fix(request): Move API token to Authorization header (#10)

The [v3 API Authentication docs](https://www.eventbrite.com/developer/v3/api_overview/authentication/#ebapi-authenticating-requests) indicate that the preferred approach for authenticating requests is to pass the OAuth token in the `Authorization` header instead of as a query parameter, so this makes that change. Also adds `prefer-const` ESLint rule since `eslint-config-evenbrite` doesn't yet have it defined. Fixes #9
eventbrite · Mar 2, 2018 · ed8df35 · ed8df35
1 parent 149b0a1
commit ed8df35
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 45 deletions.
diff --git a/definitions/url-lib.d.ts b/definitions/url-lib.d.ts
diff --git a/package.json b/package.json
@@ -47,8 +47,7 @@
     },
     "dependencies": {
         "isomorphic-fetch": "^2.2.1",
-        "lodash": "^4.17.5",
-        "url-lib": "^2.0.2"
+        "lodash": "^4.17.5"
     },
     "resolutions": {
         "babel-core": "^7.0.0-bridge.0"

diff --git a/src/.eslintrc.json b/src/.eslintrc.json
@@ -10,6 +10,7 @@
     "rules": {
         "no-undef": "off",
         "camelcase": "off",
+        "prefer-const": "error",
         "typescript/adjacent-overload-signatures": "error",
         "typescript/class-name-casing": "error",
         "typescript/interface-name-prefix": "error",

diff --git a/src/__tests__/index.spec.ts b/src/__tests__/index.spec.ts
@@ -51,40 +51,43 @@ describe('request', () => {
 
         expect(getMockFetch()).toHaveBeenCalledTimes(1);
         expect(getMockFetch()).toHaveBeenCalledWith(
-            `${MOCK_BASE_URL}/users/me/?token=${MOCK_TOKEN}`,
-            expect.objectContaining({})
+            `${MOCK_BASE_URL}/users/me/`,
+            expect.objectContaining({
+                headers: expect.objectContaining({
+                    Authorization: `Bearer ${MOCK_TOKEN}`,
+                }),
+            })
         );
     });
 
-    it('properly appends token to API URL when endpoint already contains query parameters', async () => {
+    it('properly specifies authorization header token when other header options are already specified', async () => {
         const {request} = eventbrite({
             token: MOCK_TOKEN,
         });
-
-        await expect(
-            request('/users/me/orders/?time_filter=past')
-        ).resolves.toEqual(MOCK_USERS_ME_RESPONSE_DATA);
-
-        expect(getMockFetch()).toHaveBeenCalledTimes(1);
-        expect(getMockFetch()).toHaveBeenCalledWith(
-            `https://www.eventbriteapi.com/v3/users/me/orders/?time_filter=past&token=${MOCK_TOKEN}`,
-            expect.objectContaining({})
-        );
-    });
-
-    it('properly passes through request options', async () => {
-        const {request} = eventbrite();
+        const body = JSON.stringify({plan: 'package2'});
         const requestOptions = {
+            body,
             method: 'POST',
-            body: JSON.stringify({plan: 'package2'}),
+            headers: {
+                'X-Requested-With': 'XMLHttpRequest',
+                'X-CSRFToken': 'CSRF_TOKEN',
+            },
         };
 
         await request('/users/:id/assortment/', requestOptions);
 
         expect(getMockFetch()).toHaveBeenCalledTimes(1);
         expect(getMockFetch()).toHaveBeenCalledWith(
             'https://www.eventbriteapi.com/v3/users/:id/assortment/',
-            expect.objectContaining(requestOptions)
+            expect.objectContaining({
+                body,
+                method: 'POST',
+                headers: expect.objectContaining({
+                    'X-Requested-With': 'XMLHttpRequest',
+                    'X-CSRFToken': 'CSRF_TOKEN',
+                    Authorization: `Bearer ${MOCK_TOKEN}`,
+                }),
+            })
         );
     });
 });
diff --git a/src/index.ts b/src/index.ts
@@ -1,6 +1,3 @@
-/// <reference path="../definitions/url-lib.d.ts"/>
-
-import {formatUrl} from 'url-lib';
 import {Sdk, SdkConfig} from './types';
 import request from './request';
 
@@ -10,14 +7,21 @@ const eventbrite = ({
     baseUrl = DEFAULT_API_URL,
     token,
 }: SdkConfig = {}): Sdk => ({
-    request: (endpoint, options?) => {
-        let url = `${baseUrl}${endpoint}`;
+    request: (endpoint, options = {}) => {
+        const url = `${baseUrl}${endpoint}`;
+        let requestOptions = options;
 
         if (token) {
-            url = formatUrl(url, {token});
+            requestOptions = {
+                ...requestOptions,
+                headers: {
+                    ...(requestOptions.headers || {}),
+                    Authorization: `Bearer ${token}`,
+                },
+            };
         }
 
-        return request(url, options);
+        return request(url, requestOptions);
     },
 });
 

diff --git a/src/request.ts b/src/request.ts
@@ -92,7 +92,10 @@ export const parseError = (
     } as ParsedResponseError;
 
     if (hasArgumentsError(responseData)) {
-        error.argumentErrors = responseData['error_detail']['ARGUMENTS_ERROR'];
+        error = {
+            ...error,
+            argumentErrors: responseData['error_detail']['ARGUMENTS_ERROR'],
+        };
     }
 
     return error;

diff --git a/yarn.lock b/yarn.lock
@@ -4516,10 +4516,6 @@ unicode-property-aliases-ecmascript@^1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-1.0.3.tgz#ac3522583b9e630580f916635333e00c5ead690d"
 
-url-lib@^2.0.2:
-  version "2.0.2"
-  resolved "https://registry.npmjs.org/url-lib/-/url-lib-2.0.2.tgz#26708f42f4c23ec821e3617044fab22e250e7afc"
-
 user-home@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/user-home/-/user-home-2.0.0.tgz#9c70bfd8169bc1dcbf48604e0f04b8b49cde9e9f"