-
-
Notifications
You must be signed in to change notification settings - Fork 658
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: bearer token middleware #6624
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 2 Ignored Deployments
|
eb6d1f9
to
bf907c7
Compare
bf907c7
to
89cd864
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
88b8ded
to
2f81920
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nunogois this looks great! I'm confident cause we have a toggle switch it off at will. So I'd say go for it after rebasing (just in case).
2f81920
to
5dd6a3f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
logger.debug('Enabling bearer token middleware'); | ||
|
||
return (req: Request, _: Response, next: NextFunction) => { | ||
if (flagResolver.isEnabled('bearerTokenMiddleware')) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should have it enabled for signals as it's an experimental endpoint and we do want to support Bearer tokens in this endpoint, while the others we want to have it as a release flag. Should there be any security related issue with Bearer tokens in signals we can just kill the whole functionality, and that should be fine because it's experimental
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in 9a558df
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Code Health Quality Gates: FAILED
- Declining Code Health: 1 findings(s) 🚩
- Improving Code Health: 0 findings(s) ✅
- Affected Hotspots: 0 files(s) 🔥
Recommended Review Level: Detailed -- Inspect the code that degrades in code health.
View detailed results in CodeScene
🚩 Declining Code Health (highest to lowest):
- Complex Method app.ts: getApp
Adds a bearer token middleware that adds support for tokens prefixed with "Bearer" scheme. Prefixing with "Bearer" is optional and the old way of authenticating still works, so we now support both ways.
Also, added as part of our OpenAPI spec which now displays authorization as follows:
Related to #4630. Doesn't fully close the issue as we're still using some invalid characters for the RFC, in particular
*
and[]
For safety reasons this is behind a feature flag