chore: fix legacy http service to include api version in requests

standardnotes · Feb 28, 2024 · 0f69ba7 · 0f69ba7
1 parent aae4ce6
commit 0f69ba7
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/packages/api/src/Domain/Http/HttpService.ts b/packages/api/src/Domain/Http/HttpService.ts
@@ -9,9 +9,11 @@ import {
   HttpResponse,
   HttpResponseMeta,
   isErrorResponse,
+  ApiEndpointParam,
 } from '@standardnotes/responses'
 import { HttpServiceInterface } from './HttpServiceInterface'
 
+import { ApiVersion } from '../Api'
 import { Paths } from '../Server/Auth/Paths'
 import { SessionRefreshResponseBody } from '../Response/Auth/SessionRefreshResponseBody'
 import { FetchRequestHandler } from './FetchRequestHandler'
@@ -145,6 +147,10 @@ export class HttpService implements HttpServiceInterface {
       await sleep(this.__latencySimulatorMs, true)
     }
 
+    httpRequest.params = httpRequest.params
+      ? this.params(httpRequest.params as Record<string | number | symbol, unknown>)
+      : undefined
+
     const isRefreshRequest = httpRequest.url === joinPaths(this.host, Paths.v1.refreshSession)
     if (this.inProgressRefreshSessionPromise && !isRefreshRequest) {
       await this.inProgressRefreshSessionPromise
@@ -236,4 +242,15 @@ export class HttpService implements HttpServiceInterface {
 
     return true
   }
+
+  private params(inParams: Record<string | number | symbol, unknown>): HttpRequestParams {
+    const params = {
+      ...inParams,
+      ...{
+        [ApiEndpointParam.ApiVersion]: ApiVersion.v1,
+      },
+    }
+
+    return params
+  }
 }
diff --git a/packages/snjs/mocha/session.test.js b/packages/snjs/mocha/session.test.js
@@ -96,8 +96,15 @@ describe('server session', function () {
     // After the above sync request is completed, we obtain the session information.
     const sessionAfterSync = application.legacyApi.getSession()
 
-    expect(sessionBeforeSync.accessToken.value).to.not.equal(sessionAfterSync.accessToken.value)
-    expect(sessionBeforeSync.refreshToken.value).to.not.equal(sessionAfterSync.refreshToken.value)
+    /**
+     * Access token and refresh token values in the new API version (20240226) represent the session uuid.
+     * So they should stay the same as they were since we are operating on the same session.
+     *
+     * The actual token values are stored in cookies indexed by the session uuid and are not accessible to the client.
+     */
+    expect(sessionBeforeSync.accessToken.value).to.equal(sessionAfterSync.accessToken.value)
+    expect(sessionBeforeSync.refreshToken.value).to.equal(sessionAfterSync.refreshToken.value)
+
     expect(sessionBeforeSync.accessToken.expiresAt).to.be.lessThan(sessionAfterSync.accessToken.expiresAt)
     // New token should expire in the future.
     expect(sessionAfterSync.accessToken.expiresAt).to.be.greaterThan(Date.now())