fix(canvas): consolidate platform-auth headers via shared helper (#178) #54

Merged

claude-ceo-assistant merged 6 commits from fix/178-canvas-shared-auth-headers into main 2026-05-08 18:35:59 +00:00

Conversation 0 Commits 6 Files Changed 8 +187 -104

claude-ceo-assistant commented 2026-05-07 21:36:24 +00:00

Owner

Copy Link

Summary

• Adds platformAuthHeaders() to canvas/src/lib/api.ts as the single source of truth for the bearer-token + tenant-slug header pair every authenticated canvas fetch needs.
• Routes 7 previously-duplicated raw-fetch callsites through it: request() itself, uploadChatFiles, downloadChatFile, and the 5 Attachment* components (Image/Video/Audio/PDF/TextPreview).
• Removes 4 duplicate local getTenantSlug() copies that inline-redefined what @/lib/tenant already exports.
• Preserves the off-platform branch in AttachmentTextPreview (no bearer leakage to third-party URLs).

Why

Pre-fix, the 7 callsites each read NEXT_PUBLIC_ADMIN_TOKEN, manually attached the bearer, called a local-or-imported getTenantSlug(), and attached the slug header. A new poller / raw-fetch added without going through this exact recipe silently 401s against workspace-server when ADMIN_TOKEN is set on the server side. Closes the bug-shape gap called out in #178.

Test plan

• 6 unit tests in platform-auth-headers.test.ts — empty, bearer-only, slug-only, both, empty-string-as-unset, fresh-object-per-call.
• Mutation-test: removing the bearer attach inside the helper fails 2 of 6 immediately.
• All 1389 existing canvas vitest tests pass unchanged (no regression).
• npx tsc --noEmit clean.
• npm run build succeeds.

Hostile self-review

1. Behavior preservation in request() — the helper returns {} instead of { "Content-Type": "application/json" }; we spread the helper's result over an explicit Content-Type line so JSON requests still set it. FormData uploads (uploadChatFiles) deliberately do NOT set Content-Type so the browser writes the multipart boundary; comment added explaining this.
2. AttachmentTextPreview off-platform branch — the original code only attached auth headers when isPlatformAttachment() was true. The new code preserves this with isPlatformAttachment(uri) ? platformAuthHeaders() : {}. Without that branch, off-platform fetches would leak the admin token to third-party origins.
3. uploads.ts import surface change — removed import { getTenantSlug } from "@/lib/tenant" because it's no longer referenced. If a future caller in uploads.ts adds a slug-dependent code path, they'll either re-import or (more likely) reach for platformAuthHeaders() — the right path.

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

## Summary - Adds `platformAuthHeaders()` to `canvas/src/lib/api.ts` as the single source of truth for the bearer-token + tenant-slug header pair every authenticated canvas fetch needs. - Routes 7 previously-duplicated raw-fetch callsites through it: `request()` itself, `uploadChatFiles`, `downloadChatFile`, and the 5 `Attachment*` components (Image/Video/Audio/PDF/TextPreview). - Removes 4 duplicate local `getTenantSlug()` copies that inline-redefined what `@/lib/tenant` already exports. - Preserves the off-platform branch in `AttachmentTextPreview` (no bearer leakage to third-party URLs). ## Why Pre-fix, the 7 callsites each read `NEXT_PUBLIC_ADMIN_TOKEN`, manually attached the bearer, called a local-or-imported `getTenantSlug()`, and attached the slug header. A new poller / raw-fetch added without going through this exact recipe silently 401s against workspace-server when `ADMIN_TOKEN` is set on the server side. Closes the bug-shape gap called out in #178. ## Test plan - [x] 6 unit tests in `platform-auth-headers.test.ts` — empty, bearer-only, slug-only, both, empty-string-as-unset, fresh-object-per-call. - [x] Mutation-test: removing the bearer attach inside the helper fails 2 of 6 immediately. - [x] All 1389 existing canvas vitest tests pass unchanged (no regression). - [x] `npx tsc --noEmit` clean. - [x] `npm run build` succeeds. ## Hostile self-review 1. **Behavior preservation in `request()`** — the helper returns `{}` instead of `{ "Content-Type": "application/json" }`; we spread the helper's result over an explicit `Content-Type` line so JSON requests still set it. FormData uploads (`uploadChatFiles`) deliberately do NOT set Content-Type so the browser writes the multipart boundary; comment added explaining this. 2. **`AttachmentTextPreview` off-platform branch** — the original code only attached auth headers when `isPlatformAttachment()` was true. The new code preserves this with `isPlatformAttachment(uri) ? platformAuthHeaders() : {}`. Without that branch, off-platform fetches would leak the admin token to third-party origins. 3. **`uploads.ts` import surface change** — removed `import { getTenantSlug } from "@/lib/tenant"` because it's no longer referenced. If a future caller in `uploads.ts` adds a slug-dependent code path, they'll either re-import or (more likely) reach for `platformAuthHeaders()` — the right path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

claude-ceo-assistant added 1 commit 2026-05-07 21:36:25 +00:00

fix(canvas): consolidate platform-auth headers via shared helper (#178) ... 501d07b0f2

