Fix context_id for Workspace/Folder auth

packages/plugin-runtime/src/PluginInstance.ts

@@ -11,7 +11,6 @@ import {
   HttpRequestAction,
   InternalEvent,
   InternalEventPayload,
-  JsonPrimitive,
   ListCookieNamesResponse,
   PluginWindowContext,
   PromptTextResponse,
@@ -22,6 +21,7 @@ import {
   TemplateRenderResponse,
 } from '@yaakapp-internal/plugins';
 import { Context, PluginDefinition } from '@yaakapp/api';
+import { JsonValue } from '@yaakapp/api/lib/bindings/serde_json/JsonValue';
 import console from 'node:console';
 import { readFileSync, type Stats, statSync, watch } from 'node:fs';
 import path from 'node:path';
@@ -568,7 +568,7 @@ function genId(len = 5): string {
 /** Recursively apply form input defaults to a set of values */
 function applyFormInputDefaults(
   inputs: TemplateFunctionArg[],
-  values: { [p: string]: JsonPrimitive | undefined },
+  values: { [p: string]: JsonValue | undefined },
 ) {
   for (const input of inputs) {
     if ('inputs' in input) {

plugins/auth-oauth2/src/getAccessToken.ts

@@ -50,8 +50,11 @@ export async function getAccessToken(
     httpRequest.headers!.push({ name: 'Authorization', value });
   }
 
+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
   const resp = await ctx.httpRequest.send({ httpRequest });
 
+  console.log('[oauth2] Got access token response', resp.status);
+
   const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
 
   if (resp.status < 200 || resp.status >= 300) {

plugins/auth-oauth2/src/getOrRefreshAccessToken.ts

@@ -63,6 +63,7 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
     httpRequest.headers!.push({ name: 'Authorization', value });
   }
 
+  httpRequest.authenticationType = 'none'; // Don't inherit workspace auth
   const resp = await ctx.httpRequest.send({ httpRequest });
 
   if (resp.status === 401) {
@@ -75,6 +76,8 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
 
   const body = resp.bodyPath ? readFileSync(resp.bodyPath, 'utf8') : '';
 
+  console.log('[oauth2] Got refresh token response', resp.status);
+
   if (resp.status < 200 || resp.status >= 300) {
     throw new Error('Failed to refresh access token with status=' + resp.status + ' and body=' + body);
   }
@@ -95,5 +98,6 @@ export async function getOrRefreshAccessToken(ctx: Context, contextId: string, {
     // Assign a new one or keep the old one,
     refresh_token: response.refresh_token ?? token.response.refresh_token,
   };
+
   return storeToken(ctx, contextId, newResponse);
 }

src-tauri/src/grpc.rs

@@ -1,13 +1,13 @@
 use std::collections::BTreeMap;
 
 use crate::error::Result;
+use KeyAndValueRef::{Ascii, Binary};
 use tauri::{Manager, Runtime, WebviewWindow};
 use yaak_grpc::{KeyAndValueRef, MetadataMap};
 use yaak_models::models::GrpcRequest;
 use yaak_models::query_manager::QueryManagerExt;
 use yaak_plugins::events::{CallHttpAuthenticationRequest, HttpHeader};
 use yaak_plugins::manager::PluginManager;
-use KeyAndValueRef::{Ascii, Binary};
 
 pub(crate) fn metadata_to_map(metadata: MetadataMap) -> BTreeMap<String, String> {
     let mut entries = BTreeMap::new();
@@ -23,10 +23,10 @@ pub(crate) fn metadata_to_map(metadata: MetadataMap) -> BTreeMap<String, String>
 pub(crate) fn resolve_grpc_request<R: Runtime>(
     window: &WebviewWindow<R>,
     request: &GrpcRequest,
-) -> Result<GrpcRequest> {
+) -> Result<(GrpcRequest, String)> {
     let mut new_request = request.clone();
 
