Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: use X-Goog-Api-Key header #719

Merged
merged 2 commits into from
May 29, 2019
Merged

feat: use X-Goog-Api-Key header #719

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7371880
feat: use X-Goog-Api-Key header
alexander-fenster May 28, 2019
dfaa077
do not use key= parameter
alexander-fenster May 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
"@types/mocha": "^5.2.1",
"@types/mv": "^2.1.0",
"@types/ncp": "^2.0.1",
"@types/nock": "^10.0.0",
"@types/nock": "^10.0.3",
"@types/node": "^10.5.1",
"@types/semver": "^6.0.0",
"@types/sinon": "^7.0.0",
Expand Down
6 changes: 3 additions & 3 deletions src/auth/oauth2client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -756,7 +756,7 @@ export class OAuth2Client extends AuthClient {
}

if (this.apiKey) {
return {headers: {}};
return {headers: {'X-Goog-Api-Key': this.apiKey}};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So further down, in the requestAsync method, there's a bit of code that grabs the API key and stuffs it in a querystring parameter (I think). Could I trouble you to modify that code to use the HTTP header instead as well? Or alternatively, file an issue to come back around for it?

Copy link
Contributor Author

@alexander-fenster alexander-fenster May 29, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I checked it and verified it works, but I'm still not sure if it's a safe change to remove that &key= and replace it with the API token.

But here are my examples that I checked.

Sample JSON request to Vision API:

$ cat request.json 
{
  "requests": [
    {
      "image":{
        "source": {
          "imageUri": "https://timedotcom.files.wordpress.com/2019/03/kitten-report.jpg"
        }
      },
      "features":[
        {
          "type":"LABEL_DETECTION",
          "maxResults":1
        }
      ]
    }
  ]
}

Passing API key in a GET parameter:

$ curl -H 'Content-Type: application/json' \
       -X POST -d '@request.json' \
       https://vision.googleapis.com/v1/images:annotate?key=$GOOGLE_API_KEY 
{
  "responses": [
    {
      "labelAnnotations": [
        {
          "mid": "/m/01yrx",
          "description": "Cat",
          "score": 0.99598557,
          "topicality": 0.99598557
        }
      ]
    }
  ]
}

No API key - does not work:

$ curl -H 'Content-Type: application/json' \
       -X POST -d '@request.json' \
       https://vision.googleapis.com/v1/images:annotate
{
  "error": {
    "code": 403,
    "message": "The request is missing a valid API key.",
    "status": "PERMISSION_DENIED"
  }
}

Passing API key in an HTTP header - it works again:

$ curl -H "X-Goog-Api-Key: $GOOGLE_API_KEY" \
       -H 'Content-Type: application/json' \
       -X POST -d '@request.json' \
       https://vision.googleapis.com/v1/images:annotate
{
  "responses": [
    {
      "labelAnnotations": [
        {
          "mid": "/m/01yrx",
          "description": "Cat",
          "score": 0.99598557,
          "topicality": 0.99598557
        }
      ]
    }
  ]
}

What's your call @JustinBeckwith?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I made the change, PTAL)

Copy link
Contributor Author

@alexander-fenster alexander-fenster May 29, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I double checked that those two (&key= query string parameter and X-Goog-Api-Key header) are interchangeable so it should be ok to remove the query string parameter in favor of the header.

Can I have one more look at the added changes @JustinBeckwith?

}
let r: GetTokenResponse | null = null;
let tokens: Credentials | null = null;
Expand Down Expand Up @@ -885,9 +885,9 @@ export class OAuth2Client extends AuthClient {
opts.headers = opts.headers || {};
opts.headers.Authorization = r.headers.Authorization;
}

if (this.apiKey) {
opts.params = Object.assign(opts.params || {}, {key: this.apiKey});
opts.headers = opts.headers || {};
opts.headers['X-Goog-Api-Key'] = this.apiKey;
}
r2 = await this.transporter.request<T>(opts);
} catch (e) {
Expand Down
17 changes: 11 additions & 6 deletions test/test.googleauth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,9 +242,8 @@ describe('googleauth', () => {
it('should make a request with the api key', async () => {
const scope = nock(BASE_URL)
.post(ENDPOINT)
.query({key: API_KEY})
.reply(uri => {
assert(uri.indexOf('key=' + API_KEY) > -1);
.reply(function(uri) {
assert.strictEqual(this.req.headers['x-goog-api-key'][0], API_KEY);
return [200, RESPONSE_BODY];
});
const client = auth.fromAPIKey(API_KEY);
Expand All @@ -257,13 +256,19 @@ describe('googleauth', () => {
scope.done();
});

it('should put the api key in the headers', async () => {
const client = auth.fromAPIKey(API_KEY);
const headers = await client.getRequestHeaders();
assert.strictEqual(headers['X-Goog-Api-Key'], API_KEY);
});

it('should make a request while preserving original parameters', async () => {
const OTHER_QS_PARAM = {test: 'abc'};
const scope = nock(BASE_URL)
.post(ENDPOINT)
.query({test: OTHER_QS_PARAM.test, key: API_KEY})
.reply(uri => {
assert(uri.indexOf('key=' + API_KEY) > -1);
.query({test: OTHER_QS_PARAM.test})
.reply(function(uri) {
assert.strictEqual(this.req.headers['x-goog-api-key'][0], API_KEY);
assert(uri.indexOf('test=' + OTHER_QS_PARAM.test) > -1);
return [200, RESPONSE_BODY];
});
Expand Down