fix(api-rest): Allow x-api-key to pass through any REST API calls. #13394
Conversation
HuiSF
changed the title
| @@ -168,7 +168,33 @@ describe('internal post', () => { | |||
| ); | |||
| }); | |||
|
|
|||
| it('should call unauthenticatedHandler with custom x-api-key header and signingServiceInfo', async () => { | |||
| it('should call authenticatedHandler with custom x-api-key header and serviceSigningInfo', async () => { | |||
There was a problem hiding this comment.
I don't think we should change any behavior on the internalPost, it will affect the GQL handler.
Instead we should only change for public APIs.
| @@ -100,7 +100,7 @@ export const transferHandler = async ( | |||
| const iamAuthApplicable = ( | |||
| { headers }: HttpRequest, | |||
| signingServiceInfo?: SigningServiceInfo, | |||
| ) => !headers.authorization && !headers['x-api-key'] && !!signingServiceInfo; | |||
| ) => !headers.authorization && !!signingServiceInfo; | |||
There was a problem hiding this comment.
Since iamAuthApplicable is also used by internalPost, we should make a bigger refactor to make the change public handlers, but do not change the internalPost behavior. Once way can be moving the iamAuthApplicable logic from shared handler.ts code path to publicApis.ts and internalPost.ts.
There was a problem hiding this comment.
ah i see what u are saying. Okay let me take a look.
|
@AllanZhengYP OK yeah i think the refactoring iamAuthApplicable out and passing might work. Thanks for pointing graphQL bit it was not apparent. I will open a new PR for this. |
Description of changes
Allow
x-api-keyto pass through. We should check only customauthorizationto override the IAM auth. This bring v6 in parity with v5 feature.V5 Ref:
amplify-js/packages/api-rest/src/RestClient.ts
Line 163 in b88df66
Issue #, if available
#13310
#13378
Description of how you validated changes
Checklist
yarn testpassesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.