Always send our auth token on Node, and always send an appcheck token…

… if we have one. (#5082) * Always send our auth token on Node, and always send an appcheck token if we have one. * Add changeset * Update .changeset/silent-seals-approve.md Co-authored-by: Sebastian Schmidt <mrschmidt@google.com> Co-authored-by: Sebastian Schmidt <mrschmidt@google.com>
firebase · Jul 2, 2021 · 99414a5 · 99414a5
1 parent f4c106e
commit 99414a5
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 11 deletions.
diff --git a/.changeset/silent-seals-approve.md b/.changeset/silent-seals-approve.md
@@ -0,0 +1,5 @@
+---
+'@firebase/database': patch
+---
+
+On Node, always send Auth and AppCheck tokens when they are available.
diff --git a/packages/database/src/realtime/WebSocketConnection.ts b/packages/database/src/realtime/WebSocketConnection.ts
@@ -167,16 +167,15 @@ export class WebSocketConnection implements Transport {
         };
 
         // If using Node with admin creds, AppCheck-related checks are unnecessary.
-        // It will send the authorization token.
-        if (this.nodeAdmin) {
-          options.headers['Authorization'] = this.authToken || '';
-        } else {
-          // If using Node without admin creds (which includes all uses of the
-          // client-side Node SDK), it will send an AppCheck token if available.
-          // Any other auth credentials will eventually be sent after the connection
-          // is established, but aren't needed here as they don't effect the initial
-          // request to establish a connection.
-          options.headers['X-Firebase-AppCheck'] = this.appCheckToken || '';
+        // Note that we send the credentials here even if they aren't admin credentials, which is
+        // not a problem.
+        // Note that this header is just used to bypass appcheck, and the token should still be sent
+        // through the websocket connection once it is established.
+        if (this.authToken) {
+          options.headers['Authorization'] = this.authToken;
+        }
+        if (this.appCheckToken) {
+          options.headers['X-Firebase-AppCheck'] = this.appCheckToken;
         }
 
         // Plumb appropriate http_proxy environment variable into faye-websocket if it exists.
@@ -239,7 +238,7 @@ export class WebSocketConnection implements Transport {
   /**
    * No-op for websockets, we don't need to do anything once the connection is confirmed as open
    */
-  start() {}
+  start() { }
 
   static forceDisallow_: boolean;