Fix context_id for Workspace/Folder auth

Fix TS type
Disable auth for OAuth token http requests
2026-02-23 02:54:58 +01:00 · 2025-06-03 13:08:48 -07:00 · 2025-06-03 12:44:14 -07:00 · 2025-06-03 12:42:31 -07:00 · 2025-06-03 11:01:51 -07:00
13 changed files with 64 additions and 47 deletions
--- a/packages/plugin-runtime/src/PluginInstance.ts
+++ b/packages/plugin-runtime/src/PluginInstance.ts
@@ -11,7 +11,6 @@ import {
  HttpRequestAction,
  InternalEvent,
  InternalEventPayload,
-  JsonPrimitive,
  ListCookieNamesResponse,
  PluginWindowContext,
  PromptTextResponse,
@@ -22,6 +21,7 @@ import {
  TemplateRenderResponse,
 } from '@yaakapp-internal/plugins';
 import { Context, PluginDefinition } from '@yaakapp/api';
+import { JsonValue } from '@yaakapp/api/lib/bindings/serde_json/JsonValue';
 import console from 'node:console';
 import { readFileSync, type Stats, statSync, watch } from 'node:fs';
 import path from 'node:path';
@@ -568,7 +568,7 @@ function genId(len = 5): string {
 /** Recursively apply form input defaults to a set of values */
 function applyFormInputDefaults(
  inputs: TemplateFunctionArg[],
-  values: { [p: string]: JsonPrimitive | undefined },
+  values: { [p: string]: JsonValue | undefined },
 ) {
  for (const input of inputs) {
    if ('inputs' in input) {
--- a/plugins/auth-oauth2/src/getAccessToken.ts
+++ b/plugins/auth-oauth2/src/getAccessToken.ts
@@ -50,8 +50,11 @@ export async function getAccessToken(
    httpRequest.headers!.push({ name: 'Authorization', value });
  }

+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
  const resp = await ctx.httpRequest.send({ httpRequest });

+  console.log('[oauth2] Got access token response', resp.status);
+
  const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';

  if (resp.status < 200 || resp.status >= 300) {
--- a/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
+++ b/plugins/auth-oauth2/src/getOrRefreshAccessToken.ts
@@ -63,6 +63,7 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
    httpRequest.headers!.push({ name: 'Authorization', value });
  }

+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
  const resp = await ctx.httpRequest.send({ httpRequest });

  if (resp.status === 401) {
@@ -75,6 +76,8 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {

  const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';

+  console.log('[oauth2] Got refresh token response', resp.status);
+
  if (resp.status < 200 || resp.status >= 300) {
    throw new Error('Failed to refresh access token with status=' + resp.status + ' and body=' + body);
  }
@@ -95,5 +98,6 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
    // Assign a new one or keep the old one,
    refresh_token: response.refresh_token ?? token.response.refresh_token,
  };
+
  return storeToken(ctx, contextId, newResponse);
 }
--- a/src-tauri/src/grpc.rs
+++ b/src-tauri/src/grpc.rs
@@ -1,13 +1,13 @@
 use std::collections::BTreeMap;

 use crate::error::Result;
+use KeyAndValueRef::{Ascii, Binary};
 use tauri::{Manager, Runtime, WebviewWindow};
 use yaak_grpc::{KeyAndValueRef, MetadataMap};
 use yaak_models::models::GrpcRequest;
 use yaak_models::query_manager::QueryManagerExt;
 use yaak_plugins::events::{CallHttpAuthenticationRequest, HttpHeader};
 use yaak_plugins::manager::PluginManager;
-use KeyAndValueRef::{Ascii, Binary};

 pub(crate) fn metadata_to_map(metadata: MetadataMap) -> BTreeMap<String, String> {
    let mut entries = BTreeMap::new();
@@ -23,10 +23,10 @@ pub(crate) fn metadata_to_map(metadata: MetadataMap) -> BTreeMap<String, String>
 pub(crate) fn resolve_grpc_request<R: Runtime>(
    window: &WebviewWindow<R>,
    request: &GrpcRequest,
-) -> Result<GrpcRequest> {
+) -> Result<(GrpcRequest, String)> {
    let mut new_request = request.clone();

