- Fix access to undefined request user for unauthenticated requests

- Redis lookup via custom `vcap` environment configuration

CHANGELOG.md

@@ -5,11 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## Version 1.0.1 - 2024-06-xx
+## Version 1.0.1 - 2024-06-03
 
 ### Fixed
 
-- tbd
+- Fix access to undefined request user for unauthenticated requests
+- Redis lookup via custom `vcap` environment configuration
 
 ## Version 1.0.0 - 2024-05-03
 

package.json

@@ -54,7 +54,7 @@
     "@eslint/js": "9.4.0",
     "@sap/cds": "^7.9.2",
     "@sap/cds-dk": "^7.9.2",
-    "@sap/xssec": "4.0.0",
+    "@sap/xssec": "4.0.1",
     "@socket.io/redis-adapter": "^8.3.0",
     "@socket.io/redis-streams-adapter": "^0.2.2",
     "@types/express": "^4.17.21",
@@ -132,6 +132,21 @@
                       "type": "boolean",
                       "description": "Enable websocket adapter in local environment",
                       "default": false
+                    },
+                    "vcap": {
+                      "type": "object",
+                      "description": "VCAP service environment",
+                      "properties": {
+                        "label": {
+                          "type": "string",
+                          "description": "VCAP service label"
+                        },
+                        "tag": {
+                          "type": "string",
+                          "description": "VCAP service tag"
+                        }
+                      },
+                      "additionalProperties": true
                     }
                   }
                 }
@@ -145,7 +160,7 @@
         }
       }
     },
-    "weboscket": {
+    "websocket": {
       "kind": "ws"
     }
   }

src/index.js

@@ -351,15 +351,15 @@ function deriveElements(event, data) {
 function deriveUser(event, data, headers, req) {
   if ((headers?.wsExcludeCurrentUser || headers?.excludeCurrentUser) !== undefined) {
     if (headers?.wsExcludeCurrentUser || headers?.excludeCurrentUser) {
-      return req.context.user.id;
+      return req.context.user?.id;
     }
     return;
   }
   let user =
     event["@websocket.user"] || event["@ws.user"] || event["@websocket.broadcast.user"] || event["@ws.broadcast.user"];
   switch (user) {
     case "excludeCurrent":
-      return req.context.user.id;
+      return req.context.user?.id;
   }
   if (event.elements) {
     for (const name in event.elements) {
@@ -371,7 +371,7 @@ function deriveUser(event, data, headers, req) {
         element["@ws.broadcast.user"];
       switch (user) {
         case "excludeCurrent":
-          return data[name] ? req.context.user.id : undefined;
+          return data[name] ? req.context.user?.id : undefined;
       }
     }
   }

src/redis/index.js

@@ -56,7 +56,7 @@ const createClientBase = (options = {}) => {
   }
   let credentials;
   try {
-    credentials = xsenv.serviceCredentials({ label: "redis-cache" });
+    credentials = xsenv.serviceCredentials({ label: "redis-cache", ...cds.env.websocket?.adapter?.vcap });
   } catch (err) {
     LOG?.info(err.message);
   }

src/socket/socket.io.js

@@ -34,7 +34,7 @@ class SocketIOServer extends SocketServer {
       try {
         this.enforceAuth(socket);
         socket.tenant = socket.request.tenant;
-        socket.user = socket.request.user.id;
+        socket.user = socket.request.user?.id;
         socket.join(room({ tenant: socket.tenant }));
         socket.join(room({ tenant: socket.tenant, user: socket.user }));
         if (socket.request._query?.id) {

src/socket/ws.js

@@ -66,7 +66,7 @@ class SocketWSServer extends SocketServer {
         try {
           this.enforceAuth(ws);
           ws.tenant = ws.request.tenant;
-          ws.user = ws.request.user.id;
+          ws.user = ws.request.user?.id;
           const facade = {
             service,
             socket: ws,