Pass anonymous-read token along as header to web-api

services/real-time/app/coffee/Router.coffee

@@ -67,6 +67,9 @@ module.exports = Router =
 				user = {_id: "anonymous-user"}
 
 			client.on "joinProject", (data = {}, callback) ->
+				anonToken = session?.anonReadOnlyTokenAccess?[data.project_id]
+				if anonToken
+					user.anonToken = anonToken
 				WebsocketController.joinProject client, user, data.project_id, (err, args...) ->
 					if err?
 						Router._handleError callback, err, client, "joinProject", {project_id: data.project_id, user_id: user?.id}

services/real-time/app/coffee/WebApiManager.coffee

@@ -3,9 +3,13 @@ settings = require "settings-sharelatex"
 logger = require "logger-sharelatex"
 
 module.exports = WebApiManager =
-	joinProject: (project_id, user_id, callback = (error, project, privilegeLevel) ->) ->
+	joinProject: (project_id, user, callback = (error, project, privilegeLevel) ->) ->
+		user_id = user._id
 		logger.log {project_id, user_id}, "sending join project request to web"
 		url = "#{settings.apis.web.url}/project/#{project_id}/join"
+		headers = {}
+		if user.anonToken?
+			headers['x-sl-anon-token'] = user.anonToken
 		request.post {
 			url: url
 			qs: {user_id}
@@ -15,6 +19,7 @@ module.exports = WebApiManager =
 				sendImmediately: true
 			json: true
 			jar: false
+			headers: headers
 		}, (error, response, data) ->
 			return callback(error) if error?
 			if 200 <= response.statusCode < 300
@@ -22,4 +27,4 @@ module.exports = WebApiManager =
 			else
 				err = new Error("non-success status code from web: #{response.statusCode}")
 				logger.error {err, project_id, user_id}, "error accessing web api" 
-				callback err
+				callback err

services/real-time/app/coffee/WebsocketController.coffee

@@ -17,7 +17,7 @@ module.exports = WebsocketController =
 		user_id = user?._id
 		logger.log {user_id, project_id, client_id: client.id}, "user joining project"
 		metrics.inc "editor.join-project"
-		WebApiManager.joinProject project_id, user_id, (error, project, privilegeLevel) ->
+		WebApiManager.joinProject project_id, user, (error, project, privilegeLevel) ->
 			return callback(error) if error?
 
 			if !privilegeLevel or privilegeLevel == ""
@@ -205,4 +205,4 @@ module.exports = WebsocketController =
 		for op in update.op
 			if !op.c?
 				return false
-		return true
+		return true

services/real-time/test/unit/coffee/WebApiManagerTests.coffee

@@ -8,6 +8,7 @@ describe 'WebApiManager', ->
 	beforeEach ->
 		@project_id = "project-id-123"
 		@user_id = "user-id-123"
+		@user = {_id: @user_id}
 		@callback = sinon.stub()
 		@WebApiManager = SandboxedModule.require modulePath, requires:
 			"request": @request = {}
@@ -27,7 +28,7 @@ describe 'WebApiManager', ->
 					privilegeLevel: "owner"
 				}
 				@request.post = sinon.stub().callsArgWith(1, null, {statusCode: 200}, @response)
-				@WebApiManager.joinProject @project_id, @user_id, @callback
+				@WebApiManager.joinProject @project_id, @user, @callback
 				
 			it "should send a request to web to join the project", ->
 				@request.post
@@ -41,6 +42,7 @@ describe 'WebApiManager', ->
 							sendImmediately: true
 						json: true
 						jar: false
+						headers: {}
 					})
 					.should.equal true
 					
@@ -58,4 +60,4 @@ describe 'WebApiManager', ->
 				@callback
 					.calledWith(new Error("non-success code from web: 500"))
 					.should.equal true
-	
+	

services/real-time/test/unit/coffee/WebsocketControllerTests.coffee

@@ -58,7 +58,7 @@ describe 'WebsocketController', ->
 				
 			it "should load the project from web", ->
 				@WebApiManager.joinProject
-					.calledWith(@project_id, @user._id)
+					.calledWith(@project_id, @user)
 					.should.equal true
 					
 			it "should join the project room", ->