-    let (authentication_type, authentication) =
+    let (authentication_type, authentication, authentication_context_id) =
        window.db().resolve_auth_for_grpc_request(request)?;
    new_request.authentication_type = authentication_type;
    new_request.authentication = authentication;
@@ -34,12 +34,13 @@ pub(crate) fn resolve_grpc_request<R: Runtime>(
    let metadata = window.db().resolve_metadata_for_grpc_request(request)?;
    new_request.metadata = metadata;

-    Ok(new_request)
+    Ok((new_request, authentication_context_id))
 }

 pub(crate) async fn build_metadata<R: Runtime>(
    window: &WebviewWindow<R>,
    request: &GrpcRequest,
+    authentication_context_id: &str,
 ) -> Result<BTreeMap<String, String>> {
    let plugin_manager = window.state::<PluginManager>();
    let mut metadata = BTreeMap::new();
@@ -67,7 +68,7 @@ pub(crate) async fn build_metadata<R: Runtime>(
        Some(authentication_type) => {
            let auth = request.authentication.clone();
            let plugin_req = CallHttpAuthenticationRequest {
-                context_id: format!("{:x}", md5::compute(request.id.clone())),
+                context_id: format!("{:x}", md5::compute(authentication_context_id)),
                values: serde_json::from_value(serde_json::to_value(&auth).unwrap()).unwrap(),
                method: "POST".to_string(),
                url: request.url.clone(),
--- a/src-tauri/src/http_request.rs
+++ b/src-tauri/src/http_request.rs
@@ -62,7 +62,8 @@ pub async fn send_http_request<R: Runtime>(
    );
    let update_source = UpdateSource::from_window(window);

-    let resolved_request = match resolve_http_request(window, unrendered_request) {
+    let (resolved_request, auth_context_id) = match resolve_http_request(window, unrendered_request)
+    {
        Ok(r) => r,
        Err(e) => {
            return Ok(response_err(
@@ -429,7 +430,7 @@ pub async fn send_http_request<R: Runtime>(
        }
        Some(authentication_type) => {
            let req = CallHttpAuthenticationRequest {
-                context_id: format!("{:x}", md5::compute(request.id)),
+                context_id: format!("{:x}", md5::compute(auth_context_id)),
                values: serde_json::from_value(
                    serde_json::to_value(&request.authentication).unwrap(),
                )
@@ -667,10 +668,10 @@ pub async fn send_http_request<R: Runtime>(
 fn resolve_http_request<R: Runtime>(
    window: &WebviewWindow<R>,
    request: &HttpRequest,
-) -> Result<HttpRequest> {
+) -> Result<(HttpRequest, String)> {
    let mut new_request = request.clone();

-    let (authentication_type, authentication) =
+    let (authentication_type, authentication, authentication_context_id) =
        window.db().resolve_auth_for_http_request(request)?;
    new_request.authentication_type = authentication_type;
    new_request.authentication = authentication;
@@ -678,7 +679,7 @@ fn resolve_http_request<R: Runtime>(
    let headers = window.db().resolve_headers_for_http_request(request)?;
    new_request.headers = headers;

-    Ok(new_request)
+    Ok((new_request, authentication_context_id))
 }

 fn ensure_proto(url_str: &str) -> String {
--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -151,7 +151,7 @@ async fn cmd_grpc_reflect<R: Runtime>(
        None => None,
    };
    let unrendered_request = app_handle.db().get_grpc_request(request_id)?;
-    let resolved_request = resolve_grpc_request(&window, &unrendered_request)?;
+    let (resolved_request, auth_context_id) = resolve_grpc_request(&window, &unrendered_request)?;

    let base_environment =
        app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
@@ -170,7 +170,7 @@ async fn cmd_grpc_reflect<R: Runtime>(
    .await?;

    let uri = safe_uri(&req.url);
-    let metadata = build_metadata(&window, &req).await?;
+    let metadata = build_metadata(&window, &req, &auth_context_id).await?;

    Ok(grpc_handle
        .lock()
@@ -200,7 +200,7 @@ async fn cmd_grpc_go<R: Runtime>(
        None => None,
    };
    let unrendered_request = app_handle.db().get_grpc_request(request_id)?;
-    let resolved_request = resolve_grpc_request(&window, &unrendered_request)?;
+    let (resolved_request, auth_context_id) = resolve_grpc_request(&window, &unrendered_request)?;
    let base_environment =
        app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
    let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;
@@ -217,7 +217,7 @@ async fn cmd_grpc_go<R: Runtime>(
    )
    .await?;