-    let (authentication_type, authentication) =
+    let (authentication_type, authentication, authentication_context_id) =
         window.db().resolve_auth_for_grpc_request(request)?;
     new_request.authentication_type = authentication_type;
     new_request.authentication = authentication;
@@ -34,12 +34,13 @@ pub(crate) fn resolve_grpc_request<R: Runtime>(
     let metadata = window.db().resolve_metadata_for_grpc_request(request)?;
     new_request.metadata = metadata;
 
-    Ok(new_request)
+    Ok((new_request, authentication_context_id))
 }
 
 pub(crate) async fn build_metadata<R: Runtime>(
     window: &WebviewWindow<R>,
     request: &GrpcRequest,
+    authentication_context_id: &str,
 ) -> Result<BTreeMap<String, String>> {
     let plugin_manager = window.state::<PluginManager>();
     let mut metadata = BTreeMap::new();
@@ -67,7 +68,7 @@ pub(crate) async fn build_metadata<R: Runtime>(
         Some(authentication_type) => {
             let auth = request.authentication.clone();
             let plugin_req = CallHttpAuthenticationRequest {
-                context_id: format!("{:x}", md5::compute(request.id.clone())),
+                context_id: format!("{:x}", md5::compute(authentication_context_id)),
                 values: serde_json::from_value(serde_json::to_value(&auth).unwrap()).unwrap(),
                 method: "POST".to_string(),
                 url: request.url.clone(),

src-tauri/src/http_request.rs

@@ -62,7 +62,8 @@ pub async fn send_http_request<R: Runtime>(
     );
     let update_source = UpdateSource::from_window(window);
 
-    let resolved_request = match resolve_http_request(window, unrendered_request) {
+    let (resolved_request, auth_context_id) = match resolve_http_request(window, unrendered_request)
+    {
         Ok(r) => r,
         Err(e) => {
             return Ok(response_err(
@@ -429,7 +430,7 @@ pub async fn send_http_request<R: Runtime>(
         }
         Some(authentication_type) => {
             let req = CallHttpAuthenticationRequest {
-                context_id: format!("{:x}", md5::compute(request.id)),
+                context_id: format!("{:x}", md5::compute(auth_context_id)),
                 values: serde_json::from_value(
                     serde_json::to_value(&request.authentication).unwrap(),
                 )
@@ -667,10 +668,10 @@ pub async fn send_http_request<R: Runtime>(
 fn resolve_http_request<R: Runtime>(
     window: &WebviewWindow<R>,
     request: &HttpRequest,
-) -> Result<HttpRequest> {
+) -> Result<(HttpRequest, String)> {
     let mut new_request = request.clone();
 
-    let (authentication_type, authentication) =
+    let (authentication_type, authentication, authentication_context_id) =
         window.db().resolve_auth_for_http_request(request)?;
     new_request.authentication_type = authentication_type;
     new_request.authentication = authentication;
@@ -678,7 +679,7 @@ fn resolve_http_request<R: Runtime>(
     let headers = window.db().resolve_headers_for_http_request(request)?;
     new_request.headers = headers;
 
-    Ok(new_request)
+    Ok((new_request, authentication_context_id))
 }
 
 fn ensure_proto(url_str: &str) -> String {

src-tauri/src/lib.rs

@@ -151,7 +151,7 @@ async fn cmd_grpc_reflect<R: Runtime>(
         None => None,
     };
     let unrendered_request = app_handle.db().get_grpc_request(request_id)?;
-    let resolved_request = resolve_grpc_request(&window, &unrendered_request)?;
+    let (resolved_request, auth_context_id) = resolve_grpc_request(&window, &unrendered_request)?;
 
     let base_environment =
         app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
@@ -170,7 +170,7 @@ async fn cmd_grpc_reflect<R: Runtime>(
     .await?;
 
     let uri = safe_uri(&req.url);
-    let metadata = build_metadata(&window, &req).await?;
+    let metadata = build_metadata(&window, &req, &auth_context_id).await?;
 
