From 90557ed05f8458296d866fd1cb4fad96caa8a905 Mon Sep 17 00:00:00 2001
From: Alex Guerrieri <ag@sequence.xyz>
Date: Thu, 4 Dec 2025 12:01:28 +0100
Subject: [PATCH 1/2] feat: add HeaderSessionType constant and set it in
 Session middleware

---
 common.go     | 3 ++-
 middleware.go | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/common.go b/common.go
index b9c1b47..b3843a6 100644
--- a/common.go
+++ b/common.go
@@ -19,7 +19,8 @@ import (
 )
 
 const (
-	HeaderAccessKey = "X-Access-Key"
+	HeaderAccessKey   = "X-Access-Key"
+	HeaderSessionType = "Session-Type"
 )
 
 type AccessKeyFunc func(*http.Request) string
diff --git a/middleware.go b/middleware.go
index f74da9b..ae01169 100644
--- a/middleware.go
+++ b/middleware.go
@@ -146,9 +146,9 @@ func Session(cfg Options) func(next http.Handler) http.Handler {
 			if _, ok := GetSessionType(ctx); ok {
 				// Track this as a SpecialKey session for now.
 				// TODO: Remove once node-gateway SpecialKey support is gone.
+				w.Header().Set(HeaderSessionType, "SpecialKey")
 				httplog.SetAttrs(ctx, slog.String("sessionType", "SpecialKey"))
 				requestsCounter.Inc(sessionLabels{SessionType: "SpecialKey", RateLimited: "false"})
-
 				next.ServeHTTP(w, r)
 				return
 			}
@@ -260,6 +260,7 @@ func Session(cfg Options) func(next http.Handler) http.Handler {
 			}
 
 			ctx = WithSessionType(ctx, sessionType)
+			w.Header().Set(HeaderSessionType, sessionType.String())
 			httplog.SetAttrs(ctx, slog.String("sessionType", sessionType.String()))
 
 			ww, ok := w.(middleware.WrapResponseWriter)

From c69065b89ebfd6269f056d92070294228598108b Mon Sep 17 00:00:00 2001
From: Alex Guerrieri <ag@sequence.xyz>
Date: Thu, 4 Dec 2025 13:03:00 +0100
Subject: [PATCH 2/2] fix: propagate HTTP request context in UserStore GetUser
 call

---
 middleware.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/middleware.go b/middleware.go
index ae01169..3dcc78e 100644
--- a/middleware.go
+++ b/middleware.go
@@ -185,7 +185,7 @@ func Session(cfg Options) func(next http.Handler) http.Handler {
 				httplog.SetAttrs(ctx, slog.String("account", accountClaim))
 
 				if cfg.UserStore != nil {
-					user, isAdmin, err := cfg.UserStore.GetUser(ctx, accountClaim)
+					user, isAdmin, err := cfg.UserStore.GetUser(context.WithValue(ctx, proto.HTTPRequestCtxKey, r), accountClaim)
 					if err != nil {
 						cfg.ErrHandler(r, w, err)
 						return