Support for member session authZ for RBAC

stytchauth · Nov 14, 2023 · 274d789 · 274d789
1 parent 6c88103
commit 274d789
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 5 deletions.
diff --git a/lib/shared/index.ts b/lib/shared/index.ts
@@ -14,6 +14,7 @@ export type requestConfig = {
   params?: Record<string, string | number>;
   data?: unknown;
   dataRaw?: BodyInit;
+  headers?: Record<string, string>;
 };
 
 export async function request<T>(
@@ -27,17 +28,20 @@ export async function request<T>(
     );
   }
 
+  const finalHeaders = { ...fetchConfig.headers, ...requestConfig.headers };
+
   let response: Response;
   try {
     const body: BodyInit | undefined = requestConfig.data
       ? JSON.stringify(requestConfig.data)
       : requestConfig.dataRaw;
 
     response = await fetch(url.toString(), {
+      ...fetchConfig,
       method: requestConfig.method,
       body: body,
+      headers: finalHeaders,
       cache: "no-store",
-      ...fetchConfig,
     });
   } catch (e) {
     const err = e as Error;

diff --git a/lib/shared/method_options.ts b/lib/shared/method_options.ts
@@ -0,0 +1,18 @@
+export interface Authorization {
+  // A secret token for a given Stytch Session.
+  session_token?: string;
+  // The JSON Web Token (JWT) for a given Stytch Session.
+  session_jwt?: string;
+}
+
+export function addAuthorizationHeaders(
+  headers: Record<string, string>,
+  authorization: Authorization,
+): void {
+  if (authorization.session_token) {
+    headers["X-Stytch-Member-Session"] = authorization.session_token;
+  }
+  if (authorization.session_jwt) {
+    headers["X-Stytch-Member-SessionJWT"] = authorization.session_jwt;
+  }
+}
diff --git a/test/helpers.ts b/test/helpers.ts
@@ -1,5 +1,5 @@
-import { request, requestConfig } from "../lib/shared";
-import * as http from "http";
+import { request, fetchConfig, requestConfig } from "../lib/shared";
+import * as undici from "undici";
 
 export type Response = {
   status: number;
@@ -13,13 +13,13 @@ export type Request = {
   data?: unknown;
 };
 
-export const MOCK_FETCH_CONFIG = {
+export const MOCK_FETCH_CONFIG: fetchConfig = {
   baseURL: "https://example.net",
   headers: {
     "User-Agent": `Stytch Node vTEST`,
   },
   timeout: 100,
-  agent: { mock: "agent" } as unknown as http.Agent,
+  dispatcher: { mock: "agent" } as unknown as undici.Dispatcher,
 };
 
 export function mockRequest(

diff --git a/test/shared/shared.test.ts b/test/shared/shared.test.ts
@@ -76,6 +76,24 @@ describe("request", () => {
     });
   });
 
+  test("Merges headers passed through as options", async () => {
+    mockResponse({ key: "value" }, 200);
+    await request(MOCK_FETCH_CONFIG, {
+      url: "http://localhost:8000/hello",
+      method: "POST",
+      headers: { "app-header": "passed through" }
+    });
+
+    expect(fetchMock).toHaveBeenCalledWith("http://localhost:8000/hello", {
+      method: "POST",
+      ...MOCK_FETCH_CONFIG,
+      headers: {
+        ...MOCK_FETCH_CONFIG.headers,
+        "app-header": "passed through",
+      }
+    });
+  });
+
   test("error response throws inspectable error", async () => {
     expect.assertions(2);