Make it forward cookies from authState

dac09 · dac09 · commit 37adfa502772 · 2023-11-20T16:05:31.000+07:00
diff --git a/packages/api/src/auth/index.ts b/packages/api/src/auth/index.ts
@@ -29,6 +29,13 @@ export interface AuthorizationHeader {
 export const parseAuthorizationHeader = (
   event: APIGatewayProxyEvent
 ): AuthorizationHeader => {
+  console.log(`👉 \n ~ file: index.ts:33 ~ event.headers:`, event.headers)
+  if (event.headers.cookie) {
+    return {
+      schema: 'cookie',
+      token: event.headers.cookie,
+    }
+  }
   const parts = (
     event.headers?.authorization || event.headers?.Authorization
   )?.split(' ')
@@ -44,13 +51,13 @@ export const parseAuthorizationHeader = (
 
 export type AuthContextPayload = [
   Decoded,
-  { type: string } & AuthorizationHeader,
+  { type: string | null } & AuthorizationHeader,
   { event: APIGatewayProxyEvent; context: LambdaContext }
 ]
 
 export type Decoder = (
   token: string,
-  type: string,
+  type: string | null,
   req: { event: APIGatewayProxyEvent; context: LambdaContext }
 ) => Promise<Decoded>
 
@@ -67,14 +74,6 @@ export const getAuthenticationContext = async ({
   event: APIGatewayProxyEvent
   context: LambdaContext
 }): Promise<undefined | AuthContextPayload> => {
-  const type = getAuthProviderHeader(event)
-
-  // No `auth-provider` header means that the user is logged out,
-  // and none of this auth malarky is required.
-  if (!type) {
-    return undefined
-  }
-
   const { schema, token } = parseAuthorizationHeader(event)
 
   let authDecoders: Array<Decoder> = []
@@ -89,9 +88,9 @@ export const getAuthenticationContext = async ({
 
   let i = 0
   while (!decoded && i < authDecoders.length) {
-    decoded = await authDecoders[i](token, type, { event, context })
+    decoded = await authDecoders[i](token, null, { event, context })
     i++
   }
 
-  return [decoded, { type, schema, token }, { event, context }]
+  return [decoded, { type: null, schema, token }, { event, context }]
 }
diff --git a/packages/auth-providers/dbAuth/api/src/decoder.ts b/packages/auth-providers/dbAuth/api/src/decoder.ts
@@ -5,10 +5,10 @@ import type { Decoder } from '@redwoodjs/api'
 import { dbAuthSession } from './shared'
 
 export const createAuthDecoder = (cookieNameOption: string): Decoder => {
-  return async (_token, type, req) => {
-    if (type !== 'dbAuth') {
-      return null
-    }
+  return async (_token, _type, req) => {
+    // if (type !== 'dbAuth') {
+    //   return null
+    // }
 
     const session = dbAuthSession(req.event, cookieNameOption)
 
@@ -21,12 +21,13 @@ export const createAuthDecoder = (cookieNameOption: string): Decoder => {
 /** @deprecated use `createAuthDecoder` */
 export const authDecoder: Decoder = async (
   _authHeaderValue: string, // Browser: 4, FEServer: encryptedSession
-  type: string,
+  type: string | null,
   req: { event: APIGatewayProxyEvent }
 ) => {
-  if (type !== 'dbAuth') {
-    return null
-  }
+  console.log(`👉 \n ~ file: decoder.ts:27 ~ type:`, type)
+  // if (type !== 'dbAuth') {
+  //   return null
+  // }
 
   // Passing `undefined` as the second argument to `dbAuthSession` will make
   // it fall back to the default cookie name `session`, making it backwards
diff --git a/packages/auth-providers/dbAuth/api/src/shared.ts b/packages/auth-providers/dbAuth/api/src/shared.ts
@@ -186,6 +186,7 @@ export const dbAuthSession = (
     const [session, _csrfToken] = decryptSession(
       getSession(cookieHeader, cookieNameOption)
     )
+    console.log(`👉 \n ~ file: shared.ts:190 ~ session:`, session)
     return session
   } else if (sessionInAuthHeader) {
     // i.e. FE Sever makes the request, and adds encrypted session to the Authorization header
diff --git a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
@@ -4,7 +4,10 @@ import type { AuthProviderState } from './AuthProviderState'
 import { defaultAuthProviderState } from './AuthProviderState'
 
 export const ServerAuthContext = React.createContext<
-  AuthProviderState<never> & { encryptedSession: string | null }
+  AuthProviderState<never> & {
+    encryptedSession: string | null
+    cookieHeader?: string
+  }
 >({ ...defaultAuthProviderState, encryptedSession: null })
 
 export const ServerAuthProvider = ServerAuthContext.Provider
diff --git a/packages/web/src/apollo/links.tsx b/packages/web/src/apollo/links.tsx
@@ -5,15 +5,24 @@ import { print } from 'graphql/language/printer'
 
 export function createHttpLink(
   uri: string,
-  httpLinkConfig: HttpOptions | undefined
+  httpLinkConfig: HttpOptions | undefined,
+  cookieHeader?: string
 ) {
+  const headers: Record<string, string> = {}
+
+  if (cookieHeader) {
+    headers.cookie = cookieHeader
+  }
+
   return new HttpLink({
     // @MARK: we have to construct the absoltue url for SSR
     uri,
     ...httpLinkConfig,
     // you can disable result caching here if you want to
     // (this does not work if you are rendering your page with `export const dynamic = "force-static"`)
     fetchOptions: { cache: 'no-store' },
+    credentials: 'include',
+    headers,
   })
 }
 export function createUpdateDataLink(data: any) {
@@ -107,8 +116,8 @@ export type RedwoodApolloLink<
 }
 
 export type RedwoodApolloLinks = [
-  RedwoodApolloLink<'withToken'>,
-  RedwoodApolloLink<'authMiddleware'>,
+  // RedwoodApolloLink<'withToken'>,
+  // RedwoodApolloLink<'authMiddleware'>,
   RedwoodApolloLink<'updateDataApolloLink'>,
   RedwoodApolloLink<'httpLink', HttpLink>
 ]
diff --git a/packages/web/src/apollo/suspense.tsx b/packages/web/src/apollo/suspense.tsx
@@ -7,13 +7,15 @@
  * Eventually we will have one ApolloProvider, not multiple.
  */
 
