Skip to content

feat(lazer/js/sdk): QSP auth for browser support #3014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(lazer/js/sdk): QSP auth for browser support #3014

wants to merge 3 commits into from

Conversation

tejasbadadare
Copy link
Contributor

Summary

Rationale

How has this been tested?

  • Current tests cover my changes
  • Added new tests
  • Manually tested the code

@vercel Vercel
Copy link

vercel bot commented Sep 2, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
api-reference Ready Ready Preview Comment Sep 8, 2025 6:06pm
proposals Ready Ready Preview Comment Sep 8, 2025 6:06pm
5 Skipped Deployments
Project Deployment Preview Comments Updated (UTC)
component-library Skipped Skipped Sep 8, 2025 6:06pm
developer-hub Skipped Skipped Sep 8, 2025 6:06pm
entropy-explorer Skipped Skipped Sep 8, 2025 6:06pm
insights Skipped Skipped Sep 8, 2025 6:06pm
staking Skipped Skipped Sep 8, 2025 6:06pm

cprussin
cprussin approved these changes Sep 2, 2025
View reviewed changes
lazer/sdk/js/src/socket/websocket-pool.ts
if (isBrowser()) {
// Browser: Add token as query parameter
const urlObj = new URL(url);
urlObj.searchParams.set("ACCESS_TOKEN", token);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is available as a query param, why use bearer auth at all? Seems like if you have to support query param auth it's simpler to just always use the query param and never set the header...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeahh, considered that, but we prefer people use the header whenever possible to avoid leaking the token in logs/some nginx somewhere/etc.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah yeah that's fair

lazer/sdk/js/src/socket/websocket-pool.ts Outdated
function addAuthentication(
url: string,
token: string,
wsOptions: any = {}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general you shouldn't ever use any; here you should type this correctly to match the types that are valid as options here. If you must, you can use unknown, but I don't think that makes sense in this case.

@tejasbadadare tejasbadadare marked this pull request as ready for review September 5, 2025 22:39
@vercel vercel bot temporarily deployed to Preview – developer-hub September 5, 2025 22:42 Inactive
@vercel vercel bot temporarily deployed to Preview – staking September 5, 2025 22:42 Inactive
@vercel vercel bot temporarily deployed to Preview – component-library September 5, 2025 22:42 Inactive
@vercel vercel bot temporarily deployed to Preview – insights September 5, 2025 22:42 Inactive
@vercel vercel bot temporarily deployed to Preview – entropy-explorer September 5, 2025 22:42 Inactive
@tejasbadadare
Copy link
Contributor Author

tejasbadadare commented Sep 8, 2025
edited
Loading

A twist here is that the dedupeHandler in websocket-pool works fine in Node for data of type string (for parsed messages) and type Blob (for binary messages), but the Blob case doesn't work in a browser.

The Buffer.from(data) call fails with

The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type object.

Thus, the SDK would only work in the browser if subscribing to messages with deliveryFormat: "json", which is kind of an obscure limitation.

I'm going to park this PR for now since browser support isn't a highly requested feature and it could be a bit of a rabbit hole to address all inconsistencies between Node and browser. cc @ali-behjati @cprussin .

@vercel vercel bot temporarily deployed to Preview – component-library September 8, 2025 18:03 Inactive
@vercel vercel bot temporarily deployed to Preview – staking September 8, 2025 18:03 Inactive
@vercel vercel bot temporarily deployed to Preview – entropy-explorer September 8, 2025 18:03 Inactive
@vercel vercel bot temporarily deployed to Preview – developer-hub September 8, 2025 18:03 Inactive
@vercel vercel bot temporarily deployed to Preview – insights September 8, 2025 18:03 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cprussin cprussin cprussin approved these changes

@ali-behjati ali-behjati Awaiting requested review from ali-behjati ali-behjati is a code owner

@keyvankhademi keyvankhademi Awaiting requested review from keyvankhademi keyvankhademi is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tejasbadadare @cprussin