feat(#194): Fix workspace ID transmission mismatch between API and client
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- Update WorkspaceGuard to support query string as fallback (backward compatibility) - Priority order: Header > Param > Body > Query - Update web client to send workspace ID via X-Workspace-Id header (recommended) - Extend apiRequest helpers to accept workspace ID option - Update fetchTasks to use header instead of query parameter - Add comprehensive tests for all workspace ID transmission methods - Tests passing: API 11 tests, Web 6 new tests (total 494) This ensures consistent workspace ID handling with proper multi-tenant isolation while maintaining backward compatibility with existing query string approaches. Fixes #194 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -3,7 +3,7 @@
|
||||
* Handles authenticated requests to the backend API
|
||||
*/
|
||||
|
||||
/* eslint-disable @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-misused-spread */
|
||||
/* eslint-disable @typescript-eslint/no-unsafe-assignment */
|
||||
|
||||
const API_BASE_URL = process.env.NEXT_PUBLIC_API_URL ?? "http://localhost:3001";
|
||||
|
||||
@@ -22,18 +22,35 @@ export interface ApiResponse<T> {
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Options for API requests with workspace context
|
||||
*/
|
||||
export interface ApiRequestOptions extends RequestInit {
|
||||
workspaceId?: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Make an authenticated API request
|
||||
*/
|
||||
export async function apiRequest<T>(endpoint: string, options: RequestInit = {}): Promise<T> {
|
||||
export async function apiRequest<T>(endpoint: string, options: ApiRequestOptions = {}): Promise<T> {
|
||||
const url = `${API_BASE_URL}${endpoint}`;
|
||||
const { workspaceId, ...fetchOptions } = options;
|
||||
|
||||
// Build headers with workspace ID if provided
|
||||
const baseHeaders = (fetchOptions.headers as Record<string, string> | undefined) ?? {};
|
||||
const headers: Record<string, string> = {
|
||||
"Content-Type": "application/json",
|
||||
...baseHeaders,
|
||||
};
|
||||
|
||||
// Add workspace ID header if provided (recommended over query string)
|
||||
if (workspaceId) {
|
||||
headers["X-Workspace-Id"] = workspaceId;
|
||||
}
|
||||
|
||||
const response = await fetch(url, {
|
||||
...options,
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
...(options.headers ?? {}),
|
||||
},
|
||||
...fetchOptions,
|
||||
headers,
|
||||
credentials: "include", // Include cookies for session
|
||||
});
|
||||
|
||||
@@ -54,15 +71,23 @@ export async function apiRequest<T>(endpoint: string, options: RequestInit = {})
|
||||
/**
|
||||
* GET request helper
|
||||
*/
|
||||
export async function apiGet<T>(endpoint: string): Promise<T> {
|
||||
return apiRequest<T>(endpoint, { method: "GET" });
|
||||
export async function apiGet<T>(endpoint: string, workspaceId?: string): Promise<T> {
|
||||
const options: ApiRequestOptions = { method: "GET" };
|
||||
if (workspaceId !== undefined) {
|
||||
options.workspaceId = workspaceId;
|
||||
}
|
||||
return apiRequest<T>(endpoint, options);
|
||||
}
|
||||
|
||||
/**
|
||||
* POST request helper
|
||||
*/
|
||||
export async function apiPost<T>(endpoint: string, data?: unknown): Promise<T> {
|
||||
const options: RequestInit = {
|
||||
export async function apiPost<T>(
|
||||
endpoint: string,
|
||||
data?: unknown,
|
||||
workspaceId?: string
|
||||
): Promise<T> {
|
||||
const options: ApiRequestOptions = {
|
||||
method: "POST",
|
||||
};
|
||||
|
||||
@@ -70,22 +95,40 @@ export async function apiPost<T>(endpoint: string, data?: unknown): Promise<T> {
|
||||
options.body = JSON.stringify(data);
|
||||
}
|
||||
|
||||
if (workspaceId !== undefined) {
|
||||
options.workspaceId = workspaceId;
|
||||
}
|
||||
|
||||
return apiRequest<T>(endpoint, options);
|
||||
}
|
||||
|
||||
/**
|
||||
* PATCH request helper
|
||||
*/
|
||||
export async function apiPatch<T>(endpoint: string, data: unknown): Promise<T> {
|
||||
return apiRequest<T>(endpoint, {
|
||||
export async function apiPatch<T>(
|
||||
endpoint: string,
|
||||
data: unknown,
|
||||
workspaceId?: string
|
||||
): Promise<T> {
|
||||
const options: ApiRequestOptions = {
|
||||
method: "PATCH",
|
||||
body: JSON.stringify(data),
|
||||
});
|
||||
};
|
||||
|
||||
if (workspaceId !== undefined) {
|
||||
options.workspaceId = workspaceId;
|
||||
}
|
||||
|
||||
return apiRequest<T>(endpoint, options);
|
||||
}
|
||||
|
||||
/**
|
||||
* DELETE request helper
|
||||
*/
|
||||
export async function apiDelete<T>(endpoint: string): Promise<T> {
|
||||
return apiRequest<T>(endpoint, { method: "DELETE" });
|
||||
export async function apiDelete<T>(endpoint: string, workspaceId?: string): Promise<T> {
|
||||
const options: ApiRequestOptions = { method: "DELETE" };
|
||||
if (workspaceId !== undefined) {
|
||||
options.workspaceId = workspaceId;
|
||||
}
|
||||
return apiRequest<T>(endpoint, options);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user