feat: update to support array middleware#200
Conversation
|
Bundle |
There was a problem hiding this comment.
Let's try to replace all cases of the cst abbreviation with client session or client session token. So name this withClientSession
|
|
||
| import { withSimulatedOutage } from "./with-simulated-outage.ts" | ||
|
|
||
| export const withCst: Middleware< |
There was a problem hiding this comment.
| export const withCst: Middleware< | |
| export const withClientSession: Middleware< |
|
|
||
| const relevant_cs = req.db.client_sessions.find((cs) => | ||
| cs.connect_webview_ids.includes(connect_webview.connect_webview_id), | ||
| cs.workspace_id.includes(connect_webview.workspace_id), |
There was a problem hiding this comment.
Why was this logic updated? The original logic looks correct.
There was a problem hiding this comment.
The original logic was not working because the client session actually never got updated with the connect_webview_id. I'm not sure how that was working in the first place and I think it was skipping over the relevant_cs most of the time.
| manufacturer, | ||
| } = req.commonParams | ||
| const { workspace_id } = req.auth | ||
| const { workspace_id } = req.auth as { workspace_id: string } |
| export default withRouteSpec({ | ||
| methods: ["POST"], | ||
| auth: "cst_ak_pk", | ||
| auth: ["client_session"], |
There was a problem hiding this comment.
| auth: ["client_session"], | |
| auth: ["api_key", "console_session"], |
| @@ -0,0 +1,42 @@ | |||
| export type AuthenticatedRequest = Request & { | |||
There was a problem hiding this comment.
Generally at Seam, we do not write code in index files (existing cases are legacy examples). Types should be defined alongside the module needs them, or in this case we could simply name this authenticated-request.ts
Co-authored-by: Evan Sosenko <evan@getseam.com>
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
|
||
| if (req.auth.auth_mode === "publishable_key" && user_identifier_key == null) { | ||
| if ( | ||
| req.auth.type === "client_session" && |
There was a problem hiding this comment.
Client sessions cannot create more client sessions, this check only applies to publishable_key auth.
There was a problem hiding this comment.
Based on the implementation in seam-connect only client_sessions have the method property in the auth middleware with publishable_key as an option, is this incorrect?
There was a problem hiding this comment.
The endpoint should always return 403 if client session auth.
| db, | ||
| } = await getTestServer(t) | ||
|
|
||
| const cs = db.client_sessions.find((cs) => cs.token === ws2.cst) |
There was a problem hiding this comment.
Aren't only console sessions JWT? A client session cannot reset a sandbox workspace. What is this testing?
| connect_webview_ids: [cw.connect_webview_id], | ||
| connected_account_ids: [ca.connected_account_id], | ||
| user_identifier_key: "seed_client_session_user", | ||
| user_identity_ids: ["john_user_identity_id"], |
There was a problem hiding this comment.
Where does this id come from? I would not expect it to be hard coded here.
There was a problem hiding this comment.
This value is available when we seed the database in
so I was just adding to this client session as well| auth_mode: "access_token" | ||
| export const withAccessToken = | ||
| <RequiresWorkspaceId extends boolean>({ | ||
| require_workspace_id, |
There was a problem hiding this comment.
| require_workspace_id, | |
| is_workspace_id_required, |
There was a problem hiding this comment.
can make this change, but was trying to align naming with current convention in seam-connect, is it worth drifting away?
There was a problem hiding this comment.
Sure, if some of this is copy/paste from seam connect, then it's ok to follow that. I can't really know the difference in review, so I just have to flag things that look like they break convention. You can apply best judgement.
|
|
||
| if (short_token == null || long_token == null) | ||
| return res.status(400).end("malformed token") | ||
| if (!is_cst) { |
There was a problem hiding this comment.
| if (!is_cst) { | |
| if (!is_client_session_token) { |
| workspace_id_from_header !== null && | ||
| typeof workspace_id_from_header !== "undefined" && |
There was a problem hiding this comment.
This is actually the simplest way to do safe null checks
| workspace_id_from_header !== null && | |
| typeof workspace_id_from_header !== "undefined" && | |
| workspace_id_from_header != null |
(or workspace_id_from_header == null for the inverse)
| } | ||
|
|
||
| if (require_workspace_id) { | ||
| ;(req.auth as Extract< |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
Everything looks good expect this change: https://github.com/seamapi/fake-seam-connect/pull/200/files#r1651613761 Maybe we can just revert it and add some more tests here for api key and pat auth methods? https://github.com/seamapi/fake-seam-connect/blob/main/test/api/client_sessions/create.test.ts |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Sorry this one kind of fell off the radar. I'd like to get this over the finish line. I'm not sure what you mean by reverting it, are we going to support both |
Sure. The issue is still the one from this comment: #200 (comment) The endpoint auth method in this PR does not match the behavior for the actual endpoint. |
…eam-connect into pc/update-auth-middleware
|
@chmaltsp I tried to test out the changes in the SDK but I'm getting errors. I think we are close but either I'm doing something wrong with passing the tokens or the fake is not authorizing them properly: seamapi/javascript-http#150 |
3 participants
No description provided.