Request Inheritance (#209)

2026-04-10 03:03:37 +02:00 · 2025-05-23 08:13:25 -07:00
parent 13d959799a
commit 4cd2e9cd31
41 changed files with 1031 additions and 403 deletions
--- a/src-tauri/migrations/20250516182745_default-attrs.sql
+++ b/src-tauri/migrations/20250516182745_default-attrs.sql
@@ -0,0 +1,15 @@
+-- Auth
+ALTER TABLE workspaces
+    ADD COLUMN authentication TEXT NOT NULL DEFAULT '{}';
+ALTER TABLE folders
+    ADD COLUMN authentication TEXT NOT NULL DEFAULT '{}';
+ALTER TABLE workspaces
+    ADD COLUMN authentication_type TEXT;
+ALTER TABLE folders
+    ADD COLUMN authentication_type TEXT;
+
+-- Headers
+ALTER TABLE workspaces
+    ADD COLUMN headers TEXT NOT NULL DEFAULT '[]';
+ALTER TABLE folders
+    ADD COLUMN headers TEXT NOT NULL DEFAULT '[]';
--- a/src-tauri/src/grpc.rs
+++ b/src-tauri/src/grpc.rs
@@ -5,6 +5,7 @@ use KeyAndValueRef::{Ascii, Binary};
 use tauri::{Manager, Runtime, WebviewWindow};
 use yaak_grpc::{KeyAndValueRef, MetadataMap};
 use yaak_models::models::GrpcRequest;
+use yaak_models::query_manager::QueryManagerExt;
 use yaak_plugins::events::{CallHttpAuthenticationRequest, HttpHeader};
 use yaak_plugins::manager::PluginManager;

@@ -27,7 +28,8 @@ pub(crate) async fn build_metadata<R: Runtime>(
    let mut metadata = BTreeMap::new();

    // Add the rest of metadata
-    for h in request.clone().metadata {
+    let resolved_metadata = window.db().resolve_metadata_for_grpc_request(&request)?;
+    for h in resolved_metadata {
        if h.name.is_empty() && h.value.is_empty() {
            continue;
        }
@@ -39,8 +41,11 @@ pub(crate) async fn build_metadata<R: Runtime>(
        metadata.insert(h.name, h.value);
    }

-    if let Some(auth_name) = request.authentication_type.clone() {
-        let auth = request.authentication.clone();
+    let (authentication_type, authentication) =
+        window.db().resolve_auth_for_grpc_request(&request)?;
+
+    if let Some(auth_name) = authentication_type.clone() {
+        let auth = authentication.clone();
        let plugin_req = CallHttpAuthenticationRequest {
            context_id: format!("{:x}", md5::compute(request.id.clone())),
            values: serde_json::from_value(serde_json::to_value(&auth).unwrap()).unwrap(),
--- a/src-tauri/src/http_request.rs
+++ b/src-tauri/src/http_request.rs
@@ -84,7 +84,7 @@ pub async fn send_http_request<R: Runtime>(
        }
    };

-    let mut url_string = request.url;
+    let mut url_string = request.url.clone();

    url_string = ensure_proto(&url_string);
    if !url_string.starts_with("http://") && !url_string.starts_with("https://") {
@@ -227,7 +227,9 @@ pub async fn send_http_request<R: Runtime>(
    //     );
    // }

-    for h in request.headers.clone() {
+    let resolved_headers = window.db().resolve_headers_for_http_request(&request)?;
+
+    for h in resolved_headers {
        if h.name.is_empty() && h.value.is_empty() {
            continue;
        }
@@ -255,7 +257,7 @@ pub async fn send_http_request<R: Runtime>(
    }

    let request_body = request.body.clone();
-    if let Some(body_type) = &request.body_type {
+    if let Some(body_type) = &request.body_type.clone() {
        if body_type == "graphql" {
            let query = get_str_h(&request_body, "query");
            let variables = get_str_h(&request_body, "variables");
@@ -376,7 +378,7 @@ pub async fn send_http_request<R: Runtime>(
                                };
                            }

-                            // Set file path if it is not empty
+                            // Set a file path if it is not empty
                            if !file_path.is_empty() {
                                let filename = PathBuf::from(file_path)
                                    .file_name()
@@ -426,43 +428,53 @@ pub async fn send_http_request<R: Runtime>(
        }
    };

-    // Apply authentication
+    let (authentication_type, authentication) =
+        window.db().resolve_auth_for_http_request(&request)?;

