feat(backend): Enforce request param in authenticateRequest - repla…

…ce header related options
clerk · Nov 16, 2023 · 1a7879d · 1a7879d
1 parent 1119b0f
commit 1a7879d
Show file tree

Hide file tree

Showing 8 changed files with 219 additions and 214 deletions.
diff --git a/packages/backend/src/api/factory.ts b/packages/backend/src/api/factory.ts
@@ -16,16 +16,7 @@ import {
 } from './endpoints';
 import { buildRequest } from './request';
 
-export type CreateBackendApiOptions = {
-  /* Secret Key */
-  secretKey?: string;
-  /* Backend API URL */
-  apiUrl?: string;
-  /* Backend API version */
-  apiVersion?: string;
-  /* Library/SDK name */
-  userAgent?: string;
-};
+export type CreateBackendApiOptions = Parameters<typeof buildRequest>[0];
 
 export type ApiClient = ReturnType<typeof createBackendApiClient>;
 

diff --git a/packages/backend/src/api/request.ts b/packages/backend/src/api/request.ts
@@ -8,7 +8,6 @@ import { API_URL, API_VERSION, constants, USER_AGENT } from '../constants';
 import runtime from '../runtime';
 import { assertValidSecretKey } from '../util/assertValidSecretKey';
 import { joinPaths } from '../util/path';
-import type { CreateBackendApiOptions } from './factory';
 import { deserialize } from './resources/Deserializer';
 
 export type ClerkBackendApiRequestOptions = {
@@ -64,7 +63,18 @@ const withLegacyReturn =
     }
   };
 
-export function buildRequest(options: CreateBackendApiOptions) {
+type BuildRequestOptions = {
+  /* Secret Key */
+  secretKey?: string;
+  /* Backend API URL */
+  apiUrl?: string;
+  /* Backend API version */
+  apiVersion?: string;
+  /* Library/SDK name */
+  userAgent?: string;
+};
+
+export function buildRequest(options: BuildRequestOptions) {
   const request = async <T>(requestOptions: ClerkBackendApiRequestOptions): Promise<ClerkBackendApiResponse<T>> => {
     const { secretKey, apiUrl = API_URL, apiVersion = API_VERSION, userAgent = USER_AGENT } = options;
     const { path, method, queryParams, headerParams, bodyParams, formData } = requestOptions;

diff --git a/packages/backend/src/tokens/authObjects.ts b/packages/backend/src/tokens/authObjects.ts
@@ -6,17 +6,14 @@ import type {
   ServerGetTokenOptions,
 } from '@clerk/types';
 
-import type { Organization, Session, User } from '../api';
+import type { CreateBackendApiOptions, Organization, Session, User } from '../api';
 import { createBackendApiClient } from '../api';
 
 type AuthObjectDebugData = Record<string, any>;
 type CreateAuthObjectDebug = (data?: AuthObjectDebugData) => AuthObjectDebug;
 type AuthObjectDebug = () => AuthObjectDebugData;
 
-export type SignedInAuthObjectOptions = {
-  secretKey?: string;
-  apiUrl?: string;
-  apiVersion?: string;
+export type SignedInAuthObjectOptions = CreateBackendApiOptions & {
   token: string;
   session?: Session;
   user?: User;

diff --git a/packages/backend/src/tokens/authStatus.ts b/packages/backend/src/tokens/authStatus.ts
@@ -92,7 +92,6 @@ type RequestStateParams = {
   domain?: string;
   isSatellite?: boolean;
   proxyUrl?: string;
-  searchParams?: URLSearchParams;
   signInUrl?: string;
   signUpUrl?: string;
   afterSignInUrl?: string;

diff --git a/packages/backend/src/tokens/factory.ts b/packages/backend/src/tokens/factory.ts
@@ -18,7 +18,6 @@ export type CreateAuthenticateRequestOptions = {
       | 'proxyUrl'
       | 'domain'
       | 'isSatellite'
-      | 'userAgent'
     >
   >;
   apiClient: ApiClient;
@@ -36,7 +35,6 @@ export function createAuthenticateRequest(params: CreateAuthenticateRequestOptio
     isSatellite: buildtimeIsSatellite = false,
     domain: buildtimeDomain = '',
     audience: buildtimeAudience = '',
-    userAgent: buildtimeUserAgent,
   } = params.options;
 
   const authenticateRequest = ({
@@ -47,8 +45,6 @@ export function createAuthenticateRequest(params: CreateAuthenticateRequestOptio
     jwtKey: runtimeJwtKey,
     isSatellite: runtimeIsSatellite,
     domain: runtimeDomain,
-    searchParams: runtimeSearchParams,
-    userAgent: runtimeUserAgent,
     ...rest
   }: Omit<AuthenticateRequestOptions, 'apiUrl' | 'apiVersion'>) => {
     return authenticateRequestOriginal({
@@ -61,9 +57,7 @@ export function createAuthenticateRequest(params: CreateAuthenticateRequestOptio
       publishableKey: runtimePublishableKey || buildtimePublishableKey,
       isSatellite: runtimeIsSatellite || buildtimeIsSatellite,
       domain: runtimeDomain || buildtimeDomain,
-      jwtKey: runtimeJwtKey || buildtimeJwtKey,
-      searchParams: runtimeSearchParams,
-      userAgent: runtimeUserAgent?.toString() || buildtimeUserAgent,
+      jwtKey: runtimeJwtKey || buildtimeJwtKey
     });
   };
 

diff --git a/packages/backend/src/tokens/interstitialRule.ts b/packages/backend/src/tokens/interstitialRule.ts
@@ -4,7 +4,7 @@ import type { AuthStatusOptionsType, RequestState } from './authStatus';
 import { AuthErrorReason, interstitial, signedIn, signedOut } from './authStatus';
 import { verifyToken } from './verify';
 
-type InterstitialRuleOptions = AuthStatusOptionsType & {
+export type InterstitialRuleOptions = AuthStatusOptionsType & {
   /* Request origin header value */
   origin?: string;
   /* Request host header value */
@@ -23,6 +23,8 @@ type InterstitialRuleOptions = AuthStatusOptionsType & {
   clientUat?: string;
   /* Client token header value */
   headerToken?: string;
+  /* Request search params value */
+  searchParams?: URLSearchParams;
 };
 
 type InterstitialRuleResult = RequestState | undefined;