Refactor and reuse getEventHeader

Improve Fetch Request detection
dac09 · Dec 25, 2023 · 4e268aa · 4e268aa
1 parent 5e0c1c2
commit 4e268aa
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 48 deletions.
diff --git a/packages/api/src/auth/index.ts b/packages/api/src/auth/index.ts
@@ -4,7 +4,7 @@ import type { APIGatewayProxyEvent, Context as LambdaContext } from 'aws-lambda'
 // @ts-expect-error Types are incorrect in 0.6, but will be fixed in the next version probably
 import { parse as parseCookie } from 'cookie'
 
-import { isFetchApiRequest } from '../transforms'
+import { getEventHeader } from '../event'
 
 import type { Decoded } from './parseJWT'
 export type { Decoded }
@@ -19,9 +19,7 @@ export const getAuthProviderHeader = (
     (key) => key.toLowerCase() === AUTH_PROVIDER_HEADER
   )
   if (authProviderKey) {
-    return isFetchApiRequest(event)
-      ? event?.headers.get(authProviderKey)
-      : event?.headers[authProviderKey]
+    return getEventHeader(event, authProviderKey)
   }
   return undefined
 }
@@ -34,9 +32,7 @@ export interface AuthorizationHeader {
 export const parseAuthorizationCookie = (
   event: APIGatewayProxyEvent | Request
 ) => {
-  const cookie = isFetchApiRequest(event)
-    ? event.headers.get('Cookie')
-    : event.headers?.Cookie || event.headers.cookie
+  const cookie = getEventHeader(event, 'cookie')
 
   // Unauthenticated request
   if (!cookie) {
@@ -56,11 +52,9 @@ export const parseAuthorizationCookie = (
  * Split the `Authorization` header into a schema and token part.
  */
 export const parseAuthorizationHeader = (
-  event: APIGatewayProxyEvent
+  event: APIGatewayProxyEvent | Request
 ): AuthorizationHeader => {
-  const parts = (
-    event.headers?.authorization || event.headers?.Authorization
-  )?.split(' ')
+  const parts = getEventHeader(event, 'authorization')?.split(' ')
   if (parts?.length !== 2) {
     throw new Error('The `Authorization` header is not valid.')
   }

diff --git a/packages/api/src/event.ts b/packages/api/src/event.ts
@@ -0,0 +1,15 @@
+import type { APIGatewayProxyEvent } from 'aws-lambda'
+
+import { isFetchApiRequest } from './transforms'
+
+// Extracts the header from an event, handling lower and upper case header names.
+export const getEventHeader = (
+  event: APIGatewayProxyEvent | Request,
+  headerName: string
+) => {
+  if (isFetchApiRequest(event)) {
+    return event.headers.get(headerName)
+  }
+
+  return event.headers[headerName] || event.headers[headerName.toLowerCase()]
+}
diff --git a/packages/api/src/index.ts b/packages/api/src/index.ts
@@ -7,6 +7,7 @@ export * from './types'
 
 export * from './transforms'
 export * from './cors'
+export * from './event'
 
 // @NOTE: use require, to avoid messing around with tsconfig and nested output dirs
 const packageJson = require('../package.json')

diff --git a/packages/api/src/transforms.ts b/packages/api/src/transforms.ts
@@ -1,4 +1,4 @@
-import { Headers } from '@whatwg-node/fetch'
+import { Headers, Request as PonyfillRequest } from '@whatwg-node/fetch'
 import type { APIGatewayProxyEvent } from 'aws-lambda'
 
 // This is part of the request, dreived either from a LambdaEvent or FetchAPI Request
@@ -50,13 +50,19 @@ export const parseFetchEventBody = async (event: Request) => {
 export const isFetchApiRequest = (
   event: Request | APIGatewayProxyEvent
 ): event is Request => {
-  // Arda has suggested it's better to check for a lambda event than a fetch event
-  // as there are some edgecases with constructor name in PonyfillRequest
-  if ('httpMethod' in event || 'resource' in event) {
-    return false
+  if (
+    event.constructor.name === 'Request' ||
+    event.constructor.name === PonyfillRequest.name
+  ) {
+    return true
   }
 