-    if let Some(auth_name) = request.authentication_type.to_owned() {
-        let req = CallHttpAuthenticationRequest {
-            context_id: format!("{:x}", md5::compute(request.id)),
-            values: serde_json::from_value(serde_json::to_value(&request.authentication).unwrap())
-                .unwrap(),
-            url: sendable_req.url().to_string(),
-            method: sendable_req.method().to_string(),
-            headers: sendable_req
-                .headers()
-                .iter()
-                .map(|(name, value)| HttpHeader {
-                    name: name.to_string(),
-                    value: value.to_str().unwrap_or_default().to_string(),
-                })
-                .collect(),
-        };
-        let auth_result = plugin_manager.call_http_authentication(&window, &auth_name, req).await;
-        let plugin_result = match auth_result {
-            Ok(r) => r,
-            Err(e) => {
-                return Ok(response_err(
-                    &app_handle,
-                    &*response.lock().await,
-                    e.to_string(),
-                    &update_source,
-                ));
+    match authentication_type {
+        None => {
+            // No authentication found. Not even inherited
+        }
+        Some(authentication_type) if authentication_type == "none" => {
+            // Explicitly no authentication
+        }
+        Some(authentication_type) => {
+            let req = CallHttpAuthenticationRequest {
+                context_id: format!("{:x}", md5::compute(request.id)),
+                values: serde_json::from_value(serde_json::to_value(&authentication).unwrap())
+                    .unwrap(),
+                url: sendable_req.url().to_string(),
+                method: sendable_req.method().to_string(),
+                headers: sendable_req
+                    .headers()
+                    .iter()
+                    .map(|(name, value)| HttpHeader {
+                        name: name.to_string(),
+                        value: value.to_str().unwrap_or_default().to_string(),
+                    })
+                    .collect(),
+            };
+            let auth_result =
+                plugin_manager.call_http_authentication(&window, &authentication_type, req).await;
+            let plugin_result = match auth_result {
+                Ok(r) => r,
+                Err(e) => {
+                    return Ok(response_err(
+                        &app_handle,
+                        &*response.lock().await,
+                        e.to_string(),
+                        &update_source,
+                    ));
+                }
+            };
+
+            let headers = sendable_req.headers_mut();
+            for header in plugin_result.set_headers {
+                headers.insert(
+                    HeaderName::from_str(&header.name).unwrap(),
+                    HeaderValue::from_str(&header.value).unwrap(),
+                );
            }
-        };
-
-        let headers = sendable_req.headers_mut();
-        for header in plugin_result.set_headers {
-            headers.insert(
-                HeaderName::from_str(&header.name).unwrap(),
-                HeaderValue::from_str(&header.value).unwrap(),
-            );
        }
    }

--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -917,10 +917,10 @@ async fn cmd_call_http_authentication_action<R: Runtime>(
    auth_name: &str,
    action_index: i32,
    values: HashMap<String, JsonPrimitive>,
-    request_id: &str,
+    model_id: &str,
 ) -> YaakResult<()> {
    Ok(plugin_manager
-        .call_http_authentication_action(&window, auth_name, action_index, values, request_id)
+        .call_http_authentication_action(&window, auth_name, action_index, values, model_id)
        .await?)
 }

--- a/src-tauri/src/render.rs
+++ b/src-tauri/src/render.rs
@@ -2,7 +2,7 @@ use serde_json::Value;
 use std::collections::{BTreeMap, HashMap};
 use yaak_http::apply_path_placeholders;
 use yaak_models::models::{
-    Environment, GrpcMetadataEntry, GrpcRequest, HttpRequest, HttpRequestHeader, HttpUrlParameter,
+    Environment, GrpcRequest, HttpRequest, HttpRequestHeader, HttpUrlParameter,
 };
 use yaak_models::render::make_vars_hashmap;
 use yaak_templates::{parse_and_render, render_json_value_raw, TemplateCallback};
@@ -37,7 +37,7 @@ pub async fn render_grpc_request<T: TemplateCallback>(

