From 1d9ce3ca3c465b8f89ed946a8c600642dbfe20cb Mon Sep 17 00:00:00 2001 From: Jeffrey Dallatezza Date: Wed, 30 Jun 2021 09:34:51 -0700 Subject: [PATCH 1/3] Always send our auth token on Node, and always send an appcheck token if we have one. --- .../src/realtime/WebSocketConnection.ts | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/packages/database/src/realtime/WebSocketConnection.ts b/packages/database/src/realtime/WebSocketConnection.ts index 81c91a95093..d171fee0f6c 100644 --- a/packages/database/src/realtime/WebSocketConnection.ts +++ b/packages/database/src/realtime/WebSocketConnection.ts @@ -167,16 +167,15 @@ export class WebSocketConnection implements Transport { }; // If using Node with admin creds, AppCheck-related checks are unnecessary. - // It will send the authorization token. - if (this.nodeAdmin) { - options.headers['Authorization'] = this.authToken || ''; - } else { - // If using Node without admin creds (which includes all uses of the - // client-side Node SDK), it will send an AppCheck token if available. - // Any other auth credentials will eventually be sent after the connection - // is established, but aren't needed here as they don't effect the initial - // request to establish a connection. - options.headers['X-Firebase-AppCheck'] = this.appCheckToken || ''; + // Note that we send the credentials here even if they aren't admin credentials, which is + // not a problem. + // Note that this header is just used to bypass appcheck, and the token should still be sent + // through the websocket connection once it is established. + if (this.authToken) { + options.headers['Authorization'] = this.authToken; + } + if (this.appCheckToken) { + options.headers['X-Firebase-AppCheck'] = this.appCheckToken; } // Plumb appropriate http_proxy environment variable into faye-websocket if it exists. @@ -239,7 +238,7 @@ export class WebSocketConnection implements Transport { /** * No-op for websockets, we don't need to do anything once the connection is confirmed as open */ - start() {} + start() { } static forceDisallow_: boolean; From 96a4d39082e6543a2621138e51265c5ff17f86e2 Mon Sep 17 00:00:00 2001 From: Jeffrey Dallatezza Date: Fri, 2 Jul 2021 10:30:06 -0700 Subject: [PATCH 2/3] Add changeset --- .changeset/silent-seals-approve.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/silent-seals-approve.md diff --git a/.changeset/silent-seals-approve.md b/.changeset/silent-seals-approve.md new file mode 100644 index 00000000000..e0659817c21 --- /dev/null +++ b/.changeset/silent-seals-approve.md @@ -0,0 +1,5 @@ +--- +'@firebase/database': patch +--- + +On node, always send auth and appcheck tokens when they are available. From 68bb9aae1e8c4884771da8470b89cdc8821ab6a9 Mon Sep 17 00:00:00 2001 From: Jeffrey Dallatezza Date: Fri, 2 Jul 2021 12:49:33 -0700 Subject: [PATCH 3/3] Update .changeset/silent-seals-approve.md Co-authored-by: Sebastian Schmidt --- .changeset/silent-seals-approve.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/silent-seals-approve.md b/.changeset/silent-seals-approve.md index e0659817c21..9dfa7304613 100644 --- a/.changeset/silent-seals-approve.md +++ b/.changeset/silent-seals-approve.md @@ -2,4 +2,4 @@ '@firebase/database': patch --- -On node, always send auth and appcheck tokens when they are available. +On Node, always send Auth and AppCheck tokens when they are available.