(core) updates from grist-core

app/server/lib/Authorizer.ts

@@ -89,6 +89,34 @@ export function isSingleUserMode(): boolean {
   return process.env.GRIST_SINGLE_USER === '1';
 }
 
+
+/**
+ * Returns a profile if it can be deduced from the request. This requires a
+ * header to specify the users' email address. The header to set comes from the
+ * environment variable GRIST_PROXY_AUTH_HEADER.
+ */
+export function getRequestProfile(req: Request): UserProfile|undefined {
+  const header = process.env.GRIST_PROXY_AUTH_HEADER;
+  let profile: UserProfile|undefined;
+
+  if (header && req.headers && req.headers[header]) {
+    const headerContent = req.headers[header];
+    if (headerContent) {
+      const userEmail = headerContent.toString();
+      const [userName] = userEmail.split("@", 1);
+      if (userEmail && userName) {
+        profile = {
+          "email": userEmail,
+          "name": userName
+        };
+      }
+    }
+  }
+
+  return profile;
+}
+
+
 /**
  * Returns the express request object with user information added, if it can be
  * found based on passed in headers or the session.  Specifically, sets:
@@ -245,6 +273,20 @@ export async function addRequestUser(dbManager: HomeDBManager, permitStore: IPer
     }
   }
 
+  if (!mreq.userId) {
+    profile = getRequestProfile(mreq);
+    if (profile) {
+      const user = await dbManager.getUserByLoginWithRetry(profile.email, profile);
+      if(user) {
+        mreq.user = user;
+        mreq.users = [profile];
+        mreq.userId = user.id;
+        mreq.userIsAuthorized = true;
+      }
+    }
+  }
+
+
   // If no userId has been found yet, fall back on anonymous.
   if (!mreq.userId) {
     const anon = dbManager.getAnonymousUser();

app/server/lib/Comm.js

@@ -50,6 +50,7 @@ const {parseFirstUrlPart} = require('app/common/gristUrls');
 const version = require('app/common/version');
 const {Client} = require('./Client');
 const {localeFromRequest} = require('app/server/lib/ServerLocale');
+const {getRequestProfile} = require('app/server/lib/Authorizer');
 
 // Bluebird promisification, to be able to use e.g. websocket.sendAsync method.
 Promise.promisifyAll(ws.prototype);
@@ -150,6 +151,20 @@ Comm.prototype._broadcastMessage = function(type, data, clients) {
   clients.forEach(client => client.sendMessage({type, data}));
 };
 
+
+/**
+ * Returns a profile based on the request or session.
+ */
+Comm.prototype._getSessionProfile = function(scopedSession, req) {
+  const profile = getRequestProfile(req);
+  if (profile) {
+    return Promise.resolve(profile);
+  } else {
+    return scopedSession.getSessionProfile();
+  }
+};
+
+
 /**
  * Sends a per-doc message to the given client.
  * @param {Object} client - The client object, as passed to all per-doc methods.
@@ -236,7 +251,7 @@ Comm.prototype._onWebSocketConnection = async function(websocket, req) {
   // Delegate message handling to the client
   websocket.on('message', client.onMessage.bind(client));
 
-  scopedSession.getSessionProfile()
+  this._getSessionProfile(scopedSession, req)
   .then((profile) => {
     log.debug(`Comm ${client}: sending clientConnect with ` +
       `${client._missedMessages.length} missed messages`);