Fix more issues related to admin auth and appcheck. (#5146)

jsdt · web-flow · commit fb3e35965b23 · 2021-07-14T12:15:31.000-07:00
* Pass auth token to the connection, and use Bearer in the header value

* Add changeset.

* Don't use lastSessionId as transportSessionId.
diff --git a/.changeset/wet-pets-travel.md b/.changeset/wet-pets-travel.md
@@ -0,0 +1,5 @@
+---
+'@firebase/database': patch
+---
+
+Fix sending of auth tokens on node.
diff --git a/packages/database/src/realtime/Connection.ts b/packages/database/src/realtime/Connection.ts
@@ -122,6 +122,8 @@ export class Connection {
       this.repoInfo_,
       this.applicationId_,
       this.appCheckToken_,
+      this.authToken_,
+      null,
       this.lastSessionId
     );
 
diff --git a/packages/database/src/realtime/WebSocketConnection.ts b/packages/database/src/realtime/WebSocketConnection.ts
@@ -172,7 +172,7 @@ export class WebSocketConnection implements Transport {
         // Note that this header is just used to bypass appcheck, and the token should still be sent
         // through the websocket connection once it is established.
         if (this.authToken) {
-          options.headers['Authorization'] = this.authToken;
+          options.headers['Authorization'] = `Bearer ${this.authToken}`;
         }
         if (this.appCheckToken) {
           options.headers['X-Firebase-AppCheck'] = this.appCheckToken;
@@ -238,7 +238,7 @@ export class WebSocketConnection implements Transport {
   /**
    * No-op for websockets, we don't need to do anything once the connection is confirmed as open
    */
-  start() { }
+  start() {}
 
   static forceDisallow_: boolean;
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@firebase/database': patch
 +---
++
 +Fix sending of auth tokens on node.