Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: use X-Goog-Api-Key header #719

Merged
merged 2 commits into from
May 29, 2019
Merged

feat: use X-Goog-Api-Key header #719

merged 2 commits into from
May 29, 2019

Conversation

alexander-fenster
Copy link
Contributor

@alexander-fenster alexander-fenster commented May 28, 2019

We have this thing called gRPC Fallback, which supports API keys and requires them to be sent in this special header X-Goog-Api-Key. Some details here and more details - with JavaScript code sample I wrote - here.

Let's set this header so that the JavaScript code could use getRequestHeaders in both service account and API key use cases.

  • Tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label May 28, 2019
@@ -756,7 +756,7 @@ export class OAuth2Client extends AuthClient {
}

if (this.apiKey) {
return {headers: {}};
return {headers: {'X-Goog-Api-Key': this.apiKey}};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So further down, in the requestAsync method, there's a bit of code that grabs the API key and stuffs it in a querystring parameter (I think). Could I trouble you to modify that code to use the HTTP header instead as well? Or alternatively, file an issue to come back around for it?

Copy link
Contributor Author

@alexander-fenster alexander-fenster May 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I checked it and verified it works, but I'm still not sure if it's a safe change to remove that &key= and replace it with the API token.

But here are my examples that I checked.

Sample JSON request to Vision API:

$ cat request.json 
{
  "requests": [
    {
      "image":{
        "source": {
          "imageUri": "https://timedotcom.files.wordpress.com/2019/03/kitten-report.jpg"
        }
      },
      "features":[
        {
          "type":"LABEL_DETECTION",
          "maxResults":1
        }
      ]
    }
  ]
}

Passing API key in a GET parameter:

$ curl -H 'Content-Type: application/json' \
       -X POST -d '@request.json' \
       https://vision.googleapis.com/v1/images:annotate?key=$GOOGLE_API_KEY 
{
  "responses": [
    {
      "labelAnnotations": [
        {
          "mid": "/m/01yrx",
          "description": "Cat",
          "score": 0.99598557,
          "topicality": 0.99598557
        }
      ]
    }
  ]
}

No API key - does not work:

$ curl -H 'Content-Type: application/json' \
       -X POST -d '@request.json' \
       https://vision.googleapis.com/v1/images:annotate
{
  "error": {
    "code": 403,
    "message": "The request is missing a valid API key.",
    "status": "PERMISSION_DENIED"
  }
}

Passing API key in an HTTP header - it works again:

$ curl -H "X-Goog-Api-Key: $GOOGLE_API_KEY" \
       -H 'Content-Type: application/json' \
       -X POST -d '@request.json' \
       https://vision.googleapis.com/v1/images:annotate
{
  "responses": [
    {
      "labelAnnotations": [
        {
          "mid": "/m/01yrx",
          "description": "Cat",
          "score": 0.99598557,
          "topicality": 0.99598557
        }
      ]
    }
  ]
}

What's your call @JustinBeckwith?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I made the change, PTAL)

Copy link
Contributor Author

@alexander-fenster alexander-fenster May 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I double checked that those two (&key= query string parameter and X-Goog-Api-Key header) are interchangeable so it should be ok to remove the query string parameter in favor of the header.

Can I have one more look at the added changes @JustinBeckwith?

@codecov
Copy link

codecov bot commented May 29, 2019

Codecov Report

Merging #719 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #719   +/-   ##
=======================================
  Coverage   84.77%   84.77%           
=======================================
  Files          18       18           
  Lines         939      939           
  Branches      209      209           
=======================================
  Hits          796      796           
  Misses         83       83           
  Partials       60       60
Impacted Files Coverage Δ
src/auth/oauth2client.ts 82.78% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3318bff...7371880. Read the comment docs.

@codecov
Copy link

codecov bot commented May 29, 2019

Codecov Report

Merging #719 into master will increase coverage by 0.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #719      +/-   ##
==========================================
+ Coverage   84.77%   84.78%   +0.01%     
==========================================
  Files          18       18              
  Lines         939      940       +1     
  Branches      209      209              
==========================================
+ Hits          796      797       +1     
  Misses         83       83              
  Partials       60       60
Impacted Files Coverage Δ
src/auth/oauth2client.ts 82.83% <100%> (+0.05%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3318bff...dfaa077. Read the comment docs.

Copy link
Contributor

@JustinBeckwith JustinBeckwith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!

@JustinBeckwith JustinBeckwith merged commit 35471d0 into master May 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants