

Single source of truth for identity
- Treat CloudBase uid as the primary key when relating end‑user records.
- Use customUserId only as a bridge to your own user system.
Least privilege
- Perform authorization checks in Node using uid, roles, and ownership, not just login success.
- Avoid exposing raw getEndUserInfo / queryUserInfo results directly to clients.
Error handling
- Wrap all auth.* calls in try/catch when they return promises.

Summary

Use this Node Auth skill whenever you need to:

Know who is calling your Node code in CloudBase.
Look up CloudBase users by uid or login identifier.
Bridge an existing user system into CloudBase with custom login tickets.
Apply consistent, secure, server‑side auth best practices.

For end‑to‑end experiences, pair this skill with:

Web‑side auth documentation (for all browser‑side login and UX using @cloudbase/js-sdk).
CloudBase HTTP auth documentation (for language‑agnostic HTTP integrations, if you are using those).

Treat the official CloudBase Auth Node SDK documentation as the canonical reference for Node auth APIs, and treat the scenarios in this file as vetted best‑practice building blocks.

Weekly Installs

546

Repository

tencentcloudbase/skills

GitHub Stars

First Seen

Jan 22, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

codex479

opencode478

gemini-cli468

github-copilot455

cursor450

kimi-cli446

Supabase Postgres 最佳实践指南 - 8大类别性能优化规则与SQL示例

57,300 周安装

When you already have your own user system, your Node backend can call auth.createTicket(customUserId, options) and return the ticket to a trusted client.
The client (typically Web) then uses this ticket with the Web SDK to log the user into CloudBase without forcing them to sign up again.

Log client IP for security

In 云函数, auth.getClientIP() returns the caller IP, which you can use for audit logs, anomaly detection, or access control.

getClientIP(): string Returns the caller’s IP address when running in a supported environment (e.g. 云函数).

createTicket(customUserId: string, options?: ICreateTicketOpts): string Creates a custom login ticket for the given customUserId that clients can exchange for a CloudBase login.

Log error.message (and error.code if present), but avoid logging sensitive data.

Security

Protect tcb_custom_login.json as you would any private key.
Rotate custom login keys according to CloudBase guidance when necessary.
Use HTTPS and proper authentication between your clients and Node backend when exchanging tickets.

CloudBase Node.js 身份验证指南：服务器端用户管理与自定义登录实现

🇨🇳中文介绍

何时使用此技能

如何使用此技能（针对编码代理）

相关 Skills

Node 身份验证架构 – Node 如何融入 CloudBase Auth

此技能涵盖的 Node Auth API

场景 – Node 身份验证模式

场景 1：在 CloudBase 函数中初始化 Node SDK 和 auth

场景 2：在 CloudBase 函数中获取调用者身份

场景 3：通过 UID 获取完整的终端用户资料

场景 4：获取当前调用者的完整资料

场景 5：通过登录标识符查询用户

场景 6：在函数中获取客户端 IP

自定义登录票据（仅限 Node 端）

场景 7：使用自定义登录凭据初始化 Node SDK

场景 8：为给定的 customUserId 签发自定义登录票据

场景 9：这与 Web 自定义登录如何配对

Node 身份验证最佳实践

总结

🇺🇸English

When to use this skill

How to use this skill (for a coding agent)

Node auth architecture – how Node fits into CloudBase Auth

Node Auth APIs covered by this skill

Scenarios – Node auth patterns

Scenario 1: Initialize Node SDK and auth in a CloudBase function

Scenario 2: Get caller identity in a CloudBase function

Scenario 3: Get full end‑user profile by UID

Scenario 4: Get full profile for the current caller

Scenario 5: Query user by login identifier

Scenario 6: Get client IP in a function

Custom login tickets (Node side only)

Scenario 7: Initialize Node SDK with custom login credentials

Scenario 8: Issue a custom login ticket for a given customUserId

Scenario 9: How this pairs with Web custom login

Node auth best practices

Summary

最新 Skills