    let mut metadata = Vec::new();
    for p in r.metadata.clone() {
-        metadata.push(GrpcMetadataEntry {
+        metadata.push(HttpRequestHeader {
            enabled: p.enabled,
            name: render(p.name.as_str(), vars, cb).await?,
            value: render(p.value.as_str(), vars, cb).await?,
--- a/src-tauri/vendored/plugins/auth-oauth2/build/index.js
+++ b/src-tauri/vendored/plugins/auth-oauth2/build/index.js
@@ -32,6 +32,7 @@ var import_node_fs = require("node:fs");
 async function getAccessToken(ctx, {
  accessTokenUrl,
  scope,
+  audience,
  params,
  grantType,
  credentialsInBody,
@@ -56,6 +57,7 @@ async function getAccessToken(ctx, {
    ]
  };
  if (scope) httpRequest.body.form.push({ name: "scope", value: scope });
+  if (scope) httpRequest.body.form.push({ name: "audience", value: audience });
  if (credentialsInBody) {
    httpRequest.body.form.push({ name: "client_id", value: clientId });
    httpRequest.body.form.push({ name: "client_secret", value: clientSecret });
@@ -64,10 +66,10 @@ async function getAccessToken(ctx, {
    httpRequest.headers.push({ name: "Authorization", value });
  }
  const resp = await ctx.httpRequest.send({ httpRequest });
+  const body = resp.bodyPath ? (0, import_node_fs.readFileSync)(resp.bodyPath, "utf8") : "";
  if (resp.status < 200 || resp.status >= 300) {
-    throw new Error("Failed to fetch access token with status=" + resp.status);
+    throw new Error("Failed to fetch access token with status=" + resp.status + " and body=" + body);
  }
-  const body = (0, import_node_fs.readFileSync)(resp.bodyPath ?? "", "utf8");
  let response;
  try {
    response = JSON.parse(body);
@@ -168,10 +170,10 @@ async function getOrRefreshAccessToken(ctx, contextId, {
    await deleteToken(ctx, contextId);
    return null;
  }
+  const body = resp.bodyPath ? (0, import_node_fs2.readFileSync)(resp.bodyPath, "utf8") : "";
  if (resp.status < 200 || resp.status >= 300) {
-    throw new Error("Failed to fetch access token with status=" + resp.status);
+    throw new Error("Failed to refresh access token with status=" + resp.status + " and body=" + body);
  }
-  const body = (0, import_node_fs2.readFileSync)(resp.bodyPath ?? "", "utf8");
  let response;
  try {
    response = JSON.parse(body);
@@ -201,6 +203,7 @@ async function getAuthorizationCode(ctx, contextId, {
  redirectUri,
  scope,
  state,
+  audience,
  credentialsInBody,
  pkce
 }) {
@@ -220,6 +223,7 @@ async function getAuthorizationCode(ctx, contextId, {
  if (redirectUri) authorizationUrl.searchParams.set("redirect_uri", redirectUri);
  if (scope) authorizationUrl.searchParams.set("scope", scope);
  if (state) authorizationUrl.searchParams.set("state", state);
+  if (audience) authorizationUrl.searchParams.set("audience", audience);
  if (pkce) {
    const verifier = pkce.codeVerifier || createPkceCodeVerifier();
    const challengeMethod = pkce.challengeMethod || DEFAULT_PKCE_METHOD;
@@ -256,6 +260,7 @@ async function getAuthorizationCode(ctx, contextId, {
          clientId,
          clientSecret,
          scope,
+          audience,
          credentialsInBody,
          params: [
            { name: "code", value: code },
@@ -291,6 +296,7 @@ async function getClientCredentials(ctx, contextId, {
  clientId,
  clientSecret,
  scope,
+  audience,
  credentialsInBody
 }) {
  const token = await getToken(ctx, contextId);
@@ -299,6 +305,7 @@ async function getClientCredentials(ctx, contextId, {
  const response = await getAccessToken(ctx, {
    grantType: "client_credentials",
    accessTokenUrl,
+    audience,
    clientId,
    clientSecret,
    scope,
@@ -315,7 +322,8 @@ function getImplicit(ctx, contextId, {
  clientId,
  redirectUri,
  scope,
-  state
+  state,
+  audience
 }) {
  return new Promise(async (resolve, reject) => {
    const token = await getToken(ctx, contextId);
@@ -327,6 +335,7 @@ function getImplicit(ctx, contextId, {
    if (redirectUri) authorizationUrl.searchParams.set("redirect_uri", redirectUri);
    if (scope) authorizationUrl.searchParams.set("scope", scope);
    if (state) authorizationUrl.searchParams.set("state", state);
+    if (audience) authorizationUrl.searchParams.set("audience", audience);
    if (responseType.includes("id_token")) {
      authorizationUrl.searchParams.set("nonce", String(Math.floor(Math.random() * 9999999999999) + 1));
    }
@@ -366,6 +375,7 @@ async function getPassword(ctx, contextId, {
  username,
  password,
  credentialsInBody,
+  audience,
  scope
 }) {
  const token = await getOrRefreshAccessToken(ctx, contextId, {
@@ -383,6 +393,7 @@ async function getPassword(ctx, contextId, {
    clientId,
    clientSecret,
    scope,
+    audience,
    grantType: "password",
    credentialsInBody,
    params: [
@@ -530,6 +541,12 @@ var plugin = {
        optional: true,
        dynamic: hiddenIfNot(["authorization_code", "implicit"])
      },
+      {
+        type: "text",
+        name: "audience",
+        label: "Audience",
+        optional: true
+      },
      {
        type: "checkbox",
        name: "usePkce",
@@ -635,6 +652,7 @@ var plugin = {
          clientSecret: stringArg(values, "clientSecret"),
          redirectUri: stringArgOrNull(values, "redirectUri"),
          scope: stringArgOrNull(values, "scope"),
+          audience: stringArgOrNull(values, "audience"),
          state: stringArgOrNull(values, "state"),
          credentialsInBody,
          pkce: values.usePkce ? {
@@ -650,6 +668,7 @@ var plugin = {
          redirectUri: stringArgOrNull(values, "redirectUri"),
          responseType: stringArg(values, "responseType"),
          scope: stringArgOrNull(values, "scope"),
+          audience: stringArgOrNull(values, "audience"),
          state: stringArgOrNull(values, "state")
        });
      } else if (grantType === "client_credentials") {
@@ -659,6 +678,7 @@ var plugin = {
          clientId: stringArg(values, "clientId"),
          clientSecret: stringArg(values, "clientSecret"),
          scope: stringArgOrNull(values, "scope"),
+          audience: stringArgOrNull(values, "audience"),
          credentialsInBody
        });
      } else if (grantType === "password") {
@@ -670,6 +690,7 @@ var plugin = {
          username: stringArg(values, "username"),
          password: stringArg(values, "password"),
          scope: stringArgOrNull(values, "scope"),
+          audience: stringArgOrNull(values, "audience"),
          credentialsInBody
        });
      } else {
--- a/src-tauri/vendored/plugins/importer-curl/build/index.js
+++ b/src-tauri/vendored/plugins/importer-curl/build/index.js
@@ -542,20 +542,23 @@ function pairsToDataParameters(keyedPairs) {
    }
    for (const p of pairs) {
      if (typeof p !== "string") continue;
-      const [name, value] = p.split("=");
-      if (p.startsWith("@")) {
-        dataParameters.push({
-          name: name ?? "",
-          value: "",
-          filePath: p.slice(1),
-          enabled: true
-        });
-      } else {
-        dataParameters.push({
-          name: name ?? "",
-          value: flagName === "data-urlencode" ? encodeURIComponent(value ?? "") : value ?? "",
-          enabled: true
-        });
+      let params = p.split("&");
+      for (const param of params) {
+        const [name, value] = param.split("=");
+        if (param.startsWith("@")) {
+          dataParameters.push({
+            name: name ?? "",
+            value: "",
+            filePath: param.slice(1),
+            enabled: true
+          });
+        } else {
+          dataParameters.push({
+            name: name ?? "",
+            value: flagName === "data-urlencode" ? encodeURIComponent(value ?? "") : value ?? "",
+            enabled: true
+          });
+        }
      }
    }
  }
--- a/src-tauri/yaak-git/bindings/gen_models.ts
+++ b/src-tauri/yaak-git/bindings/gen_models.ts
@@ -4,11 +4,9 @@ export type Environment = { model: "environment", id: string, workspaceId: strin

