fix: Handle api_key prefix in auth header #495

mike-zorn · 2025-02-10T18:45:29Z

Requirements

I have added test coverage for new or changed functionality
I have followed the repository's pull request submission guidelines
I have validated my changes against all supported platform versions

Related issues

Closes #490

Describe the solution you've provided

Supports the api_key prefix on keys used for authentication.

mike-zorn · 2025-02-10T18:46:09Z

internal/dev_server/sdk/project_key_middleware.go

@@ -38,6 +39,7 @@ func GetProjectKeyFromAuthorizationHeader(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
 		ctx := request.Context()
 		projectKey := request.Header.Get("Authorization")
+		projectKey = strings.TrimPrefix(projectKey, "api_key ") // some sdks set this as a prefix


@keelerm84 Are there other scenarios we should be aware of for auth key formats?

I'm not sure. The api_key prefix isn't coming from any of the SDKs I wouldn't think. We don't add additional prefixing, outside of the standard key formats.

Maybe that's something more aligned with the integrations team, or whoever is in charge of the auto-generated API SDKs?

lol glad we were both surprised by this behavior. It looks like iOS is doing this prefixing thing. Looks like same for android.

🤯 Well that IS surprising. I wonder if that is still necessary.

I checked the relay, and there is a fetchAuthToken method that only checks for that api_key prefix, so maybe we can be more confident that prefix is the only one we have to worry about.

Ooh. Thank you for looking at the relay implementation. If that's all it supports, I think we're all good here.

tvarney13 · 2025-02-10T19:09:16Z

internal/dev_server/db/sqlite.go

@@ -380,6 +381,9 @@ func (s *Sqlite) RestoreBackup(ctx context.Context, stream io.Reader) (string, e

 func (s *Sqlite) CreateBackup(ctx context.Context) (io.ReadCloser, int64, error) {
 	backupPath, err := s.backupManager.MakeBackupFile(ctx)
+	if err != nil {


Oof nice catch - should we make a follow up item to add a linter rule to catch ineffectual assigns to err?

The linter is running if you use pre-commit, but it doesn't look like pre-commit checks are being run in ci.

But yeah. A follow up item to fixup the CI linter is a good idea.

mike-zorn added 2 commits February 10, 2025 10:41

fix lint error

67480b3

support api_key prefix when authenticating

450e0bf

mike-zorn requested review from keelerm84 and a team February 10, 2025 18:45

mike-zorn commented Feb 10, 2025

View reviewed changes

mike-zorn changed the title ~~Handle api_key prefix in auth header~~ fix: Handle api_key prefix in auth header Feb 10, 2025

tvarney13 reviewed Feb 10, 2025

View reviewed changes

tvarney13 approved these changes Feb 10, 2025

View reviewed changes

mike-zorn merged commit 216a951 into main Feb 10, 2025
9 of 10 checks passed

mike-zorn deleted the FUN-569/mrz/dev-server-cant-handle-api-key-prefix branch February 10, 2025 19:30

github-actions bot mentioned this pull request Feb 10, 2025

chore(main): release 1.12.1 #496

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: Handle api_key prefix in auth header #495

fix: Handle api_key prefix in auth header #495

mike-zorn commented Feb 10, 2025

mike-zorn Feb 10, 2025

keelerm84 Feb 10, 2025

mike-zorn Feb 10, 2025

keelerm84 Feb 10, 2025

mike-zorn Feb 10, 2025

tvarney13 Feb 10, 2025

mike-zorn Feb 10, 2025

mike-zorn Feb 10, 2025

fix: Handle api_key prefix in auth header #495

fix: Handle api_key prefix in auth header #495

Conversation

mike-zorn commented Feb 10, 2025

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment