From 3a7b1e43edd4d5fa3527c98b62d99d6b25d0f5ef Mon Sep 17 00:00:00 2001
From: Vitomir Budimir <budimirvitomir@gmail.com>
Date: Wed, 3 Jul 2024 16:31:36 +0200
Subject: [PATCH] fix: get X-SERLO-EDITOR-TESTING header from req context

---
 .../src/internals/server/graphql-middleware.ts      | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/packages/server/src/internals/server/graphql-middleware.ts b/packages/server/src/internals/server/graphql-middleware.ts
index b36ec4f52..e4b766659 100644
--- a/packages/server/src/internals/server/graphql-middleware.ts
+++ b/packages/server/src/internals/server/graphql-middleware.ts
@@ -27,6 +27,14 @@ const SessionDecoder = t.type({
   identity: IdentityDecoder,
 })
 
+const BodyWithSerloEditorTestingHeader = t.type({
+  context: t.type({
+    headers: t.type({
+      'X-SERLO-EDITOR-TESTING': t.string,
+    }),
+  }),
+})
+
 export async function applyGraphQLMiddleware({
   app,
   cache,
@@ -60,8 +68,9 @@ export async function applyGraphQLMiddleware({
     expressMiddleware(server, {
       async context({ req }): Promise<Context> {
         const isSerloEditorTesting =
-          req.headers['X-SERLO-EDITOR-TESTING'] ===
-          process.env.SERVER_SERLO_EDITOR_TESTING_SECRET
+          BodyWithSerloEditorTestingHeader.is(req.body) &&
+          req.body.context.headers['X-SERLO-EDITOR-TESTING'] ===
+            process.env.SERVER_SERLO_EDITOR_TESTING_SECRET
         const googleStorage = new Storage()
         const database = new Database(pool)
         const dataSources = {