From ab24968b67d1458e3d93a5454975d667748ed67b Mon Sep 17 00:00:00 2001 From: Lukasz Ostrowski Date: Tue, 11 Apr 2023 10:55:51 +0200 Subject: [PATCH] Require only partial of req - headers - in processProtectedHandler (#224) * Require only partial of req - headers - in processProtectedHandler * Update .changeset/tough-tips-judge.md Co-authored-by: Krzysztof Wolski --------- Co-authored-by: Krzysztof Wolski --- .changeset/tough-tips-judge.md | 7 +++++++ src/handlers/next/process-protected-handler.ts | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 .changeset/tough-tips-judge.md diff --git a/.changeset/tough-tips-judge.md b/.changeset/tough-tips-judge.md new file mode 100644 index 0000000..8249652 --- /dev/null +++ b/.changeset/tough-tips-judge.md @@ -0,0 +1,7 @@ +--- +"@saleor/app-sdk": patch +--- + +processProtectedHandler no longer requires a full NextApiRequest object as an argument. Now only the `headers` property is required to satisfy the type safety. + +Thanks to that, some requests like HTML
with tokens in BODY can be validated. Till now only fetch/ajax calls could have been validated diff --git a/src/handlers/next/process-protected-handler.ts b/src/handlers/next/process-protected-handler.ts index 519eec1..e045b77 100644 --- a/src/handlers/next/process-protected-handler.ts +++ b/src/handlers/next/process-protected-handler.ts @@ -37,7 +37,7 @@ export type ProtectedHandlerContext = { }; interface ProcessSaleorProtectedHandlerArgs { - req: NextApiRequest; + req: Pick; apl: APL; requiredPermissions?: Permission[]; } @@ -49,6 +49,8 @@ type ProcessAsyncSaleorProtectedHandler = ( /** * Perform security checks on given request and return ProtectedHandlerContext object. * In case of validation issues, instance of the ProtectedHandlerError will be thrown. + * + * Can pass entire next request or Headers with saleorApiUrl and token */ export const processSaleorProtectedHandler: ProcessAsyncSaleorProtectedHandler = async ({ req,