-  return true
+  // Also do an extra check on type of headers
+  if (Symbol.iterator in Object(event.headers)) {
+    return true
+  }
+
+  return false
 }
 
 function getQueryStringParams(reqUrl: string) {

diff --git a/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.fetch.test.js b/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.fetch.test.js
@@ -2801,11 +2801,15 @@ describe('dbAuth', () => {
 
     it('throw an error if user is not found', async () => {
       const data = { id: 999999999999 }
-      req = {
-        headers: {
-          cookie: encryptToCookie(JSON.stringify(data) + ';' + 'token'),
-        },
+      const headers = {
+        cookie: encryptToCookie(JSON.stringify(data) + ';' + 'token'),
       }
+
+      const req = new Request('http://localhost:8910/_rw_mw', {
+        method: 'POST',
+        headers,
+      })
+
       const dbAuth = new DbAuthHandler(req, context, options)
 
       try {
@@ -2819,13 +2823,17 @@ describe('dbAuth', () => {
 
     it('throws a generic error for an invalid client', async () => {
       const dbUser = await createDbUser()
-      req = {
-        headers: {
-          cookie: encryptToCookie(
-            JSON.stringify({ id: dbUser.id }) + ';' + 'token'
-          ),
-        },
+      const headers = {
+        cookie: encryptToCookie(
+          JSON.stringify({ id: dbUser.id }) + ';' + 'token'
+        ),
       }
+
+      const req = new Request('http://localhost:8910/_rw_mw', {
+        method: 'POST',
+        headers,
+      })
+
       // invalid db client
       const dbAuth = new DbAuthHandler(req, context, options)
       dbAuth.dbAccessor = undefined
@@ -2841,13 +2849,17 @@ describe('dbAuth', () => {
 
     it('returns the user whos id is in session', async () => {
       const dbUser = await createDbUser()
-      req = {
-        headers: {
-          cookie: encryptToCookie(
-            JSON.stringify({ id: dbUser.id }) + ';' + 'token'
-          ),
-        },
+      const headers = {
+        cookie: encryptToCookie(
+          JSON.stringify({ id: dbUser.id }) + ';' + 'token'
+        ),
       }
+
+      const req = new Request('http://localhost:8910/_rw_mw', {
+        method: 'POST',
+        headers,
+      })
+
       const dbAuth = new DbAuthHandler(req, context, options)
       const user = await dbAuth._getCurrentUser()
 

diff --git a/packages/auth-providers/dbAuth/api/src/shared.ts b/packages/auth-providers/dbAuth/api/src/shared.ts
@@ -2,7 +2,7 @@ import crypto from 'node:crypto'
 
 import type { APIGatewayProxyEvent } from 'aws-lambda'
 
-import { isFetchApiRequest } from '@redwoodjs/api'
+import { getEventHeader } from '@redwoodjs/api'
 import { getConfig, getConfigPath } from '@redwoodjs/project-config'
 
 import * as DbAuthError from './errors'
@@ -23,18 +23,6 @@ const DEFAULT_SCRYPT_OPTIONS: ScryptOptions = {
   parallelization: 1,
 }
 
-// Extracts the header from an event, handling lower and upper case header names.
-const eventGetHeader = (
-  event: APIGatewayProxyEvent | Request,
-  headerName: string
-) => {
-  if (isFetchApiRequest(event)) {
-    return event.headers.get(headerName)
-  }
-
-  return event.headers[headerName] || event.headers[headerName.toLowerCase()]
-}
-
 const getPort = () => {
   let configPath
 
@@ -81,13 +69,13 @@ export const extractCookie = (event: APIGatewayProxyEvent | Request) => {
   // this feels a bit off, but also requires the parsing to become async
 
   // return eventGraphiQLHeadersCookie(event) || eventHeadersCookie(event)
-  return eventGetHeader(event, 'Cookie')
+  return getEventHeader(event, 'Cookie')
 }
 
 function extractEncryptedSessionFromHeader(
   event: APIGatewayProxyEvent | Request
 ) {
-  return eventGetHeader(event, 'Authorization')?.split(' ')[1]
+  return getEventHeader(event, 'Authorization')?.split(' ')[1]
 }
 
 // whether this encrypted session was made with the old CryptoJS algorithm