From f55145f65dee2736ca560f1750672d0150c4aba3 Mon Sep 17 00:00:00 2001
From: Dmitriy Lazarev <w@kich.dev>
Date: Wed, 27 Mar 2024 19:33:12 +0400
Subject: [PATCH] Pass Backstage Auth token to `catalog.queryEntities`

Signed-off-by: Dmitriy Lazarev <w@kich.dev>
---
 .changeset/fair-taxis-burn.md                           | 5 +++++
 plugins/graphql-backend-module-catalog/src/resolvers.ts | 8 ++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 .changeset/fair-taxis-burn.md

diff --git a/.changeset/fair-taxis-burn.md b/.changeset/fair-taxis-burn.md
new file mode 100644
index 0000000000..c848672ba5
--- /dev/null
+++ b/.changeset/fair-taxis-burn.md
@@ -0,0 +1,5 @@
+---
+'@frontside/backstage-plugin-graphql-backend-module-catalog': patch
+---
+
+Pass Backstage Auth token to `catalog.queryEntities`
diff --git a/plugins/graphql-backend-module-catalog/src/resolvers.ts b/plugins/graphql-backend-module-catalog/src/resolvers.ts
index a2475fcdea..323fdd36ba 100644
--- a/plugins/graphql-backend-module-catalog/src/resolvers.ts
+++ b/plugins/graphql-backend-module-catalog/src/resolvers.ts
@@ -2,9 +2,11 @@ import _ from 'lodash';
 import { encodeId } from '@frontside/hydraphql';
 import { Resolvers } from 'graphql-modules';
 import { CATALOG_SOURCE } from './constants';
+import { getBearerTokenFromAuthorizationHeader } from '@backstage/plugin-auth-node';
 import { stringifyEntityRef } from '@backstage/catalog-model';
 import { CatalogApi } from '@backstage/catalog-client';
 import { Connection } from 'graphql-relay';
+import type { Request } from 'node-fetch';
 import { encodeEntityId } from './helpers';
 import { getDirective } from '@graphql-tools/utils';
 import {
@@ -377,7 +379,7 @@ export const queryResolvers: () => Resolvers = () => {
           fullTextFilter?: { term: string; fields?: string[] };
         };
       } = {},
-      { catalog }: { catalog: CatalogApi },
+      { catalog, request }: { catalog: CatalogApi, request?: Request },
       { schema }: { schema: GraphQLSchema },
     ): Promise<Connection<{ id: string }>> => {
       if (filter && rawFilter) {
@@ -386,6 +388,8 @@ export const queryResolvers: () => Resolvers = () => {
         );
       }
 
+      const token = getBearerTokenFromAuthorizationHeader(request?.headers.get('authorization'));
+
       if (!fieldMap) {
         fieldMap = traverseFieldDirectives(
           schema.getType('Entity') as GraphQLCompositeType,
@@ -491,7 +495,7 @@ export const queryResolvers: () => Resolvers = () => {
         ],
         cursor,
         limit,
-      });
+      }, { token });
 
       // TODO Reuse field's resolvers https://github.com/thefrontside/HydraphQL/pull/22
       return {