From d4c735c3eae8857f42ce7f18f2fb49c132865714 Mon Sep 17 00:00:00 2001
From: Shane Kilkelly <shane@kilkelly.me>
Date: Tue, 26 Sep 2017 14:21:41 +0100
Subject: [PATCH] Pass anonymous-read token along as header to web-api

---
 services/real-time/app/coffee/Router.coffee              | 3 +++
 services/real-time/app/coffee/WebApiManager.coffee       | 9 +++++++--
 services/real-time/app/coffee/WebsocketController.coffee | 4 ++--
 .../real-time/test/unit/coffee/WebApiManagerTests.coffee | 6 ++++--
 .../test/unit/coffee/WebsocketControllerTests.coffee     | 2 +-
 5 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/services/real-time/app/coffee/Router.coffee b/services/real-time/app/coffee/Router.coffee
index 2cc655eafc..1f7c744713 100644
--- a/services/real-time/app/coffee/Router.coffee
+++ b/services/real-time/app/coffee/Router.coffee
@@ -67,6 +67,9 @@ module.exports = Router =
 				user = {_id: "anonymous-user"}
 
 			client.on "joinProject", (data = {}, callback) ->
+				anonToken = session?.anonReadOnlyTokenAccess?[data.project_id]
+				if anonToken
+					user.anonToken = anonToken
 				WebsocketController.joinProject client, user, data.project_id, (err, args...) ->
 					if err?
 						Router._handleError callback, err, client, "joinProject", {project_id: data.project_id, user_id: user?.id}
diff --git a/services/real-time/app/coffee/WebApiManager.coffee b/services/real-time/app/coffee/WebApiManager.coffee
index 63bb6604e0..0d24765b9f 100644
--- a/services/real-time/app/coffee/WebApiManager.coffee
+++ b/services/real-time/app/coffee/WebApiManager.coffee
@@ -3,9 +3,13 @@ settings = require "settings-sharelatex"
 logger = require "logger-sharelatex"
 
 module.exports = WebApiManager =
-	joinProject: (project_id, user_id, callback = (error, project, privilegeLevel) ->) ->
+	joinProject: (project_id, user, callback = (error, project, privilegeLevel) ->) ->
+		user_id = user._id
 		logger.log {project_id, user_id}, "sending join project request to web"
 		url = "#{settings.apis.web.url}/project/#{project_id}/join"
+		headers = {}
+		if user.anonToken?
+			headers['x-sl-anon-token'] = user.anonToken
 		request.post {
 			url: url
 			qs: {user_id}
@@ -15,6 +19,7 @@ module.exports = WebApiManager =
 				sendImmediately: true
 			json: true
 			jar: false
+			headers: headers
 		}, (error, response, data) ->
 			return callback(error) if error?
 			if 200 <= response.statusCode < 300
@@ -22,4 +27,4 @@ module.exports = WebApiManager =
 			else
 				err = new Error("non-success status code from web: #{response.statusCode}")
 				logger.error {err, project_id, user_id}, "error accessing web api" 
-				callback err
\ No newline at end of file
+				callback err
diff --git a/services/real-time/app/coffee/WebsocketController.coffee b/services/real-time/app/coffee/WebsocketController.coffee
index e0242d4208..0da81b49a3 100644
--- a/services/real-time/app/coffee/WebsocketController.coffee
+++ b/services/real-time/app/coffee/WebsocketController.coffee
@@ -17,7 +17,7 @@ module.exports = WebsocketController =
 		user_id = user?._id
 		logger.log {user_id, project_id, client_id: client.id}, "user joining project"
 		metrics.inc "editor.join-project"
-		WebApiManager.joinProject project_id, user_id, (error, project, privilegeLevel) ->
+		WebApiManager.joinProject project_id, user, (error, project, privilegeLevel) ->
 			return callback(error) if error?
 
 			if !privilegeLevel or privilegeLevel == ""
@@ -205,4 +205,4 @@ module.exports = WebsocketController =
 		for op in update.op
 			if !op.c?
 				return false
-		return true
\ No newline at end of file
+		return true
diff --git a/services/real-time/test/unit/coffee/WebApiManagerTests.coffee b/services/real-time/test/unit/coffee/WebApiManagerTests.coffee
index 8ca08547df..453169cd54 100644
--- a/services/real-time/test/unit/coffee/WebApiManagerTests.coffee
+++ b/services/real-time/test/unit/coffee/WebApiManagerTests.coffee
@@ -8,6 +8,7 @@ describe 'WebApiManager', ->
 	beforeEach ->
 		@project_id = "project-id-123"
 		@user_id = "user-id-123"
+		@user = {_id: @user_id}
 		@callback = sinon.stub()
 		@WebApiManager = SandboxedModule.require modulePath, requires:
 			"request": @request = {}
@@ -27,7 +28,7 @@ describe 'WebApiManager', ->
 					privilegeLevel: "owner"
 				}
 				@request.post = sinon.stub().callsArgWith(1, null, {statusCode: 200}, @response)
-				@WebApiManager.joinProject @project_id, @user_id, @callback
+				@WebApiManager.joinProject @project_id, @user, @callback
 				
 			it "should send a request to web to join the project", ->
 				@request.post
@@ -41,6 +42,7 @@ describe 'WebApiManager', ->
 							sendImmediately: true
 						json: true
 						jar: false
+						headers: {}
 					})
 					.should.equal true
 					
@@ -58,4 +60,4 @@ describe 'WebApiManager', ->
 				@callback
 					.calledWith(new Error("non-success code from web: 500"))
 					.should.equal true
-	
\ No newline at end of file
+	
diff --git a/services/real-time/test/unit/coffee/WebsocketControllerTests.coffee b/services/real-time/test/unit/coffee/WebsocketControllerTests.coffee
index 8db81b716e..cddbc1a4c5 100644
--- a/services/real-time/test/unit/coffee/WebsocketControllerTests.coffee
+++ b/services/real-time/test/unit/coffee/WebsocketControllerTests.coffee
@@ -58,7 +58,7 @@ describe 'WebsocketController', ->
 				
 			it "should load the project from web", ->
 				@WebApiManager.joinProject
-					.calledWith(@project_id, @user._id)
+					.calledWith(@project_id, @user)
 					.should.equal true
 					
 			it "should join the project room", ->