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };

-export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, name: string, description: string, sortPriority: number, };
+export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, sortPriority: number, };

-export type GrpcMetadataEntry = { enabled?: boolean, name: string, value: string, id?: string, };
-
-export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<GrpcMetadataEntry>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };
+export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<HttpRequestHeader>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };

 export type HttpRequest = { model: "http_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, body: Record<string, any>, bodyType: string | null, description: string, headers: Array<HttpRequestHeader>, method: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

@@ -20,4 +18,4 @@ export type SyncModel = { "type": "workspace" } & Workspace | { "type": "environ

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, name: string, description: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
--- a/src-tauri/yaak-models/bindings/gen_models.ts
+++ b/src-tauri/yaak-models/bindings/gen_models.ts
@@ -18,7 +18,7 @@ export type Environment = { model: "environment", id: string, workspaceId: strin

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };

-export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, name: string, description: string, sortPriority: number, };
+export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, sortPriority: number, };

 export type GrpcConnection = { model: "grpc_connection", id: string, createdAt: string, updatedAt: string, workspaceId: string, requestId: string, elapsed: number, error: string | null, method: string, service: string, status: number, state: GrpcConnectionState, trailers: { [key in string]?: string }, url: string, };

@@ -28,9 +28,7 @@ export type GrpcEvent = { model: "grpc_event", id: string, createdAt: string, up

 export type GrpcEventType = "info" | "error" | "client_message" | "server_message" | "connection_start" | "connection_end";

-export type GrpcMetadataEntry = { enabled?: boolean, name: string, value: string, id?: string, };
-
-export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<GrpcMetadataEntry>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };
+export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<HttpRequestHeader>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };

 export type HttpRequest = { model: "http_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, body: Record<string, any>, bodyType: string | null, description: string, headers: Array<HttpRequestHeader>, method: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

@@ -50,6 +48,10 @@ export type ModelChangeEvent = { "type": "upsert" } | { "type": "delete" };

 export type ModelPayload = { model: AnyModel, updateSource: UpdateSource, change: ModelChangeEvent, };

+export type ParentAuthentication = { authentication: Record<string, any>, authenticationType: string | null, };
+
+export type ParentHeaders = { headers: Array<HttpRequestHeader>, };
+
 export type Plugin = { model: "plugin", id: string, createdAt: string, updatedAt: string, checkedAt: string | null, directory: string, enabled: boolean, url: string | null, };

 export type PluginKeyValue = { model: "plugin_key_value", createdAt: string, updatedAt: string, pluginName: string, key: string, value: string, };
@@ -76,6 +78,6 @@ export type WebsocketMessageType = "text" | "binary";

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, name: string, description: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };

 export type WorkspaceMeta = { model: "workspace_meta", id: string, workspaceId: string, createdAt: string, updatedAt: string, encryptionKey: EncryptedKey | null, settingSyncDir: string | null, };
--- a/src-tauri/yaak-models/src/models.rs
+++ b/src-tauri/yaak-models/src/models.rs
@@ -219,8 +219,13 @@ pub struct Workspace {
    pub id: String,
    pub created_at: NaiveDateTime,
    pub updated_at: NaiveDateTime,
-    pub name: String,
+
+    #[ts(type = "Record<string, any>")]
+    pub authentication: BTreeMap<String, Value>,
+    pub authentication_type: Option<String>,
    pub description: String,
+    pub headers: Vec<HttpRequestHeader>,
+    pub name: String,
    pub encryption_key_challenge: Option<String>,

    // Settings
@@ -261,6 +266,9 @@ impl UpsertModelInfo for Workspace {
            (CreatedAt, upsert_date(source, self.created_at)),
            (UpdatedAt, upsert_date(source, self.updated_at)),
            (Name, self.name.trim().into()),
+            (Authentication, serde_json::to_string(&self.authentication)?.into()),
+            (AuthenticationType, self.authentication_type.into()),
+            (Headers, serde_json::to_string(&self.headers)?.into()),
            (Description, self.description.into()),
            (EncryptionKeyChallenge, self.encryption_key_challenge.into()),
            (SettingFollowRedirects, self.setting_follow_redirects.into()),
@@ -273,6 +281,9 @@ impl UpsertModelInfo for Workspace {
        vec![
            WorkspaceIden::UpdatedAt,
            WorkspaceIden::Name,
+            WorkspaceIden::Authentication,
+            WorkspaceIden::AuthenticationType,
+            WorkspaceIden::Headers,
            WorkspaceIden::Description,
            WorkspaceIden::EncryptionKeyChallenge,
            WorkspaceIden::SettingRequestTimeout,
@@ -286,6 +297,8 @@ impl UpsertModelInfo for Workspace {
    where
        Self: Sized,
    {
+        let headers: String = row.get("headers")?;
+        let authentication: String = row.get("authentication")?;
        Ok(Self {
            id: row.get("id")?,
            model: row.get("model")?,
@@ -294,6 +307,9 @@ impl UpsertModelInfo for Workspace {
            name: row.get("name")?,
            description: row.get("description")?,
            encryption_key_challenge: row.get("encryption_key_challenge")?,
+            headers: serde_json::from_str(&headers).unwrap_or_default(),
+            authentication: serde_json::from_str(&authentication).unwrap_or_default(),
+            authentication_type: row.get("authentication_type")?,
            setting_follow_redirects: row.get("setting_follow_redirects")?,
            setting_request_timeout: row.get("setting_request_timeout")?,
            setting_validate_certificates: row.get("setting_validate_certificates")?,
@@ -581,6 +597,22 @@ pub struct EnvironmentVariable {
    pub id: Option<String>,
 }

