Unlisted
Val Town is a social website to write and deploy JavaScript.
Build APIs and schedule functions from your browser.
Comments
5
zarutian avatar

Here is a version that supports private vals. (To stave of confusion, the http handler can not be private but it can import a private val)

stevekrouse avatar

Very cool! FYI – you can submit a pull request by clicking the three dots menu of your forked val – we'd love to get those improvement into this val!

Sorry about all the changes to our API. Hopefully we've finally got things into a secure and stable state.

stevekrouse avatar

Thanks for submitting the PR!

On second thought, I think this private thing makes more sense as a layer on top, ie it could be a middleware in the same way that @pomdtr/basicAuth is!

Basically you could extract this part into a function and then wrap it around anything you want to have bearer auth!

if (req.headers["Authorization"] != `Bearer ${VALTOWN_TOKEN}`) { return Response.json("Unauthorized", { status: 401, statusText: "unauthorized, val is private" }) }

I guess we could even call that function bearerAuth

zarutian avatar

the idea was to make that rpc() adapter in this way to make the run api deprication less of an breaking change.

stevekrouse avatar

Wait a sec – if you make the HTTP val private it will do this authorization part for you automatically! So you should be able to just wrap your function with std/rpc as it's currently written and then make the HTTP val private and it would work. We should probably just update the README on this val to explain that

Updated: February 7, 2024