Skip to content

Commit

Permalink
Always send our auth token on Node, and always send an appcheck token…
Browse files Browse the repository at this point in the history
… if we have one. (#5082)

* Always send our auth token on Node, and always send an appcheck token if we have one.

* Add changeset

* Update .changeset/silent-seals-approve.md

Co-authored-by: Sebastian Schmidt <[email protected]>

Co-authored-by: Sebastian Schmidt <[email protected]>
  • Loading branch information
jsdt and schmidt-sebastian authored Jul 2, 2021
1 parent f4c106e commit 99414a5
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 11 deletions.
5 changes: 5 additions & 0 deletions .changeset/silent-seals-approve.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@firebase/database': patch
---

On Node, always send Auth and AppCheck tokens when they are available.
21 changes: 10 additions & 11 deletions packages/database/src/realtime/WebSocketConnection.ts
Original file line number Diff line number Diff line change
Expand Up @@ -167,16 +167,15 @@ export class WebSocketConnection implements Transport {
};

// If using Node with admin creds, AppCheck-related checks are unnecessary.
// It will send the authorization token.
if (this.nodeAdmin) {
options.headers['Authorization'] = this.authToken || '';
} else {
// If using Node without admin creds (which includes all uses of the
// client-side Node SDK), it will send an AppCheck token if available.
// Any other auth credentials will eventually be sent after the connection
// is established, but aren't needed here as they don't effect the initial
// request to establish a connection.
options.headers['X-Firebase-AppCheck'] = this.appCheckToken || '';
// Note that we send the credentials here even if they aren't admin credentials, which is
// not a problem.
// Note that this header is just used to bypass appcheck, and the token should still be sent
// through the websocket connection once it is established.
if (this.authToken) {
options.headers['Authorization'] = this.authToken;
}
if (this.appCheckToken) {
options.headers['X-Firebase-AppCheck'] = this.appCheckToken;
}

// Plumb appropriate http_proxy environment variable into faye-websocket if it exists.
Expand Down Expand Up @@ -239,7 +238,7 @@ export class WebSocketConnection implements Transport {
/**
* No-op for websockets, we don't need to do anything once the connection is confirmed as open
*/
start() {}
start() { }

static forceDisallow_: boolean;

Expand Down

0 comments on commit 99414a5

Please sign in to comment.