+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[serde(default, rename_all = "camelCase")]
+#[ts(export, export_to = "gen_models.ts")]
+pub struct ParentAuthentication {
+    #[ts(type = "Record<string, any>")]
+    pub authentication: BTreeMap<String, Value>,
+    pub authentication_type: Option<String>,
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
+#[serde(default, rename_all = "camelCase")]
+#[ts(export, export_to = "gen_models.ts")]
+pub struct ParentHeaders {
+    pub headers: Vec<HttpRequestHeader>,
+}
+
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
@@ -594,8 +626,12 @@ pub struct Folder {
    pub workspace_id: String,
    pub folder_id: Option<String>,

-    pub name: String,
+    #[ts(type = "Record<string, any>")]
+    pub authentication: BTreeMap<String, Value>,
+    pub authentication_type: Option<String>,
    pub description: String,
+    pub headers: Vec<HttpRequestHeader>,
+    pub name: String,
    pub sort_priority: f32,
 }

@@ -630,8 +666,11 @@ impl UpsertModelInfo for Folder {
            (UpdatedAt, upsert_date(source, self.updated_at)),
            (WorkspaceId, self.workspace_id.into()),
            (FolderId, self.folder_id.into()),
-            (Name, self.name.trim().into()),
+            (Authentication, serde_json::to_string(&self.authentication)?.into()),
+            (AuthenticationType, self.authentication_type.into()),
+            (Headers, serde_json::to_string(&self.headers)?.into()),
            (Description, self.description.into()),
+            (Name, self.name.trim().into()),
            (SortPriority, self.sort_priority.into()),
        ])
    }
@@ -640,6 +679,9 @@ impl UpsertModelInfo for Folder {
        vec![
            FolderIden::UpdatedAt,
            FolderIden::Name,
+            FolderIden::Authentication,
+            FolderIden::AuthenticationType,
+            FolderIden::Headers,
            FolderIden::Description,
            FolderIden::FolderId,
            FolderIden::SortPriority,
@@ -650,6 +692,8 @@ impl UpsertModelInfo for Folder {
    where
        Self: Sized,
    {
+        let headers: String = row.get("headers")?;
+        let authentication: String = row.get("authentication")?;
        Ok(Self {
            id: row.get("id")?,
            model: row.get("model")?,
@@ -660,6 +704,9 @@ impl UpsertModelInfo for Folder {
            folder_id: row.get("folder_id")?,
            name: row.get("name")?,
            description: row.get("description")?,
+            headers: serde_json::from_str(&headers).unwrap_or_default(),
+            authentication_type: row.get("authentication_type")?,
+            authentication: serde_json::from_str(&authentication).unwrap_or_default(),
        })
    }
 }
@@ -782,28 +829,28 @@ impl UpsertModelInfo for HttpRequest {
        ]
    }

-    fn from_row(r: &Row) -> rusqlite::Result<Self> {
-        let url_parameters: String = r.get("url_parameters")?;
-        let body: String = r.get("body")?;
-        let authentication: String = r.get("authentication")?;
-        let headers: String = r.get("headers")?;
+    fn from_row(row: &Row) -> rusqlite::Result<Self> {
+        let url_parameters: String = row.get("url_parameters")?;
+        let body: String = row.get("body")?;
+        let authentication: String = row.get("authentication")?;
+        let headers: String = row.get("headers")?;
        Ok(Self {
-            id: r.get("id")?,
-            model: r.get("model")?,
-            workspace_id: r.get("workspace_id")?,
-            created_at: r.get("created_at")?,
-            updated_at: r.get("updated_at")?,
+            id: row.get("id")?,
+            model: row.get("model")?,
+            workspace_id: row.get("workspace_id")?,
+            created_at: row.get("created_at")?,
+            updated_at: row.get("updated_at")?,
            authentication: serde_json::from_str(authentication.as_str()).unwrap_or_default(),
-            authentication_type: r.get("authentication_type")?,
+            authentication_type: row.get("authentication_type")?,
            body: serde_json::from_str(body.as_str()).unwrap_or_default(),
-            body_type: r.get("body_type")?,
-            description: r.get("description")?,
-            folder_id: r.get("folder_id")?,
+            body_type: row.get("body_type")?,
+            description: row.get("description")?,
+            folder_id: row.get("folder_id")?,
            headers: serde_json::from_str(headers.as_str()).unwrap_or_default(),
-            method: r.get("method")?,
-            name: r.get("name")?,
-            sort_priority: r.get("sort_priority")?,
-            url: r.get("url")?,
+            method: row.get("method")?,
+            name: row.get("name")?,
+            sort_priority: row.get("sort_priority")?,
+            url: row.get("url")?,
            url_parameters: serde_json::from_str(url_parameters.as_str()).unwrap_or_default(),
        })
    }
@@ -992,7 +1039,7 @@ impl UpsertModelInfo for WebsocketRequest {
            (WorkspaceId, self.workspace_id.into()),
            (FolderId, self.folder_id.as_ref().map(|s| s.as_str()).into()),
            (Authentication, serde_json::to_string(&self.authentication)?.into()),
-            (AuthenticationType, self.authentication_type.as_ref().map(|s| s.as_str()).into()),
+            (AuthenticationType, self.authentication_type.into()),
            (Description, self.description.into()),
            (Headers, serde_json::to_string(&self.headers)?.into()),
            (Message, self.message.into()),
@@ -1295,19 +1342,6 @@ impl UpsertModelInfo for HttpResponse {
    }
 }