     Ok(grpc_handle
         .lock()
@@ -200,7 +200,7 @@ async fn cmd_grpc_go<R: Runtime>(
         None => None,
     };
     let unrendered_request = app_handle.db().get_grpc_request(request_id)?;
-    let resolved_request = resolve_grpc_request(&window, &unrendered_request)?;
+    let (resolved_request, auth_context_id) = resolve_grpc_request(&window, &unrendered_request)?;
     let base_environment =
         app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
     let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;
@@ -217,7 +217,7 @@ async fn cmd_grpc_go<R: Runtime>(
     )
     .await?;
 
-    let metadata = build_metadata(&window, &request).await?;
+    let metadata = build_metadata(&window, &request, &auth_context_id).await?;
 
     let conn = app_handle.db().upsert_grpc_connection(
         &GrpcConnection {
@@ -1232,7 +1232,7 @@ pub fn run() {
                 .level_for("hyper_util", log::LevelFilter::Info)
                 .level_for("hyper_rustls", log::LevelFilter::Info)
                 .level_for("reqwest", log::LevelFilter::Info)
-                .level_for("sqlx", log::LevelFilter::Warn)
+                .level_for("sqlx", log::LevelFilter::Debug)
                 .level_for("tao", log::LevelFilter::Info)
                 .level_for("tokio_util", log::LevelFilter::Info)
                 .level_for("tonic", log::LevelFilter::Info)

src-tauri/yaak-models/src/queries/folders.rs

@@ -115,15 +115,15 @@ impl<'a> DbContext<'a> {
 
     pub fn resolve_auth_for_folder(
         &self,
-        folder: Folder,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
-        if let Some(at) = folder.authentication_type {
-            return Ok((Some(at), folder.authentication));
+        folder: &Folder,
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
+        if let Some(at) = folder.authentication_type.clone() {
+            return Ok((Some(at), folder.authentication.clone(), folder.id.clone()));
         }
 
-        if let Some(folder_id) = folder.folder_id {
+        if let Some(folder_id) = folder.folder_id.clone() {
             let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
         }
 
         let workspace = self.get_workspace(&folder.workspace_id)?;

src-tauri/yaak-models/src/queries/grpc_requests.rs

@@ -54,14 +54,14 @@ impl<'a> DbContext<'a> {
     pub fn resolve_auth_for_grpc_request(
         &self,
         grpc_request: &GrpcRequest,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
         if let Some(at) = grpc_request.authentication_type.clone() {
-            return Ok((Some(at), grpc_request.authentication.clone()));
+            return Ok((Some(at), grpc_request.authentication.clone(), grpc_request.id.clone()));
         }
 
         if let Some(folder_id) = grpc_request.folder_id.clone() {
             let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
         }
 
         let workspace = self.get_workspace(&grpc_request.workspace_id)?;

src-tauri/yaak-models/src/queries/http_requests.rs

@@ -54,14 +54,14 @@ impl<'a> DbContext<'a> {
     pub fn resolve_auth_for_http_request(
         &self,
         http_request: &HttpRequest,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
         if let Some(at) = http_request.authentication_type.clone() {
-            return Ok((Some(at), http_request.authentication.clone()));
+            return Ok((Some(at), http_request.authentication.clone(), http_request.id.clone()));
         }
 
         if let Some(folder_id) = http_request.folder_id.clone() {
             let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
         }
 
         let workspace = self.get_workspace(&http_request.workspace_id)?;

src-tauri/yaak-models/src/queries/websocket_requests.rs

@@ -54,14 +54,14 @@ impl<'a> DbContext<'a> {
     pub fn resolve_auth_for_websocket_request(
         &self,
         websocket_request: &WebsocketRequest,
-    ) -> Result<(Option<String>, BTreeMap<String, Value>)> {
+    ) -> Result<(Option<String>, BTreeMap<String, Value>, String)> {
         if let Some(at) = websocket_request.authentication_type.clone() {
-            return Ok((Some(at), websocket_request.authentication.clone()));
+            return Ok((Some(at), websocket_request.authentication.clone(), websocket_request.id.clone()));
         }
 
