Dynamic query to ignore RLS filter when auth is s2s

[vizsatiz]

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Enhanced session management for HMAC-authenticated requests to ensure downstream handlers have consistent access to session information.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 44cc5648-c638-4b5a-adfb-fceaf8949f59

📥 Commits

Reviewing files that changed from the base of the PR and between 8fb1d9b and e97b2ad.

📒 Files selected for processing (1)

• wavefront/server/modules/user_management_module/user_management_module/authorization/require_auth.py

---

📝 Walkthrough

Walkthrough

In RequireAuthMiddleware.dispatch, after a request passes HMAC validation for HMAC-only APIs, request.state.session is now populated with a synthetic UserSession carrying SERVICE_AUTH_ROLE_ID and hard-coded user_id='hmac-service' and session_id='hmac-token'.

Changes

HMAC Session Population

Layer / File(s)	Summary
Synthetic UserSession for HMAC-validated requests wavefront/server/modules/user_management_module/.../authorization/require_auth.py	After successful HMAC validation, request.state.session is set to a UserSession with role_id=SERVICE_AUTH_ROLE_ID, user_id='hmac-service', and session_id='hmac-token', ensuring downstream handlers always find a session on HMAC-authenticated paths.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

A hop through the middleware gate so bright,
HMAC tokens validated right,
A session conjured from thin air,
hmac-service placed with care,
Downstream handlers, never despair! 🐇✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title mentions 'dynamic query' and 'RLS filter' but the actual change populates a session with HMAC service auth credentials for downstream handlers.	Revise the title to accurately reflect that the change adds session population for HMAC-authenticated requests (e.g., 'Populate session on HMAC-authenticated requests').
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/dynamic-query-auth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}