-#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
-#[serde(default, rename_all = "camelCase")]
-#[ts(export, export_to = "gen_models.ts")]
-pub struct GrpcMetadataEntry {
-    #[serde(default = "default_true")]
-    #[ts(optional, as = "Option<bool>")]
-    pub enabled: bool,
-    pub name: String,
-    pub value: String,
-    #[ts(optional, as = "Option<String>")]
-    pub id: Option<String>,
-}
-
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default, TS)]
 #[serde(default, rename_all = "camelCase")]
 #[ts(export, export_to = "gen_models.ts")]
@@ -1326,7 +1360,7 @@ pub struct GrpcRequest {
    pub authentication: BTreeMap<String, Value>,
    pub description: String,
    pub message: String,
-    pub metadata: Vec<GrpcMetadataEntry>,
+    pub metadata: Vec<HttpRequestHeader>,
    pub method: Option<String>,
    pub name: String,
    pub service: Option<String>,
--- a/src-tauri/yaak-models/src/queries/folders.rs
+++ b/src-tauri/yaak-models/src/queries/folders.rs
@@ -2,10 +2,12 @@ use crate::connection_or_tx::ConnectionOrTx;
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{
-    Folder, FolderIden, GrpcRequest, GrpcRequestIden, HttpRequest, HttpRequestIden,
-    WebsocketRequest, WebsocketRequestIden,
+    Folder, FolderIden, GrpcRequest, GrpcRequestIden, HttpRequest, HttpRequestHeader,
+    HttpRequestIden, WebsocketRequest, WebsocketRequestIden,
 };
 use crate::util::UpdateSource;
+use serde_json::Value;
+use std::collections::BTreeMap;

 impl<'a> DbContext<'a> {
    pub fn get_folder(&self, id: &str) -> Result<Folder> {
@@ -110,4 +112,40 @@ impl<'a> DbContext<'a> {

        Ok(new_folder)
    }
+
+    pub fn resolve_auth_for_folder(
+        &self,
+        folder: Folder,
+    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+        if let Some(at) = folder.authentication_type {
+            return Ok((Some(at), folder.authentication));
+        }
+
+        if let Some(folder_id) = folder.folder_id {
+            let folder = self.get_folder(&folder_id)?;
+            return self.resolve_auth_for_folder(folder);
+        }
+
+        let workspace = self.get_workspace(&folder.workspace_id)?;
+        Ok(self.resolve_auth_for_workspace(&workspace))
+    }
+
+    pub fn resolve_headers_for_folder(&self, folder: &Folder) -> Result<Vec<HttpRequestHeader>> {
+        let mut headers = Vec::new();
+
+        if let Some(folder_id) = folder.folder_id.clone() {
+            let parent_folder = self.get_folder(&folder_id)?;
+            let mut folder_headers = self.resolve_headers_for_folder(&parent_folder)?;
+            // NOTE: Add parent headers first, so overrides are logical
+            headers.append(&mut folder_headers);
+        } else {
+            let workspace = self.get_workspace(&folder.workspace_id)?;
+            let mut workspace_headers = self.resolve_headers_for_workspace(&workspace);
+            headers.append(&mut workspace_headers);
+        }
+
+        headers.append(&mut folder.headers.clone());
+
+        Ok(headers)
+    }
 }
--- a/src-tauri/yaak-models/src/queries/grpc_requests.rs
+++ b/src-tauri/yaak-models/src/queries/grpc_requests.rs
@@ -1,7 +1,9 @@
 use crate::db_context::DbContext;
 use crate::error::Result;
-use crate::models::{GrpcRequest, GrpcRequestIden};
+use crate::models::{GrpcRequest, GrpcRequestIden, HttpRequestHeader};
 use crate::util::UpdateSource;
+use serde_json::Value;
+use std::collections::BTreeMap;

 impl<'a> DbContext<'a> {
    pub fn get_grpc_request(&self, id: &str) -> Result<GrpcRequest> {
@@ -48,4 +50,43 @@ impl<'a> DbContext<'a> {
    ) -> Result<GrpcRequest> {
        self.upsert(grpc_request, source)
    }
+
+    pub fn resolve_auth_for_grpc_request(
+        &self,
+        grpc_request: &GrpcRequest,
+    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+        if let Some(at) = grpc_request.authentication_type.clone() {
+            return Ok((Some(at), grpc_request.authentication.clone()));
+        }
+
+        if let Some(folder_id) = grpc_request.folder_id.clone() {
+            let folder = self.get_folder(&folder_id)?;
+            return self.resolve_auth_for_folder(folder);
+        }
+
+        let workspace = self.get_workspace(&grpc_request.workspace_id)?;
+        Ok(self.resolve_auth_for_workspace(&workspace))
+    }
+
+    pub fn resolve_metadata_for_grpc_request(
+        &self,
+        grpc_request: &GrpcRequest,
+    ) -> Result<Vec<HttpRequestHeader>> {
+        // Resolved headers should be from furthest to closest ancestor, to override logically.
+        let mut metadata = Vec::new();
+
+        if let Some(folder_id) = grpc_request.folder_id.clone() {
+            let parent_folder = self.get_folder(&folder_id)?;
+            let mut folder_headers = self.resolve_headers_for_folder(&parent_folder)?;
+            metadata.append(&mut folder_headers);
+        } else {
+            let workspace = self.get_workspace(&grpc_request.workspace_id)?;
+            let mut workspace_metadata = self.resolve_headers_for_workspace(&workspace);
+            metadata.append(&mut workspace_metadata);
+        }
+
+        metadata.append(&mut grpc_request.metadata.clone());
+
+        Ok(metadata)
+    }
 }
--- a/src-tauri/yaak-models/src/queries/http_requests.rs
+++ b/src-tauri/yaak-models/src/queries/http_requests.rs
@@ -1,7 +1,9 @@
 use crate::db_context::DbContext;
 use crate::error::Result;
-use crate::models::{HttpRequest, HttpRequestIden};
+use crate::models::{HttpRequest, HttpRequestHeader, HttpRequestIden};
 use crate::util::UpdateSource;
+use serde_json::Value;
+use std::collections::BTreeMap;