Closes the post-Task-#176 self-review gap: the bearer-token + tenant-
slug header construction was duplicated across 7 raw-fetch callsites
in the canvas (lib/api.ts request(), uploads.ts × 2, and 5 Attachment*
components). Each callsite read NEXT_PUBLIC_ADMIN_TOKEN, attached
Authorization: Bearer manually, computed getTenantSlug locally
(three of them inline-redefined it from /lib/tenant!), and attached
X-Molecule-Org-Slug. A new poller / raw-fetch added without going
through this exact recipe silently 401s against workspace-server when
ADMIN_TOKEN is set on the server side — the bug shape called out in
the original task.

Adds platformAuthHeaders() to lib/api.ts as the single source of truth
and routes all 7 raw-fetch callsites through it. Removes 4 duplicate
local getTenantSlug() copies (Image, Video, Audio, PDF, TextPreview)
that were inline-redefining what /lib/tenant.ts already exports.

Also preserves the AttachmentTextPreview off-platform branch — when
isPlatformAttachment() is false, headers is {} (no bearer leakage to
third-party URLs).

Tests:
- 6 unit tests in platform-auth-headers.test.ts covering: empty,
  bearer-only, slug-only, both, empty-string-as-unset, fresh-object-
  per-call. Mutation-tested: removing the bearer attach inside the
  helper fails 2 of 6 tests immediately.
- All 1389 existing canvas vitest tests pass unchanged.
- npx tsc --noEmit clean.
- npm run build succeeds (canvas Next.js build).

Per feedback_assert_exact_not_substring: tests use exact toEqual()
equality, not substring/contains, so an extra-header bug also fails
the assertion. Per feedback_oss_design_philosophy: this is the
"plugin/abstract/modular/SSOT" move applied to the auth-header
construction surface — one helper, six call sites, no duplication.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

claude-ceo-assistant added 1 commit 2026-05-07 22:24:46 +00:00

Merge branch 'main' into fix/178-canvas-shared-auth-headers e4b1248f47

Ghost referenced this issue from a commit 2026-05-07 23:54:57 +00:00

fix(ci): pin actions/upload-artifact + download-artifact to @v3 for Gitea compatibility

Ghost referenced this pull request 2026-05-07 23:55:18 +00:00

fix(ci): pin actions/upload-artifact + download-artifact to @v3 for Gitea compatibility #89

claude-ceo-assistant added 1 commit 2026-05-08 00:20:49 +00:00

Merge branch 'main' into fix/178-canvas-shared-auth-headers 9c82b2a61c

claude-ceo-assistant added 1 commit 2026-05-08 00:54:20 +00:00

Merge branch 'main' into fix/178-canvas-shared-auth-headers 7f86a245bf

claude-ceo-assistant referenced this pull request 2026-05-08 01:17:13 +00:00

[bug] [test-infra] Canvas vitest timeouts on CI: 3 first-tests flap on 5000ms default cold-start #96

Ghost referenced this issue from a commit 2026-05-08 01:20:09 +00:00

fix(canvas): bump vitest testTimeout to 30s on CI for v8-coverage cold start (#96)

Ghost referenced this pull request 2026-05-08 01:20:32 +00:00

fix(canvas): bump vitest testTimeout to 30s on CI for v8-coverage cold start (#96) #97

claude-ceo-assistant added 1 commit 2026-05-08 01:27:49 +00:00

Merge branch 'main' into fix/178-canvas-shared-auth-headers 5c62f172f0

claude-ceo-assistant added 1 commit 2026-05-08 02:46:43 +00:00

Merge branch 'main' into fix/178-canvas-shared-auth-headers b398667fce

claude-ceo-assistant merged commit bce60f1b22 into main 2026-05-08 18:35:59 +00:00

claude-ceo-assistant deleted branch fix/178-canvas-shared-auth-headers 2026-05-08 18:35:59 +00:00

claude-ceo-assistant referenced this issue from a commit 2026-05-08 18:35:59 +00:00

Merge pull request 'fix(canvas): consolidate platform-auth headers via shared helper (#178)' (#54) from fix/178-canvas-shared-auth-headers into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

No Label

tier:high

tier:low

tier:medium

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#54

No description provided.