+import { useContext } from 'react'
+
 import type {
   ApolloCache,
   ApolloClientOptions,
+  ApolloLink,
   HttpOptions,
   InMemoryCacheConfig,
   setLogVerbosity,
-  ApolloLink,
 } from '@apollo/client'
 import {
   setLogVerbosity as apolloSetLogVerbosity,
@@ -24,14 +26,14 @@ import {
   ApolloNextAppProvider,
   NextSSRApolloClient,
   NextSSRInMemoryCache,
-  useSuspenseQuery,
   useBackgroundQuery,
-  useReadQuery,
   useQuery,
+  useReadQuery,
+  useSuspenseQuery,
 } from '@apollo/experimental-nextjs-app-support/ssr'
 
 import type { UseAuth } from '@redwoodjs/auth'
-import { useNoAuth } from '@redwoodjs/auth'
+import { ServerAuthContext, useNoAuth } from '@redwoodjs/auth'
 import './typeOverride'
 
 import {
@@ -46,13 +48,7 @@ import type {
   RedwoodApolloLinkName,
   RedwoodApolloLinks,
 } from './links'
-import {
-  createAuthApolloLink,
-  createFinalLink,
-  createHttpLink,
-  createTokenLink,
-  createUpdateDataLink,
-} from './links'
+import { createFinalLink, createHttpLink, createUpdateDataLink } from './links'
 
 export type ApolloClientCacheConfig = InMemoryCacheConfig
 
@@ -120,12 +116,13 @@ const ApolloProviderWithFetchConfig: React.FunctionComponent<{
   logLevel: ReturnType<typeof setLogVerbosity>
   children: React.ReactNode
 }> = ({ config, children, useAuth = useNoAuth, logLevel }) => {
+  console.log(`👉 \n ~ file: suspense.tsx:119 ~ useAuth:`, useAuth)
   // Should they run into it, this helps users with the "Cannot render cell; GraphQL success but data is null" error.
   // See https://github.com/redwoodjs/redwood/issues/2473.
   apolloSetLogVerbosity(logLevel)
 
   // See https://www.apollographql.com/docs/react/api/link/introduction.
-  const { getToken, type: authProviderType } = useAuth()
+  // const { getToken, type: authProviderType } = useAuth()
 
   // `updateDataApolloLink` keeps track of the most recent req/res data so they can be passed to
   // any errors passed up to an error boundary.
@@ -134,7 +131,13 @@ const ApolloProviderWithFetchConfig: React.FunctionComponent<{
     mostRecentResponse: undefined,
   } as any
 
-  const { headers, uri } = useFetchConfig()
+  const { uri } = useFetchConfig()
+
+  const serverAuthState = useContext(ServerAuthContext)
+  console.log(
+    `👉 \n ~ file: suspense.tsx:142 ~ serverAuthState:`,
+    serverAuthState
+  )
 
   const getGraphqlUrl = () => {
     // @NOTE: This comes from packages/vite/src/streaming/registerGlobals.ts
@@ -152,14 +155,21 @@ const ApolloProviderWithFetchConfig: React.FunctionComponent<{
 
   // We use this object, because that's the shape of what we pass to the config.link factory
   const redwoodApolloLinks: RedwoodApolloLinks = [
-    { name: 'withToken', link: createTokenLink(getToken) },
-    {
-      name: 'authMiddleware',
-      link: createAuthApolloLink(authProviderType, headers),
-    },
+    // { name: 'withToken', link: createTokenLink(getToken) },
+    // {
+    //   name: 'authMiddleware',
+    //   link: createAuthApolloLink(authProviderType, headers),
+    // },
     // @TODO: do we need this in prod? I think it's only for dev errors
     { name: 'updateDataApolloLink', link: createUpdateDataLink(data) },
-    { name: 'httpLink', link: createHttpLink(getGraphqlUrl(), httpLinkConfig) },
+    {
+      name: 'httpLink',
+      link: createHttpLink(
+        getGraphqlUrl(),
+        httpLinkConfig,
+        serverAuthState.cookieHeader
+      ),
+    },
   ]
 
   const extendErrorAndRethrow = (error: any, _errorInfo: React.ErrorInfo) => {

Original file line number	Diff line number	Diff line change
`@@ -186,6 +186,7 @@ export const dbAuthSession = (`
`186`	`186`	`const [session, _csrfToken] = decryptSession(`
`187`	`187`	`getSession(cookieHeader, cookieNameOption)`
`188`	`188`	`)`
	`189`	+ console.log(`👉 \n ~ file: shared.ts:190 ~ session:`, session)
`189`	`190`	`return session`
`190`	`191`	`} else if (sessionInAuthHeader) {`
`191`	`192`	`// i.e. FE Sever makes the request, and adds encrypted session to the Authorization header`