-    let metadata = build_metadata(&window, &request).await?;
+    let metadata = build_metadata(&window, &request, &auth_context_id).await?;

    let conn = app_handle.db().upsert_grpc_connection(
        &GrpcConnection {
@@ -1232,7 +1232,7 @@ pub fn run() {
                .level_for("hyper_util", log::LevelFilter::Info)
                .level_for("hyper_rustls", log::LevelFilter::Info)
                .level_for("reqwest", log::LevelFilter::Info)
-                .level_for("sqlx", log::LevelFilter::Warn)
+                .level_for("sqlx", log::LevelFilter::Debug)
                .level_for("tao", log::LevelFilter::Info)
                .level_for("tokio_util", log::LevelFilter::Info)
                .level_for("tonic", log::LevelFilter::Info)
--- a/src-tauri/yaak-models/src/queries/folders.rs
+++ b/src-tauri/yaak-models/src/queries/folders.rs
@@ -115,15 +115,15 @@ impl<'a> DbContext<'a> {

    pub fn resolve_auth_for_folder(
        &self,
-        folder: Folder,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
-        if let Some(at) = folder.authentication_type {
-            return Ok((Some(at), folder.authentication));
+        folder: &Folder,
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
+        if let Some(at) = folder.authentication_type.clone() {
+            return Ok((Some(at), folder.authentication.clone(), folder.id.clone()));
        }

-        if let Some(folder_id) = folder.folder_id {
+        if let Some(folder_id) = folder.folder_id.clone() {
            let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
        }

        let workspace = self.get_workspace(&folder.workspace_id)?;
--- a/src-tauri/yaak-models/src/queries/grpc_requests.rs
+++ b/src-tauri/yaak-models/src/queries/grpc_requests.rs
@@ -54,14 +54,14 @@ impl<'a> DbContext<'a> {
    pub fn resolve_auth_for_grpc_request(
        &self,
        grpc_request: &GrpcRequest,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
        if let Some(at) = grpc_request.authentication_type.clone() {
-            return Ok((Some(at), grpc_request.authentication.clone()));
+            return Ok((Some(at), grpc_request.authentication.clone(), grpc_request.id.clone()));
        }

        if let Some(folder_id) = grpc_request.folder_id.clone() {
            let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
        }

        let workspace = self.get_workspace(&grpc_request.workspace_id)?;
--- a/src-tauri/yaak-models/src/queries/http_requests.rs
+++ b/src-tauri/yaak-models/src/queries/http_requests.rs
@@ -54,14 +54,14 @@ impl<'a> DbContext<'a> {
    pub fn resolve_auth_for_http_request(
        &self,
        http_request: &HttpRequest,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
        if let Some(at) = http_request.authentication_type.clone() {
-            return Ok((Some(at), http_request.authentication.clone()));
+            return Ok((Some(at), http_request.authentication.clone(), http_request.id.clone()));
        }

        if let Some(folder_id) = http_request.folder_id.clone() {
            let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
        }

        let workspace = self.get_workspace(&http_request.workspace_id)?;
--- a/src-tauri/yaak-models/src/queries/websocket_requests.rs
+++ b/src-tauri/yaak-models/src/queries/websocket_requests.rs
@@ -54,14 +54,14 @@ impl<'a> DbContext<'a> {
    pub fn resolve_auth_for_websocket_request(
        &self,
        websocket_request: &WebsocketRequest,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
        if let Some(at) = websocket_request.authentication_type.clone() {
-            return Ok((Some(at), websocket_request.authentication.clone()));
+            return Ok((Some(at), websocket_request.authentication.clone(), websocket_request.id.clone()));
        }

        if let Some(folder_id) = websocket_request.folder_id.clone() {
            let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
        }

