Skip to content

Add access modality header + tests#24

Open
JCRPaquin wants to merge 3 commits into
mainfrom
jcrpaquin/feature/access-modality-header
Open

Add access modality header + tests#24
JCRPaquin wants to merge 3 commits into
mainfrom
jcrpaquin/feature/access-modality-header

Conversation

@JCRPaquin

Copy link
Copy Markdown
Member

What?

Adds a header, X-Access-Modality, that is forwarded to downstream services.

Why?

Due to changes in publisher agreements, UI & API users can each see different content. This change enables downstream services to adapt their behavior according to the user's modality.

@JCRPaquin JCRPaquin requested a review from tjacovich July 9, 2026 06:03
@coveralls

coveralls commented Jul 9, 2026

Copy link
Copy Markdown

Coverage Report for CI Build 29117823642

Coverage increased (+0.4%) to 65.285%

Details

  • Coverage increased (+0.4%) from the base build.
  • Patch coverage: 15 of 15 lines across 1 file are fully covered (100%).
  • No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.


Coverage Stats

Coverage Status
Relevant Lines: 1809
Covered Lines: 1181
Line Coverage: 65.28%
Coverage Strength: 0.65 hits per line

💛 - Coveralls

@tjacovich tjacovich left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the core layout is there, just a little more tweaking of the business logic and we should be good to go.

Comment thread apigateway/services.py Outdated
if current_user.is_authenticated:
headers.add_header("X-api-uid", current_user.id)

if not current_user.is_anonymous_bootstrap_user:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will have to modify this slightly because almost all API traffic is authenticated and UI users anonymous so this would actually flag most UI traffic as API and vice versa. I think we can piggyback off the load client method to get the client name that should help us separate authenticated API from authenticated UI.

@JCRPaquin JCRPaquin requested a review from tjacovich July 10, 2026 20:34

@tjacovich tjacovich left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be good to test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants