fix(api-gateway): make securityContext available to extendContext
#10050
Conversation
github-actions
bot
added
the
pr:community
morford-brex
changed the title
securityContext to extendContext
morford-brex
changed the title
securityContext to extendContextsecurityContext available to extendContext
|
@igorlukanin - would you be able to assign this to the appropriate reviewers? 🙏 |
@KSDaemon perhaps? 🙏 |
github-actions
bot
added
the
javascript
|
I'd say @ovr is better here :) |
|
@KSDaemon - sorry for another ping but any chance you could help bump this? hoping to get unblocked on some SQL API usage here |
|
Hi @morford-brex, we'll try to have a look asap. Sorry for the delays, too busy... |
| } | ||
|
|
||
| public async contextByReq(req: Request, securityContext, requestId: string): Promise<ExtendedRequestContext> { | ||
| req.securityContext = { |
There was a problem hiding this comment.
First, I am sorry for the late reply.
@morford-brex Good catch! However, I believe it's correct to assign securityContext for req.securityContext instead of merging.
I assume that securityContext is correct for checkAuth in HTTP (see pic 1), while it's incorrect for WebSocket server and checkSqlAuth (SQL API).
I am OK with changing it once as the last mile instead of fixing it in (sql-server.ts#contextByNativeReq and SubscriptionServer.ts#processMessage), but I suggest using req.securityContext = securityContext instead of merging.
There is no need to merge it, because:
- HTTP checkAuth will receive the same object.
this.contextByReq(req, req.securityContext, getRequestIdFromRequest(req)), see pic 1 - WS request doesn't have
securityContext, it stores it separately - SQL API request doesn't have
securityContext, it stores it separately
Thanks
There was a problem hiding this comment.
no worries at all - thanks for the follow up!
i think that makes sense and just updated here to skip the merging and directly set it
3 participants
Check List
Issue Reference this PR resolves
#10049 (comment)