feat(common): authentication strategy improvements (hoppscotch#5130)

Co-authored-by: jamesgeorge007 <[email protected]>

Author: anwarulislam

packages/hoppscotch-common/src/helpers/auth/auth-types.ts

@@ -0,0 +1,92 @@
+import {
+  Environment,
+  HoppRESTAuth,
+  HoppRESTHeader,
+  HoppRESTParam,
+  HoppRESTRequest,
+} from "@hoppscotch/data"
+import {
+  generateApiKeyAuthHeaders,
+  generateApiKeyAuthParams,
+} from "./types/api-key"
+import {
+  generateAwsSignatureAuthHeaders,
+  generateAwsSignatureAuthParams,
+} from "./types/aws-signature"
+import { generateBasicAuthHeaders } from "./types/basic"
+import { generateBearerAuthHeaders } from "./types/bearer"
+import { generateDigestAuthHeaders } from "./types/digest"
+import { generateHawkAuthHeaders } from "./types/hawk"
+import { generateJwtAuthHeaders, generateJwtAuthParams } from "./types/jwt"
+import {
+  generateOAuth2AuthHeaders,
+  generateOAuth2AuthParams,
+} from "./types/oauth2"
+
+/**
+ * Generate headers for the given auth type using function-based approach
+ */
+export async function generateAuthHeaders(
+  auth: HoppRESTAuth,
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTHeader[]> {
+  switch (auth.authType) {
+    case "basic":
+      return generateBasicAuthHeaders(auth, request, envVars, showKeyIfSecret)
+    case "bearer":
+      return generateBearerAuthHeaders(auth, request, envVars, showKeyIfSecret)
+    case "api-key":
+      return auth.addTo === "HEADERS"
+        ? generateApiKeyAuthHeaders(auth, request, envVars, showKeyIfSecret)
+        : []
+    case "oauth-2":
+      return generateOAuth2AuthHeaders(auth, request, envVars, showKeyIfSecret)
+    case "digest":
+      return generateDigestAuthHeaders(auth, request, envVars, showKeyIfSecret)
+    case "aws-signature":
+      return generateAwsSignatureAuthHeaders(
+        auth,
+        request,
+        envVars,
+        showKeyIfSecret
+      )
+    case "hawk":
+      return generateHawkAuthHeaders(auth, request, envVars, showKeyIfSecret)
+    case "jwt":
+      return generateJwtAuthHeaders(auth, request, envVars, showKeyIfSecret)
+    default:
+      return []
+  }
+}
+
+/**
+ * Generate query parameters for the given auth type using function-based approach
+ */
+export async function generateAuthParams(
+  auth: HoppRESTAuth,
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTParam[]> {
+  switch (auth.authType) {
+    case "api-key":
+      return auth.addTo === "QUERY_PARAMS"
+        ? generateApiKeyAuthParams(auth, request, envVars, showKeyIfSecret)
+        : []
+    case "oauth-2":
+      return generateOAuth2AuthParams(auth, request, envVars, showKeyIfSecret)
+    case "aws-signature":
+      return generateAwsSignatureAuthParams(
+        auth,
+        request,
+        envVars,
+        showKeyIfSecret
+      )
+    case "jwt":
+      return generateJwtAuthParams(auth, request, envVars, showKeyIfSecret)
+    default:
+      return []
+  }
+}

packages/hoppscotch-common/src/helpers/auth/index.ts

@@ -19,7 +19,8 @@ export const replaceTemplateStringsInObjectValues = <
       ? restTabsService.currentActiveTab.value.document.request.requestVariables.map(
           ({ key, value }) => ({
             key,
-            value,
+            initialValue: value,
+            currentValue: value,
             secret: false,
           })
         )

