Add database token authentication helpers for OpenOps Tables (#1659)

cezudas · web-flow · commit 07c88c4c2adc · 2025-11-24T20:42:28.000+02:00
Part of OPS-3021.
diff --git a/packages/openops/src/lib/openops-tables/context-helpers.ts b/packages/openops/src/lib/openops-tables/context-helpers.ts
@@ -0,0 +1,29 @@
+import { ServerContext } from '@openops/blocks-framework';
+import { AppSystemProp, encryptUtils, system } from '@openops/server-shared';
+import { authenticateDefaultUserInOpenOpsTables } from './auth-user';
+
+export function shouldUseDatabaseToken(): boolean {
+  return system.getBoolean(AppSystemProp.ENABLE_TABLES_DATABASE_TOKEN) ?? false;
+}
+
+export type TokenOrResolver = string | { getToken: () => string };
+export type TablesServerContext = Pick<
+  ServerContext,
+  'tablesDatabaseId' | 'tablesDatabaseToken'
+>;
+
+export async function resolveTokenProvider(
+  serverContext: TablesServerContext,
+): Promise<TokenOrResolver> {
+  if (shouldUseDatabaseToken()) {
+    return {
+      getToken: () => {
+        const { tablesDatabaseToken } = serverContext;
+        return encryptUtils.decryptString(tablesDatabaseToken);
+      },
+    };
+  }
+
+  const { token } = await authenticateDefaultUserInOpenOpsTables();
+  return token;
+}
diff --git a/packages/openops/src/lib/openops-tables/create-axios-headers.ts b/packages/openops/src/lib/openops-tables/create-axios-headers.ts
@@ -0,0 +1,35 @@
+import { AxiosHeaders } from 'axios';
+import { shouldUseDatabaseToken, TokenOrResolver } from './context-helpers';
+
+export enum AuthType {
+  JWT = 'JWT',
+  Token = 'Token',
+}
+
+function getToken(tokenOrResolver: TokenOrResolver): string {
+  return typeof tokenOrResolver === 'string'
+    ? tokenOrResolver
+    : tokenOrResolver.getToken();
+}
+
+function getAuthPrefix(
+  useJwtOverride: boolean,
+  shouldUseDatabaseTokenConfig: boolean,
+): AuthType {
+  const useJwt = useJwtOverride || !shouldUseDatabaseTokenConfig;
+  return useJwt ? AuthType.JWT : AuthType.Token;
+}
+
+export const createAxiosHeaders = (
+  tokenOrResolver: TokenOrResolver,
+): AxiosHeaders => {
+  const useJwtOverride = typeof tokenOrResolver === 'string';
+  const token = getToken(tokenOrResolver);
+
+  const prefix = getAuthPrefix(useJwtOverride, shouldUseDatabaseToken());
+
+  return new AxiosHeaders({
+    'Content-Type': 'application/json',
+    Authorization: `${prefix} ${token}`,
+  });
+};
diff --git a/packages/server/shared/src/lib/system/system-prop.ts b/packages/server/shared/src/lib/system/system-prop.ts
@@ -110,6 +110,7 @@ export enum AppSystemProp {
 
   MAX_LLM_CALLS_WITHOUT_INTERACTION = 'MAX_LLM_CALLS_WITHOUT_INTERACTION',
   LLM_CHAT_EXPIRE_TIME_SECONDS = 'LLM_CHAT_EXPIRE_TIME_SECONDS',
+  ENABLE_TABLES_DATABASE_TOKEN = 'ENABLE_TABLES_DATABASE_TOKEN',
 }
 
 export enum SharedSystemProp {
diff --git a/packages/server/shared/src/lib/system/system.ts b/packages/server/shared/src/lib/system/system.ts
@@ -98,6 +98,7 @@ const systemPropDefaultValues: Partial<Record<SystemProp, string>> = {
   [AppSystemProp.LLM_CHAT_EXPIRE_TIME_SECONDS]: '86400', // 24 hours
   [AppSystemProp.TELEMETRY_MODE]: 'COLLECTOR',
   [AppSystemProp.TELEMETRY_COLLECTOR_URL]: 'https://telemetry.openops.com/save',
+  [AppSystemProp.ENABLE_TABLES_DATABASE_TOKEN]: 'false',
   [SharedSystemProp.ENABLE_HOST_VALIDATION]: 'true',
 };
 

Original file line number	Diff line number	Diff line change
`@@ -110,6 +110,7 @@ export enum AppSystemProp {`
`110`	`110`
`111`	`111`	`MAX_LLM_CALLS_WITHOUT_INTERACTION = 'MAX_LLM_CALLS_WITHOUT_INTERACTION',`
`112`	`112`	`LLM_CHAT_EXPIRE_TIME_SECONDS = 'LLM_CHAT_EXPIRE_TIME_SECONDS',`
	`113`	`+ ENABLE_TABLES_DATABASE_TOKEN = 'ENABLE_TABLES_DATABASE_TOKEN',`
`113`	`114`	`}`
`114`	`115`
`115`	`116`	`export enum SharedSystemProp {`