From 4ca474490e00ce2ef49fcc02c2672e1f68dd6a69 Mon Sep 17 00:00:00 2001
From: Kat Schelonka <kschelonka@mozilla.com>
Date: Thu, 9 Jan 2025 09:49:25 -0800
Subject: [PATCH] fix(v3proxy): allow cookie auth on v3/send

---
 servers/v3-proxy-api/src/graph/graphQLClient.ts          | 4 ++--
 servers/v3-proxy-api/src/routes/ActionsRouter.ts         | 2 +-
 servers/v3-proxy-api/src/routes/v3Send.integration.ts    | 9 +++++++++
 .../v3-proxy-api/src/routes/validations/SendSchema.ts    | 3 ++-
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/servers/v3-proxy-api/src/graph/graphQLClient.ts b/servers/v3-proxy-api/src/graph/graphQLClient.ts
index bfb2738c7..2c667744d 100644
--- a/servers/v3-proxy-api/src/graph/graphQLClient.ts
+++ b/servers/v3-proxy-api/src/graph/graphQLClient.ts
@@ -43,7 +43,7 @@ import * as Sentry from '@sentry/node';
 import { serverLogger } from '@pocket-tools/ts-logger';
 
 export function getClient(
-  accessToken: string,
+  accessToken: string | null,
   consumerKey: string,
   headers: any,
 ) {
@@ -74,7 +74,7 @@ export function getClient(
 export class GraphQLClientFactory {
   url: string;
   constructor(
-    accessToken: string,
+    accessToken: string | null,
     consumerKey: string,
     private headers: any,
   ) {
diff --git a/servers/v3-proxy-api/src/routes/ActionsRouter.ts b/servers/v3-proxy-api/src/routes/ActionsRouter.ts
index ae020dff1..e6a68d741 100644
--- a/servers/v3-proxy-api/src/routes/ActionsRouter.ts
+++ b/servers/v3-proxy-api/src/routes/ActionsRouter.ts
@@ -101,7 +101,7 @@ type SendActionResult = {
 export class ActionsRouter {
   protected client: GraphQLClientFactory;
   constructor(
-    accessToken: string,
+    accessToken: string | null,
     consumerKey: string,
     headers: Request['headers'],
   ) {
diff --git a/servers/v3-proxy-api/src/routes/v3Send.integration.ts b/servers/v3-proxy-api/src/routes/v3Send.integration.ts
index 0b2722990..cd4e3b780 100644
--- a/servers/v3-proxy-api/src/routes/v3Send.integration.ts
+++ b/servers/v3-proxy-api/src/routes/v3Send.integration.ts
@@ -183,6 +183,15 @@ describe('v3/send', () => {
           });
         expect(response.status).toEqual(400);
       });
+      it('makes request without access token (cookie auth)', async () => {
+        const response = await request(app)
+          .post('/v3/send')
+          .send({
+            consumer_key: 'test',
+            actions: [{ action: 'add', url: 'http://domain.com/path' }],
+          });
+        expect(response.status).toEqual(200);
+      });
       it('returns 400 if proper identifiers are not included', async () => {
         const response = await request(app)
           .post('/v3/send')
diff --git a/servers/v3-proxy-api/src/routes/validations/SendSchema.ts b/servers/v3-proxy-api/src/routes/validations/SendSchema.ts
index a91d82ef4..c975e6b65 100644
--- a/servers/v3-proxy-api/src/routes/validations/SendSchema.ts
+++ b/servers/v3-proxy-api/src/routes/validations/SendSchema.ts
@@ -2,7 +2,7 @@ import { Schema } from 'express-validator';
 import { MaybeAction } from './SendActionValidators';
 
 export type V3SendParams = {
-  access_token: string;
+  access_token?: string;
   consumer_key: string;
   actions: MaybeAction[];
 };
@@ -17,6 +17,7 @@ export type V3SendParams = {
  */
 export const V3SendSchemaPost: Schema = {
   access_token: {
+    optional: true,
     isString: true,
     notEmpty: {
       errorMessage: '`access_token` cannot be empty',