 impl<'a> DbContext<'a> {
    pub fn get_http_request(&self, id: &str) -> Result<HttpRequest> {
@@ -48,4 +50,43 @@ impl<'a> DbContext<'a> {
    ) -> Result<HttpRequest> {
        self.upsert(http_request, source)
    }
+
+    pub fn resolve_auth_for_http_request(
+        &self,
+        http_request: &HttpRequest,
+    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+        if let Some(at) = http_request.authentication_type.clone() {
+            return Ok((Some(at), http_request.authentication.clone()));
+        }
+
+        if let Some(folder_id) = http_request.folder_id.clone() {
+            let folder = self.get_folder(&folder_id)?;
+            return self.resolve_auth_for_folder(folder);
+        }
+
+        let workspace = self.get_workspace(&http_request.workspace_id)?;
+        Ok(self.resolve_auth_for_workspace(&workspace))
+    }
+
+    pub fn resolve_headers_for_http_request(
+        &self,
+        http_request: &HttpRequest,
+    ) -> Result<Vec<HttpRequestHeader>> {
+        // Resolved headers should be from furthest to closest ancestor, to override logically.
+        let mut headers = Vec::new();
+
+        if let Some(folder_id) = http_request.folder_id.clone() {
+            let parent_folder = self.get_folder(&folder_id)?;
+            let mut folder_headers = self.resolve_headers_for_folder(&parent_folder)?;
+            headers.append(&mut folder_headers);
+        } else {
+            let workspace = self.get_workspace(&http_request.workspace_id)?;
+            let mut workspace_headers = self.resolve_headers_for_workspace(&workspace);
+            headers.append(&mut workspace_headers);
+        }
+
+        headers.append(&mut http_request.headers.clone());
+
+        Ok(headers)
+    }
 }
--- a/src-tauri/yaak-models/src/queries/websocket_requests.rs
+++ b/src-tauri/yaak-models/src/queries/websocket_requests.rs
@@ -1,7 +1,9 @@
 use crate::db_context::DbContext;
 use crate::error::Result;
-use crate::models::{WebsocketRequest, WebsocketRequestIden};
+use crate::models::{HttpRequestHeader, WebsocketRequest, WebsocketRequestIden};
 use crate::util::UpdateSource;
+use serde_json::Value;
+use std::collections::BTreeMap;

 impl<'a> DbContext<'a> {
    pub fn get_websocket_request(&self, id: &str) -> Result<WebsocketRequest> {
@@ -48,4 +50,47 @@ impl<'a> DbContext<'a> {
    ) -> Result<WebsocketRequest> {
        self.upsert(websocket_request, source)
    }
+
+    pub fn resolve_auth_for_websocket_request(
+        &self,
+        websocket_request: &WebsocketRequest,
+    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+        if let Some(at) = websocket_request.authentication_type.clone() {
+            return Ok((Some(at), websocket_request.authentication.clone()));
+        }
+
+        if let Some(folder_id) = websocket_request.folder_id.clone() {
+            let folder = self.get_folder(&folder_id)?;
+            return self.resolve_auth_for_folder(folder);
+        }
+
+        let workspace = self.get_workspace(&websocket_request.workspace_id)?;
+        Ok(self.resolve_auth_for_workspace(&workspace))
+    }
+
+    pub fn resolve_headers_for_websocket_request(
+        &self,
+        websocket_request: &WebsocketRequest,
+    ) -> Result<Vec<HttpRequestHeader>> {
+        let workspace = self.get_workspace(&websocket_request.workspace_id)?;
+
+        // Resolved headers should be from furthest to closest ancestor, to override logically.
+        let mut headers = Vec::new();
+
+        headers.append(&mut workspace.headers.clone());
+
+        if let Some(folder_id) = websocket_request.folder_id.clone() {
+            let parent_folder = self.get_folder(&folder_id)?;
+            let mut folder_headers = self.resolve_headers_for_folder(&parent_folder)?;
+            headers.append(&mut folder_headers);
+        } else {
+            let workspace = self.get_workspace(&websocket_request.workspace_id)?;
+            let mut workspace_headers = self.resolve_headers_for_workspace(&workspace);
+            headers.append(&mut workspace_headers);
+        }
+
+        headers.append(&mut websocket_request.headers.clone());
+
+        Ok(headers)
+    }
 }
--- a/src-tauri/yaak-models/src/queries/workspaces.rs
+++ b/src-tauri/yaak-models/src/queries/workspaces.rs
@@ -1,10 +1,12 @@
 use crate::db_context::DbContext;
 use crate::error::Result;
 use crate::models::{
-    EnvironmentIden, FolderIden, GrpcRequestIden, HttpRequestIden, WebsocketRequestIden, Workspace,
-    WorkspaceIden,
+    EnvironmentIden, FolderIden, GrpcRequestIden, HttpRequestHeader, HttpRequestIden,
+    WebsocketRequestIden, Workspace, WorkspaceIden,
 };
 use crate::util::UpdateSource;
+use serde_json::Value;
+use std::collections::BTreeMap;

