Fix more issues related to admin auth and appcheck. (#5146)

* Pass auth token to the connection, and use Bearer in the header value * Add changeset. * Don't use lastSessionId as transportSessionId.
firebase · Jul 14, 2021 · fb3e359 · fb3e359
1 parent cca8d4b
commit fb3e359
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/.changeset/wet-pets-travel.md b/.changeset/wet-pets-travel.md
@@ -0,0 +1,5 @@
+---
+'@firebase/database': patch
+---
+
+Fix sending of auth tokens on node.
diff --git a/packages/database/src/realtime/Connection.ts b/packages/database/src/realtime/Connection.ts
@@ -122,6 +122,8 @@ export class Connection {
       this.repoInfo_,
       this.applicationId_,
       this.appCheckToken_,
+      this.authToken_,
+      null,
       this.lastSessionId
     );
 

diff --git a/packages/database/src/realtime/WebSocketConnection.ts b/packages/database/src/realtime/WebSocketConnection.ts
@@ -172,7 +172,7 @@ export class WebSocketConnection implements Transport {
         // Note that this header is just used to bypass appcheck, and the token should still be sent
         // through the websocket connection once it is established.
         if (this.authToken) {
-          options.headers['Authorization'] = this.authToken;
+          options.headers['Authorization'] = `Bearer ${this.authToken}`;
         }
         if (this.appCheckToken) {
           options.headers['X-Firebase-AppCheck'] = this.appCheckToken;
@@ -238,7 +238,7 @@ export class WebSocketConnection implements Transport {
   /**
    * No-op for websockets, we don't need to do anything once the connection is confirmed as open
    */
-  start() { }
+  start() {}
 
   static forceDisallow_: boolean;