feat: include sessionToken in onLiveQueryEvent

[dblythy]

Closes #1906.

If a sessionToken is passed onLiveQueryEvent, lookup the associated Parse.User, and set req.user.

[codecov]

Codecov Report

Merging #7043 (371abda) into master (c8ff445) will increase coverage by 0.03%.
The diff coverage is 50.00%.

@@            Coverage Diff             @@
##           master    #7043      +/-   ##
==========================================
+ Coverage   93.83%   93.86%   +0.03%     
==========================================
  Files         169      169              
  Lines       12439    12438       -1     
==========================================
+ Hits        11672    11675       +3     
+ Misses        767      763       -4     

Impacted Files	Coverage Δ
src/LiveQuery/ParseLiveQueryServer.js	94.92% <ø> (ø)
src/triggers.js	94.60% <50.00%> (+0.89%)	⬆️
src/Adapters/Storage/Mongo/MongoStorageAdapter.js	92.92% <0.00%> (-0.67%)	⬇️
src/Options/Definitions.js	100.00% <0.00%> (ø)
src/RestWrite.js	94.00% <0.00%> (+0.48%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c8ff445...371abda. Read the comment docs.

[dplewis]

Just a comment and a nit

[dplewis]

Nice catch! I can't believe I missed this.

[dblythy]

Thanks for the review! Shoutout to @maxiqsoft for identifying the solution.

[dplewis]

@dblythy Actually I think passing the sessionToken should be enough. I don't know how I feel about doing a lookup for every live query event (could be hundreds of thousands of events). The developer can easily get the user from the sessionToken. What do you think @davimacedo

[dblythy]

@dblythy Actually I think passing the sessionToken should be enough. I don't know how I feel about doing a lookup for every live query event (could be hundreds of thousands of events)

This might be worth considering for afterLiveQueryEvent trigger too, which fires on update, leave, enter, create delete, where onLiveQueryEvent fires on connect, subscribe, unsubscribe, ws_connect, ws_disconnect, ws_disconnect_error.

Currently, afterLiveQueryEvent looks up request.user.

[mtrezza]

I think with the installation ID and the session token now both being available, there are now 2 ways of inferring the user. A user lookup should be done optionally if needed, due to the look-up costs.

[dplewis]

That’s probably why I didn’t add sessionToken here because installationId was enough.

[mtrezza]

As I mentioned in the original tread #1906:

it would currently be possible to infer the user from the installationId, but that is indirect and requires additional referencing. This solution on the other hand would allow to infer the user directly from the session object.

So I think there is definitely an advantage of having the session token over the installation ID.