         if let Some(folder_id) = websocket_request.folder_id.clone() {
             let folder = self.get_folder(&folder_id)?;
-            return self.resolve_auth_for_folder(folder);
+            return self.resolve_auth_for_folder(&folder);
         }
 
         let workspace = self.get_workspace(&websocket_request.workspace_id)?;

src-tauri/yaak-models/src/queries/workspaces.rs

@@ -71,8 +71,12 @@ impl<'a> DbContext<'a> {
     pub fn resolve_auth_for_workspace(
         &self,
         workspace: &Workspace,
-    ) -> (Option<String>, BTreeMap<String, Value>) {
-        (workspace.authentication_type.clone(), workspace.authentication.clone())
+    ) -> (Option<String>, BTreeMap<String, Value>, String) {
+        (
+            workspace.authentication_type.clone(),
+            workspace.authentication.clone(),
+            workspace.id.clone(),
+        )
     }
 
     pub fn resolve_headers_for_workspace(&self, workspace: &Workspace) -> Vec<HttpRequestHeader> {

src-tauri/yaak-ws/src/commands.rs

@@ -120,7 +120,8 @@ pub(crate) async fn send<R: Runtime>(
     };
     let base_environment =
         app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
-    let resolved_request = resolve_websocket_request(&window, &unrendered_request)?;
+    let (resolved_request, _auth_context_id) =
+        resolve_websocket_request(&window, &unrendered_request)?;
     let request = render_websocket_request(
         &resolved_request,
         &base_environment,
@@ -197,7 +198,8 @@ pub(crate) async fn connect<R: Runtime>(
     let base_environment =
         app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
     let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;
-    let resolved_request = resolve_websocket_request(&window, &unrendered_request)?;
+    let (resolved_request, auth_context_id) =
+        resolve_websocket_request(&window, &unrendered_request)?;
     let request = render_websocket_request(
         &resolved_request,
         &base_environment,
@@ -237,7 +239,7 @@ pub(crate) async fn connect<R: Runtime>(
         Some(authentication_type) => {
             let auth = request.authentication.clone();
             let plugin_req = CallHttpAuthenticationRequest {
-                context_id: format!("{:x}", md5::compute(request_id.to_string())),
+                context_id: format!("{:x}", md5::compute(auth_context_id)),
                 values: serde_json::from_value(serde_json::to_value(&auth).unwrap()).unwrap(),
                 method: "POST".to_string(),
                 url: request.url.clone(),
@@ -299,13 +301,15 @@ pub(crate) async fn connect<R: Runtime>(
         }
     }
 
-    let response = match ws_manager.connect(
-        &connection.id,
-        url.as_str(),
-        headers,
-        receive_tx,
-        workspace.setting_validate_certificates,
-    ).await
+    let response = match ws_manager
+        .connect(
+            &connection.id,
+            url.as_str(),
+            headers,
+            receive_tx,
+            workspace.setting_validate_certificates,
+        )
+        .await
     {
         Ok(r) => r,
         Err(e) => {

src-tauri/yaak-ws/src/resolve.rs

@@ -6,10 +6,10 @@ use yaak_models::query_manager::QueryManagerExt;
 pub(crate) fn resolve_websocket_request<R: Runtime>(
     window: &WebviewWindow<R>,
     request: &WebsocketRequest,
-) -> Result<WebsocketRequest> {
+) -> Result<(WebsocketRequest, String)> {
     let mut new_request = request.clone();
 
-    let (authentication_type, authentication) =
+    let (authentication_type, authentication, authentication_context_id) =
         window.db().resolve_auth_for_websocket_request(request)?;
     new_request.authentication_type = authentication_type;
     new_request.authentication = authentication;
@@ -17,5 +17,5 @@ pub(crate) fn resolve_websocket_request<R: Runtime>(
     let headers = window.db().resolve_headers_for_websocket_request(request)?;
     new_request.headers = headers;
 
-    Ok(new_request)
+    Ok((new_request, authentication_context_id))
 }