EandrewJones opened a new pull request, #124: URL: https://github.com/apache/flagon/pull/124
## Add `x-api-key` Auth Support ### Summary - Add `apiKey` config option to the core `flagon-userale` library that sends an `x-api-key` HTTP header with log requests - Add auth mode selector (None / OAuth / API Key) to the browser extension options UI - Fix existing bug where the extension stored an OAuth `accessToken` but never actually sent it to userale - Fix `setStoredOptions()` validation bug that rejected partial updates (e.g. saving only `apiKey` would throw because `allowList` was undefined) ### Changes **Core library (`flagon-userale`)** - `src/types.d.ts` — new `ApiKey` type, added to `ConfigValueTypes` union and `Config` interface - `src/configure.ts` — new `apiKey` property on the `Configuration` singleton - `src/getInitialSettings.ts` — `apiKey` in worker and browser default settings (reads `data-api-key` attribute) - `src/sendLogs.ts` — sets `x-api-key` header in both `sendLogs()` and `sendOnClose()` when configured **Browser extension (`flagon-userale-ext`)** - `src/utils/storage.ts` — added `apiKey` and `authMode` fields to `StoredOptions`; fixed validation guard on partial updates - `src/options/auth.tsx` — auth mode radio selector with conditional OAuth / API Key forms - `src/background/messages/config_change.ts` — wires the selected auth mode to userale via `userale.options()` **Tests** - `test/spec/sendLogs.spec.ts` — `x-api-key` header present when set, absent when null, coexists with `Authorization` - `test/spec/configure.spec.ts` — `apiKey` settable via `config.update()` ### Test plan - [ ] `cd products/userale/packages/flagon-userale && pnpm test` — all unit tests pass - [ ] `cd products/userale && pnpm build` — core library and extension build cleanly - [ ] `pnpm lint` — no new lint errors - [ ] Load unpacked extension in Chrome, open options, select API Key mode, enter a key, save — verify `x-api-key` header appears on log POST requests in the Network tab - [ ] Verify OAuth flow still works and sends `Authorization: Bearer <token>` header - [ ] Verify "None" mode clears both auth headers -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
