Service accounts for authenticated calls

following the standards used for opensaas i have created a bunch of operations that first check if its an authenticated user making the call. i.e:

if (!context.user) {
    throw new HttpError(401, 'User not authenticated');
  }

if (!context.user) {
    throw new HttpError(401, 'User not authenticated');
  }

however i have a bunch of jobs that also need to use these queries. has anyone come up with any patterns to safely bypass authentication checks i.e through the use of serviceaccounts or rules. im thinking to implement something like this:

  // Skip authentication check if called from a server job (context.user will be undefined)
  // We can detect if it's a server-side call by checking if context.entities exists but context.user doesn't
  const isServerSideCall = !context.user && context.entities;

  // Only check authentication for client-side calls
  if (!context.user && !isServerSideCall) {
    throw new HttpError(401, 'User not authenticated');
  }

  // Log the source of the call for debugging
  if (isServerSideCall) {
    console.log('getNewsArticles called from server-side job or process');
  } else {
    console.log(`getNewsArticles called by user: ${context.user?.id}`);
  }

  // Skip authentication check if called from a server job (context.user will be undefined)
  // We can detect if it's a server-side call by checking if context.entities exists but context.user doesn't
  const isServerSideCall = !context.user && context.entities;

  // Only check authentication for client-side calls
  if (!context.user && !isServerSideCall) {
    throw new HttpError(401, 'User not authenticated');
  }

  // Log the source of the call for debugging
  if (isServerSideCall) {
    console.log('getNewsArticles called from server-side job or process');
  } else {
    console.log(`getNewsArticles called by user: ${context.user?.id}`);
  }

Wasp•10mo ago•

7 replies

Kofi_anan

Service accounts for authenticated calls

following the standards used for opensaas i have created a bunch of operations that first check if its an authenticated user making the call. i.e:

if (!context.user) {
    throw new HttpError(401, 'User not authenticated');
  }

if (!context.user) {
    throw new HttpError(401, 'User not authenticated');
  }

  // Skip authentication check if called from a server job (context.user will be undefined)
  // We can detect if it's a server-side call by checking if context.entities exists but context.user doesn't
  const isServerSideCall = !context.user && context.entities;

  // Only check authentication for client-side calls
  if (!context.user && !isServerSideCall) {
    throw new HttpError(401, 'User not authenticated');
  }

  // Log the source of the call for debugging
  if (isServerSideCall) {
    console.log('getNewsArticles called from server-side job or process');
  } else {
    console.log(`getNewsArticles called by user: ${context.user?.id}`);
  }

  // Skip authentication check if called from a server job (context.user will be undefined)
  // We can detect if it's a server-side call by checking if context.entities exists but context.user doesn't
  const isServerSideCall = !context.user && context.entities;

  // Only check authentication for client-side calls
  if (!context.user && !isServerSideCall) {
    throw new HttpError(401, 'User not authenticated');
  }

  // Log the source of the call for debugging
  if (isServerSideCall) {
    console.log('getNewsArticles called from server-side job or process');
  } else {
    console.log(`getNewsArticles called by user: ${context.user?.id}`);
  }

Service accounts for authenticated calls

Similar Threads

Service accounts for authenticated calls

Similar Threads

Similar Threads

Similar Threads