        let workspace = self.get_workspace(&websocket_request.workspace_id)?;
--- a/src-tauri/yaak-models/src/queries/workspaces.rs
+++ b/src-tauri/yaak-models/src/queries/workspaces.rs
@@ -71,8 +71,12 @@ impl<'a> DbContext<'a> {
    pub fn resolve_auth_for_workspace(
        &self,
        workspace: &Workspace,
-    ) -> (Option<String>, BTreeMap<String, Value>) {
-        (workspace.authentication_type.clone(), workspace.authentication.clone())
+    ) -> (Option<String>, BTreeMap<String, Value>, String) {
+        (
+            workspace.authentication_type.clone(),
+            workspace.authentication.clone(),
+            workspace.id.clone(),
+        )
    }

    pub fn resolve_headers_for_workspace(&self, workspace: &Workspace) -> Vec<HttpRequestHeader> {
--- a/src-tauri/yaak-ws/src/commands.rs
+++ b/src-tauri/yaak-ws/src/commands.rs
@@ -120,7 +120,8 @@ pub(crate) async fn send<R: Runtime>(
    };
    let base_environment =
        app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
-    let resolved_request = resolve_websocket_request(&window, &unrendered_request)?;
+    let (resolved_request, _auth_context_id) =
+        resolve_websocket_request(&window, &unrendered_request)?;
    let request = render_websocket_request(
        &resolved_request,
        &base_environment,
@@ -197,7 +198,8 @@ pub(crate) async fn connect<R: Runtime>(
    let base_environment =
        app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
    let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;
-    let resolved_request = resolve_websocket_request(&window, &unrendered_request)?;
+    let (resolved_request, auth_context_id) =
+        resolve_websocket_request(&window, &unrendered_request)?;
    let request = render_websocket_request(
        &resolved_request,
        &base_environment,
@@ -237,7 +239,7 @@ pub(crate) async fn connect<R: Runtime>(
        Some(authentication_type) => {
            let auth = request.authentication.clone();
            let plugin_req = CallHttpAuthenticationRequest {
-                context_id: format!("{:x}", md5::compute(request_id.to_string())),
+                context_id: format!("{:x}", md5::compute(auth_context_id)),
                values: serde_json::from_value(serde_json::to_value(&auth).unwrap()).unwrap(),
                method: "POST".to_string(),
                url: request.url.clone(),
@@ -299,13 +301,15 @@ pub(crate) async fn connect<R: Runtime>(
        }
    }

-    let response = match ws_manager.connect(
-        &connection.id,
-        url.as_str(),
-        headers,
-        receive_tx,
-        workspace.setting_validate_certificates,
-    ).await
+    let response = match ws_manager
+        .connect(
+            &connection.id,
+            url.as_str(),
+            headers,
+            receive_tx,
+            workspace.setting_validate_certificates,
+        )
+        .await
    {
        Ok(r) => r,
        Err(e) => {
--- a/src-tauri/yaak-ws/src/resolve.rs
+++ b/src-tauri/yaak-ws/src/resolve.rs
@@ -6,10 +6,10 @@ use yaak_models::query_manager::QueryManagerExt;
 pub(crate) fn resolve_websocket_request<R: Runtime>(
    window: &WebviewWindow<R>,
    request: &WebsocketRequest,
-) -> Result<WebsocketRequest> {
+) -> Result<(WebsocketRequest, String)> {
    let mut new_request = request.clone();

-    let (authentication_type, authentication) =
+    let (authentication_type, authentication, authentication_context_id) =
        window.db().resolve_auth_for_websocket_request(request)?;
    new_request.authentication_type = authentication_type;
    new_request.authentication = authentication;
@@ -17,5 +17,5 @@ pub(crate) fn resolve_websocket_request<R: Runtime>(
    let headers = window.db().resolve_headers_for_websocket_request(request)?;
    new_request.headers = headers;

-    Ok(new_request)
+    Ok((new_request, authentication_context_id))
 }
Author	SHA1	Message	Date
Gregory Schier	01d40f5b0d	Fix context_id for Workspace/Folder auth	2025-06-03 13:08:48 -07:00
Gregory Schier	bdb1adcce1	Fix TS type	2025-06-03 12:44:14 -07:00
Gregory Schier	9f6a3da8d3	Disable auth for OAuth token http requests	2025-06-03 12:42:31 -07:00
Gregory Schier	158487e3a6	sqlx log DEBUG to debug failed migrations	2025-06-03 11:01:51 -07:00