djkato/saleor-app-sdk-REDIS_APL
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Require only partial of req - headers - in processProtectedHandler (#224)

Browse source 
* Require only partial of req - headers - in processProtectedHandler

* Update .changeset/tough-tips-judge.md

Co-authored-by: Krzysztof Wolski <krzysztof.k.wolski@gmail.com>

---------

Co-authored-by: Krzysztof Wolski <krzysztof.k.wolski@gmail.com>
This commit is contained in:
Lukasz Ostrowski 2023-04-11 10:55:51 +02:00 committed by GitHub
parent 73c9545f41
commit ab24968b67
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.changeset/tough-tips-judge.md Normal file
View file

@ -0,0 +1,7 @@
---
"@saleor/app-sdk": patch
---
processProtectedHandler no longer requires a full NextApiRequest object as an argument. Now only the `headers` property is required to satisfy the type safety.
Thanks to that, some requests like HTML <form> with tokens in BODY can be validated. Till now only fetch/ajax calls could have been validated

4
src/handlers/next/process-protected-handler.ts
View file

@ -37,7 +37,7 @@ export type ProtectedHandlerContext = {
};
interface ProcessSaleorProtectedHandlerArgs {
req: NextApiRequest;
req: Pick<NextApiRequest, "headers">;
apl: APL;
requiredPermissions?: Permission[];
}
@ -49,6 +49,8 @@ type ProcessAsyncSaleorProtectedHandler = (
/**
* Perform security checks on given request and return ProtectedHandlerContext object.
* In case of validation issues, instance of the ProtectedHandlerError will be thrown.
*
* Can pass entire next request or Headers with saleorApiUrl and token
*/
export const processSaleorProtectedHandler: ProcessAsyncSaleorProtectedHandler = async ({
req,