chore: bearer token middleware #6624
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 2 Ignored Deployments
|
![codescene-delta-analysis[bot]](https://avatars.githubusercontent.com/in/53921?s=60&v=4){kind=small}
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
nunogois
force-pushed
the
bearer-token-support
branch
from
eb6d1f9
to
bf907c7
Compare
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
nunogois
force-pushed
the
bearer-token-support
branch
from
bf907c7
to
89cd864
Compare
There was a problem hiding this comment.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
nunogois
force-pushed
the
bearer-token-support
branch
from
88b8ded
to
2f81920
Compare
There was a problem hiding this comment.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
@nunogois this looks great! I'm confident cause we have a toggle switch it off at will. So I'd say go for it after rebasing (just in case).
nunogois
force-pushed
the
bearer-token-support
branch
from
2f81920
to
5dd6a3f
Compare
There was a problem hiding this comment.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
| logger.debug('Enabling bearer token middleware'); | ||
|
|
||
| return (req: Request, _: Response, next: NextFunction) => { | ||
| if (flagResolver.isEnabled('bearerTokenMiddleware')) { |
There was a problem hiding this comment.
We should have it enabled for signals as it's an experimental endpoint and we do want to support Bearer tokens in this endpoint, while the others we want to have it as a release flag. Should there be any security related issue with Bearer tokens in signals we can just kill the whole functionality, and that should be fine because it's experimental
There was a problem hiding this comment.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
Adds a bearer token middleware that adds support for tokens prefixed with "Bearer" scheme. Prefixing with "Bearer" is optional and the old way of authenticating still works, so we now support both ways.
Also, added as part of our OpenAPI spec which now displays authorization as follows:
Related to #4630. Doesn't fully close the issue as we're still using some invalid characters for the RFC, in particular
*and[]For safety reasons this is behind a feature flag