 impl<'a> DbContext<'a> {
    pub fn get_workspace(&self, id: &str) -> Result<Workspace> {
@@ -65,4 +67,15 @@ impl<'a> DbContext<'a> {
    pub fn upsert_workspace(&self, w: &Workspace, source: &UpdateSource) -> Result<Workspace> {
        self.upsert(w, source)
    }
+
+    pub fn resolve_auth_for_workspace(
+        &self,
+        workspace: &Workspace,
+    ) -> (Option<String>, BTreeMap<String, Value>) {
+        (workspace.authentication_type.clone(), workspace.authentication.clone())
+    }
+
+    pub fn resolve_headers_for_workspace(&self, workspace: &Workspace) -> Vec<HttpRequestHeader> {
+        workspace.headers.clone()
+    }
 }
--- a/src-tauri/yaak-plugins/bindings/gen_models.ts
+++ b/src-tauri/yaak-plugins/bindings/gen_models.ts
@@ -4,11 +4,9 @@ export type Environment = { model: "environment", id: string, workspaceId: strin

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };

-export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, name: string, description: string, sortPriority: number, };
+export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, sortPriority: number, };

-export type GrpcMetadataEntry = { enabled?: boolean, name: string, value: string, id?: string, };
-
-export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<GrpcMetadataEntry>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };
+export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<HttpRequestHeader>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };

 export type HttpRequest = { model: "http_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, body: Record<string, any>, bodyType: string | null, description: string, headers: Array<HttpRequestHeader>, method: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

@@ -24,4 +22,4 @@ export type HttpUrlParameter = { enabled?: boolean, name: string, value: string,

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, name: string, description: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
--- a/src-tauri/yaak-plugins/src/manager.rs
+++ b/src-tauri/yaak-plugins/src/manager.rs
@@ -537,7 +537,7 @@ impl PluginManager {
        auth_name: &str,
        action_index: i32,
        values: HashMap<String, JsonPrimitive>,
-        request_id: &str,
+        model_id: &str,
    ) -> Result<()> {
        let results = self.get_http_authentication_summaries(window).await?;
        let plugin = results
@@ -545,7 +545,7 @@ impl PluginManager {
            .find_map(|(p, r)| if r.name == auth_name { Some(p) } else { None })
            .ok_or(PluginNotFoundErr(auth_name.into()))?;

-        let context_id = format!("{:x}", md5::compute(request_id.to_string()));
+        let context_id = format!("{:x}", md5::compute(model_id.to_string()));
        self.send_to_plugin_and_wait(
            &PluginWindowContext::new(window),
            &plugin,
--- a/src-tauri/yaak-sync/bindings/gen_models.ts
+++ b/src-tauri/yaak-sync/bindings/gen_models.ts
@@ -4,11 +4,9 @@ export type Environment = { model: "environment", id: string, workspaceId: strin

 export type EnvironmentVariable = { enabled?: boolean, name: string, value: string, id?: string, };

-export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, name: string, description: string, sortPriority: number, };
+export type Folder = { model: "folder", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, sortPriority: number, };

-export type GrpcMetadataEntry = { enabled?: boolean, name: string, value: string, id?: string, };
-
-export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<GrpcMetadataEntry>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };
+export type GrpcRequest = { model: "grpc_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authenticationType: string | null, authentication: Record<string, any>, description: string, message: string, metadata: Array<HttpRequestHeader>, method: string | null, name: string, service: string | null, sortPriority: number, url: string, };

 export type HttpRequest = { model: "http_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, body: Record<string, any>, bodyType: string | null, description: string, headers: Array<HttpRequestHeader>, method: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

@@ -22,4 +20,4 @@ export type SyncState = { model: "sync_state", id: string, workspaceId: string,

 export type WebsocketRequest = { model: "websocket_request", id: string, createdAt: string, updatedAt: string, workspaceId: string, folderId: string | null, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, message: string, name: string, sortPriority: number, url: string, urlParameters: Array<HttpUrlParameter>, };

-export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, name: string, description: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
+export type Workspace = { model: "workspace", id: string, createdAt: string, updatedAt: string, authentication: Record<string, any>, authenticationType: string | null, description: string, headers: Array<HttpRequestHeader>, name: string, encryptionKeyChallenge: string | null, settingValidateCertificates: boolean, settingFollowRedirects: boolean, settingRequestTimeout: number, };
--- a/src-tauri/yaak-ws/src/commands.rs
+++ b/src-tauri/yaak-ws/src/commands.rs
@@ -206,9 +206,28 @@ pub(crate) async fn connect<R: Runtime>(
    )
    .await?;

+    let (authentication_type, authentication) =
+        window.db().resolve_auth_for_websocket_request(&request)?;
+
    let mut headers = HeaderMap::new();
-    if let Some(auth_name) = request.authentication_type.clone() {
-        let auth = request.authentication.clone();
+
+    let resolved_headers = window.db().resolve_headers_for_websocket_request(&request)?;
+    for h in resolved_headers {
+        if h.name.is_empty() && h.value.is_empty() {
+            continue;
+        }
+
+        if !h.enabled {
+            continue;
+        }
+        headers.insert(
+            HeaderName::from_str(&h.name).unwrap(),
+            HeaderValue::from_str(&h.value).unwrap(),
+        );
+    }
+
+    if let Some(auth_name) = authentication_type.clone() {
+        let auth = authentication.clone();
        let plugin_req = CallHttpAuthenticationRequest {
            context_id: format!("{:x}", md5::compute(request_id.to_string())),
            values: serde_json::from_value(serde_json::to_value(&auth).unwrap()).unwrap(),