packages/hoppscotch-common/src/helpers/auth/types/api-key.ts

@@ -0,0 +1,49 @@
+import {
+  parseTemplateString,
+  HoppRESTAuth,
+  HoppRESTRequest,
+  Environment,
+  HoppRESTHeader,
+  HoppRESTParam,
+} from "@hoppscotch/data"
+
+export async function generateApiKeyAuthHeaders(
+  auth: HoppRESTAuth & { authType: "api-key" },
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTHeader[]> {
+  if (auth.addTo !== "HEADERS") return []
+
+  return [
+    {
+      active: true,
+      key: parseTemplateString(auth.key, envVars, false, showKeyIfSecret),
+      value: parseTemplateString(
+        auth.value ?? "",
+        envVars,
+        false,
+        showKeyIfSecret
+      ),
+      description: "",
+    },
+  ]
+}
+
+export async function generateApiKeyAuthParams(
+  auth: HoppRESTAuth & { authType: "api-key" },
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTParam[]> {
+  if (auth.addTo !== "QUERY_PARAMS") return []
+
+  return [
+    {
+      active: true,
+      key: parseTemplateString(auth.key, envVars, false, showKeyIfSecret),
+      value: parseTemplateString(auth.value, envVars, false, showKeyIfSecret),
+      description: "",
+    },
+  ]
+}

packages/hoppscotch-common/src/helpers/auth/types/aws-signature.ts

@@ -0,0 +1,91 @@
+import {
+  parseTemplateString,
+  HoppRESTAuth,
+  HoppRESTRequest,
+  Environment,
+  HoppRESTHeader,
+  HoppRESTParam,
+} from "@hoppscotch/data"
+import { AwsV4Signer } from "aws4fetch"
+import { getFinalBodyFromRequest } from "~/helpers/utils/EffectiveURL"
+
+export async function generateAwsSignatureAuthHeaders(
+  auth: HoppRESTAuth & { authType: "aws-signature" },
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTHeader[]> {
+  if (auth.addTo !== "HEADERS") return []
+
+  const currentDate = new Date()
+  const amzDate = currentDate.toISOString().replace(/[:-]|\.\d{3}/g, "")
+  const { method, endpoint } = request
+
+  const body = getFinalBodyFromRequest(request, envVars)
+
+  const signer = new AwsV4Signer({
+    method: method,
+    body: body?.toString(),
+    datetime: amzDate,
+    accessKeyId: parseTemplateString(auth.accessKey, envVars),
+    secretAccessKey: parseTemplateString(auth.secretKey, envVars),
+    region: parseTemplateString(auth.region, envVars) ?? "us-east-1",
+    service: parseTemplateString(auth.serviceName, envVars),
+    sessionToken:
+      auth.serviceToken && parseTemplateString(auth.serviceToken, envVars),
+    url: parseTemplateString(endpoint, envVars),
+  })
+
+  const sign = await signer.sign()
+  const headers: HoppRESTHeader[] = []
+
+  sign.headers.forEach((value, key) => {
+    headers.push({
+      active: true,
+      key: key,
+      value: value,
+      description: "",
+    })
+  })
+
+  return headers
+}
+
+export async function generateAwsSignatureAuthParams(
+  auth: HoppRESTAuth & { authType: "aws-signature" },
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTParam[]> {
+  if (auth.addTo !== "QUERY_PARAMS") return []
+
+  const currentDate = new Date()
+  const amzDate = currentDate.toISOString().replace(/[:-]|\.\d{3}/g, "")
+
+  const signer = new AwsV4Signer({
+    method: request.method,
+    datetime: amzDate,
+    signQuery: true,
+    accessKeyId: parseTemplateString(auth.accessKey, envVars),
+    secretAccessKey: parseTemplateString(auth.secretKey, envVars),
+    region: parseTemplateString(auth.region, envVars) ?? "us-east-1",
+    service: parseTemplateString(auth.serviceName, envVars),
+    sessionToken:
+      auth.serviceToken && parseTemplateString(auth.serviceToken, envVars),
+    url: parseTemplateString(request.endpoint, envVars),
+  })
+
+  const sign = await signer.sign()
+  const params: HoppRESTParam[] = []
+
+  for (const [key, value] of sign.url.searchParams) {
+    params.push({
+      active: true,
+      key: key,
+      value: value,
+      description: "",
+    })
+  }
+
+  return params
+}

