Add additional headers to every request

supabase-community / supabase-csharp

A C# Client library for Supabase

https://github.com/supabase-community/supabase-csharp/wiki

MIT License

484 stars 50 forks source link

Add additional headers to every request #167

Closed jonjon0815 closed 1 month ago

jonjon0815 commented 1 month ago

String? url = "https://xxxx";
String? key = "xxxxxx";

Dictionary<String, String> keys = new Dictionary<String, String>
{
       { "CF-Access-Client-Id", "xxxx.access" },
       { "CF-Access-Client-Secret", "xxxxxx" }
};

var options = new Supabase.SupabaseOptions
{
        AutoConnectRealtime = false,
        Headers = keys
};

supabase = new Supabase.Client(url, key, options);
await supabase.InitializeAsync();

I have set up a Supabase instance behind Cloudflare. Now I need to pass additional headers with every request. I already tried with the code above. This doesn't seem to be working. Does anyone have an idea how I could achieve this?

Pjort commented 1 month ago

I have exactly the same issue.

I have also tried:

options.Headers.Add({"CF-Access-Client-Secret", "xxxxxx" );

Please tell me if you manage to get a work around working.

acupofjose commented 1 month ago

This is actually missing as a feature at the moment. It would just take a small adjustment to GetAuthHeaders here. I’m away from my computer at the moment, so if you’re willing to PR, happy to have one!

Pjort commented 1 month ago

This is actually missing as a feature at the moment. It would just take a small adjustment to GetAuthHeaders here. I’m away from my computer at the moment, so if you’re willing to PR, happy to have one!

I have made a PR: https://github.com/supabase-community/supabase-csharp/pull/168

Pjort commented 1 month ago

The new version sems to have solved most of the issues I had, and I can set whatever custom header I need.

But for real time channels using the .On(ListenType.All, (sender, change) it seems it isn't sending the header. But I am still trying to locate if it is on client or server side this problem is located.

acupofjose commented 1 month ago

Since Realtime goes through Websockets, a header is only sent to establish an initial connection, it wouldn't be sent on every request

Pjort commented 1 month ago

Yes I realized whenever I wrote it.

I looked into the realtime module.

From what I could tell the ws lib used is https://github.com/Marfusios/websocket-client

It has a SetRequestHeader method on ClientWebSocket.

But in the realtime module the WebsocketClient is used. I haven't spent the time figuring out the difference. But I just wanted to give me findings on the matter.

acupofjose commented 1 month ago

Oh! I apologize - I stand corrected. We actually don't pass any headers to the realtime client. All of the authorization is handled from inside the websocket connection. But that's a feature we can add in.

acupofjose commented 1 month ago

Available in 1.1.1

Pjort commented 1 month ago

I am using the SupabasTables method .On

https://github.com/supabase-community/supabase-csharp/blob/6e2eb32e5cf260c7e9c8ca9c9dcb355f6aa43203/Supabase/SupabaseTable.cs#L43

And it seems to be calling the ConnectAsync() method https://github.com/supabase-community/realtime-csharp/blob/973cdc20fa5d79438615f7b242d3268fef88de30/Realtime/Client.cs#L131

But it seems like the headers arn't getting applied from my testing. But I might be hitting the limitations of what is possible using headers and RLS.

RLS: (current_setting('request.headers'::text, true))::json ->> 'user_api_key'::text