fix(realtime): remove jwt check (#658)

* fix(realtime): remove jwt check Also: - Call `setAuth` after heartbeat - Send `x-client-info` when joining channel * fix tests * only send token if changed
supabase · Feb 10, 2025 · 4c95559 · 4c95559
1 parent 554f93c
commit 4c95559
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 33 deletions.
diff --git a/.swiftpm/xcode/xcshareddata/xcschemes/Realtime.xcscheme b/.swiftpm/xcode/xcshareddata/xcschemes/Realtime.xcscheme
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
    LastUpgradeVersion = "1510"
-   version = "1.7">
+   version = "1.3">
    <BuildAction
       parallelizeBuildables = "YES"
       buildImplicitDependencies = "YES">
@@ -26,8 +26,29 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES">
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      codeCoverageEnabled = "YES"
+      onlyGenerateCoverageForSpecifiedTargets = "YES">
+      <CodeCoverageTargets>
+         <BuildableReference
+            BuildableIdentifier = "primary"
+            BlueprintIdentifier = "Realtime"
+            BuildableName = "Realtime"
+            BlueprintName = "Realtime"
+            ReferencedContainer = "container:">
+         </BuildableReference>
+      </CodeCoverageTargets>
       <Testables>
+         <TestableReference
+            skipped = "NO">
+            <BuildableReference
+               BuildableIdentifier = "primary"
+               BlueprintIdentifier = "RealtimeTests"
+               BuildableName = "RealtimeTests"
+               BlueprintName = "RealtimeTests"
+               ReferencedContainer = "container:">
+            </BuildableReference>
+         </TestableReference>
       </Testables>
    </TestAction>
    <LaunchAction

diff --git a/Sources/Realtime/RealtimeChannelV2.swift b/Sources/Realtime/RealtimeChannelV2.swift
@@ -104,7 +104,8 @@ public final class RealtimeChannelV2: Sendable {
 
     let payload = RealtimeJoinPayload(
       config: joinConfig,
-      accessToken: await socket._getAccessToken()
+      accessToken: await socket._getAccessToken(),
+      version: socket.options.headers[.xClientInfo]
     )
 
     let joinRef = socket.makeRef()

diff --git a/Sources/Realtime/RealtimeClientV2.swift b/Sources/Realtime/RealtimeClientV2.swift
@@ -117,13 +117,18 @@ public final class RealtimeClientV2: Sendable {
     wsTransport: @escaping WebSocketTransport,
     http: any HTTPClientType
   ) {
+    var options = options
+    if options.headers[.xClientInfo] == nil {
+      options.headers[.xClientInfo] = "realtime-swift/\(version)"
+    }
+
     self.url = url
     self.options = options
     self.wsTransport = wsTransport
     self.http = http
     apikey = options.apikey
 
-    mutableState.withValue {
+    mutableState.withValue { [options] in
       if let accessToken = options.headers[.authorization]?.split(separator: " ").last {
         $0.accessToken = String(accessToken)
       } else {
@@ -353,15 +358,15 @@ public final class RealtimeClientV2: Sendable {
         if Task.isCancelled {
           break
         }
-        self?.sendHeartbeat()
+        await self?.sendHeartbeat()
       }
     }
     mutableState.withValue {
       $0.heartbeatTask = heartbeatTask
     }
   }
 
-  private func sendHeartbeat() {
+  private func sendHeartbeat() async {
     let pendingHeartbeatRef: String? = mutableState.withValue {
       if $0.pendingHeartbeatRef != nil {
         $0.pendingHeartbeatRef = nil
@@ -383,6 +388,7 @@ public final class RealtimeClientV2: Sendable {
           payload: [:]
         )
       )
+      await setAuth()
     } else {
       options.logger?.debug("Heartbeat timeout")
       reconnect()
@@ -416,21 +422,13 @@ public final class RealtimeClientV2: Sendable {
   /// On callback used, it will set the value of the token internal to the client.
   /// - Parameter token: A JWT string to override the token set on the client.
   public func setAuth(_ token: String? = nil) async {
-    var token = token
-
-    if token == nil {
-      token = try? await options.accessToken?()
-    }
+    var tokenToSend = token
 
-    if token == nil {
-      token = mutableState.accessToken
+    if tokenToSend == nil {
+      tokenToSend = try? await options.accessToken?()
     }
 
-    if let token, let payload = JWT.decodePayload(token),
-      let exp = payload["exp"] as? TimeInterval, exp < Date().timeIntervalSince1970
-    {
-      options.logger?.warning(
-        "InvalidJWTToken: Invalid value for JWT claim \"exp\" with value \(exp)")
+    guard tokenToSend != mutableState.accessToken else {
       return
     }
 

diff --git a/Sources/Realtime/RealtimeJoinConfig.swift b/Sources/Realtime/RealtimeJoinConfig.swift
@@ -10,10 +10,12 @@ import Foundation
 struct RealtimeJoinPayload: Codable {
   var config: RealtimeJoinConfig
   var accessToken: String?
+  var version: String?
 
   enum CodingKeys: String, CodingKey {
     case config
     case accessToken = "access_token"
+    case version
   }
 }
 

diff --git a/Tests/RealtimeTests/RealtimeTests.swift b/Tests/RealtimeTests/RealtimeTests.swift
@@ -113,7 +113,7 @@ final class RealtimeTests: XCTestCase {
     XCTAssertEqual(channelStatuses.value, [.unsubscribed, .subscribing, .subscribed])
 
     assertInlineSnapshot(of: client.sentEvents.map(\.json), as: .json) {
-      """
+      #"""
       [
         {
           "text" : {
@@ -147,14 +147,15 @@ final class RealtimeTests: XCTestCase {
                   "key" : ""
                 },
                 "private" : false
-              }
+              },
+              "version" : "realtime-swift\/0.0.0"
             },
             "ref" : "1",
             "topic" : "realtime:public:messages"
           }
         }
       ]
-      """
+      """#
     }
   }
 
@@ -199,7 +200,7 @@ final class RealtimeTests: XCTestCase {
       $0.event == "phx_join"
     }
     assertInlineSnapshot(of: events, as: .json) {
-      """
+      #"""
       [
         {
           "event" : "phx_join",
@@ -218,7 +219,8 @@ final class RealtimeTests: XCTestCase {
                 "key" : ""
               },
               "private" : false
-            }
+            },
+            "version" : "realtime-swift\/0.0.0"
           },
           "ref" : "1",
           "topic" : "realtime:public:messages"
@@ -240,13 +242,14 @@ final class RealtimeTests: XCTestCase {
                 "key" : ""
               },
               "private" : false
-            }
+            },
+            "version" : "realtime-swift\/0.0.0"
           },
           "ref" : "2",
           "topic" : "realtime:public:messages"
         }
       ]
-      """
+      """#
     }
   }
 
@@ -378,14 +381,6 @@ final class RealtimeTests: XCTestCase {
     XCTAssertEqual(sut.mutableState.accessToken, validToken)
   }
 
-  func testSetAuthWithExpiredToken() async throws {
-    let expiredToken =
-      "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOi02NDA5MjIxMTIwMH0.tnbZRC8vEyK3zaxPxfOjNgvpnuum18dxYlXeHJ4r7u8"
-    await sut.setAuth(expiredToken)
-
-    XCTAssertNotEqual(sut.mutableState.accessToken, expiredToken)
-  }
-
   func testSetAuthWithNonJWT() async throws {
     let token = "sb-token"
     await sut.setAuth(token)