packages/hoppscotch-common/src/helpers/auth/types/basic.ts

@@ -0,0 +1,37 @@
+import {
+  parseTemplateString,
+  HoppRESTAuth,
+  HoppRESTRequest,
+  Environment,
+  HoppRESTHeader,
+  HoppRESTParam,
+} from "@hoppscotch/data"
+
+export async function generateBasicAuthHeaders(
+  auth: HoppRESTAuth & { authType: "basic" },
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTHeader[]> {
+  const username = parseTemplateString(
+    auth.username,
+    envVars,
+    false,
+    showKeyIfSecret
+  )
+  const password = parseTemplateString(
+    auth.password,
+    envVars,
+    false,
+    showKeyIfSecret
+  )
+
+  return [
+    {
+      active: true,
+      key: "Authorization",
+      value: `Basic ${btoa(`${username}:${password}`)}`,
+      description: "",
+    },
+  ]
+}

packages/hoppscotch-common/src/helpers/auth/types/bearer.ts

@@ -0,0 +1,26 @@
+import {
+  parseTemplateString,
+  HoppRESTAuth,
+  HoppRESTRequest,
+  Environment,
+  HoppRESTHeader,
+  HoppRESTParam,
+} from "@hoppscotch/data"
+
+export async function generateBearerAuthHeaders(
+  auth: HoppRESTAuth & { authType: "bearer" },
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTHeader[]> {
+  const token = parseTemplateString(auth.token, envVars, false, showKeyIfSecret)
+
+  return [
+    {
+      active: true,
+      key: "Authorization",
+      value: `Bearer ${token}`,
+      description: "",
+    },
+  ]
+}

packages/hoppscotch-common/src/helpers/auth/types/digest.ts

@@ -0,0 +1,66 @@
+import {
+  parseTemplateString,
+  HoppRESTAuth,
+  HoppRESTRequest,
+  Environment,
+  HoppRESTHeader,
+  HoppRESTParam,
+} from "@hoppscotch/data"
+import {
+  DigestAuthParams,
+  fetchInitialDigestAuthInfo,
+  generateDigestAuthHeader,
+} from "../digest"
+import { getFinalBodyFromRequest } from "~/helpers/utils/EffectiveURL"
+
+export async function generateDigestAuthHeaders(
+  auth: HoppRESTAuth,
+  request: HoppRESTRequest,
+  envVars: Environment["variables"],
+  showKeyIfSecret = false
+): Promise<HoppRESTHeader[]> {
+  if (auth.authType !== "digest") return []
+
+  const { method, endpoint } = request
+
+  // Step 1: Fetch the initial auth info (nonce, realm, etc.)
+  const authInfo = await fetchInitialDigestAuthInfo(
+    parseTemplateString(endpoint, envVars),
+    method
+  )
+
+  // Get the body content for digest calculation
+  const reqBody = getFinalBodyFromRequest(request, envVars, showKeyIfSecret)
+
+  // Step 2: Set up the parameters for the digest authentication header
+  const digestAuthParams: DigestAuthParams = {
+    username: parseTemplateString(auth.username, envVars),
+    password: parseTemplateString(auth.password, envVars),
+    realm: auth.realm
+      ? parseTemplateString(auth.realm, envVars)
+      : authInfo.realm,
+    nonce: auth.nonce
+      ? parseTemplateString(auth.nonce, envVars)
+      : authInfo.nonce,
+    endpoint: parseTemplateString(endpoint, envVars),
+    method,
+    algorithm: auth.algorithm ?? authInfo.algorithm,
+    qop: auth.qop ? parseTemplateString(auth.qop, envVars) : authInfo.qop,
+    opaque: auth.opaque
+      ? parseTemplateString(auth.opaque, envVars)
+      : authInfo.opaque,
+    reqBody: typeof reqBody === "string" ? reqBody : "",
+  }
+
+  // Step 3: Generate the Authorization header
+  const authHeaderValue = await generateDigestAuthHeader(digestAuthParams)
+
+  return [
+    {
+      active: true,
+      key: "Authorization",
+      value: authHeaderValue,
+      description: "",
+    },
+  ]
+}