Add HTTP Basic Auth in fetch

Author: lovasoa

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG.md
 
+## 0.33.0 (unreleased)
+
+- Add support for HTTP Basic Authentication in the [fetch](https://sql-page.com/documentation.sql?component=fetch#component) function.
+
 ## 0.32.1 (2025-01-03)
 
 This is a bugfix release.

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "sqlpage"
-version = "0.32.1"
+version = "0.33.0"
 edition = "2021"
 description = "Build data user interfaces entirely in SQL. A web server that takes .sql files and formats the query result using pre-made configurable professional-looking components."
 keywords = ["web", "sql", "framework"]

Cargo.toml

@@ -29,6 +29,7 @@ select $user_search as title,
   CAST($api_results->>0->>''lat'' AS FLOAT) as latitude,
   CAST($api_results->>0->>''lon'' AS FLOAT) as longitude;
 ```
+
 #### POST query with a body
 
 In this example, we use the complex form of the function to make an
@@ -59,6 +60,23 @@ select
     $api_results as contents;
 ```
 
+
+#### Authenticated request using Basic Auth
+
+Here''s how to make a request to an API that requires [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication):
+
+```sql
+set request = json_object(
+    ''url'', ''https://api.example.com/data'',
+    ''username'', ''my_username'',
+    ''password'', ''my_password''
+);
+set api_results = sqlpage.fetch($request);
+```
+
+> This will add the `Authorization: Basic bXlfdXNlcm5hbWU6bXlfcGFzc3dvcmQK` header to the request,
+> where `bXlfdXNlcm5hbWU6bXlfcGFzc3dvcmQK` is the base64 encoding of the string `my_username:my_password`.
+
 # JSON parameter format
 
 The fetch function accepts either a URL string, or a JSON object with the following parameters:
@@ -67,6 +85,8 @@ The fetch function accepts either a URL string, or a JSON object with the follow
  - `headers`: A JSON object with the headers to send.
  - `body`: The body of the request. If it is a JSON object, it will be sent as JSON. If it is a string, it will be sent as is.
  - `timeout_ms`: The maximum time to wait for the request, in milliseconds. Defaults to 5000.
+ - `username`: Username for HTTP Basic Authentication. Introduced in version 0.33.0.
+ - `password`: Password for HTTP Basic Authentication. Only used if username is provided. Introduced in version 0.33.0.
 
 '
     );

examples/official-site/sqlpage/migrations/40_fetch.sql

@@ -151,6 +151,10 @@ async fn fetch(
     for (k, v) in http_request.headers {
         req = req.insert_header((k.as_ref(), v.as_ref()));
     }
+    if let Some(username) = http_request.username {
+        let password = http_request.password.unwrap_or_default();
+        req = req.basic_auth(username, password);
+    }
     log::info!("Fetching {}", http_request.url);
     let mut response = if let Some(body) = http_request.body {
         let val = body.get();

src/webserver/database/sqlpage_functions/functions.rs

@@ -14,6 +14,8 @@ pub(super) struct HttpFetchRequest<'b> {
     pub timeout_ms: Option<u64>,
     #[serde(borrow, deserialize_with = "deserialize_map_to_vec_pairs")]
     pub headers: HeaderVec<'b>,
+    pub username: Option<Cow<'b, str>>,
+    pub password: Option<Cow<'b, str>>,
     #[serde(borrow)]
     pub body: Option<Cow<'b, serde_json::value::RawValue>>,
 }
@@ -52,6 +54,8 @@ impl<'a> BorrowFromStr<'a> for HttpFetchRequest<'a> {
                 url: s,
                 method: None,
                 headers: Vec::new(),
+                username: None,
+                password: None,
                 body: None,
                 timeout_ms: None,
             }
@@ -78,6 +82,8 @@ impl HttpFetchRequest<'_> {
                 .collect(),
             body: self.body.map(Cow::into_owned).map(Cow::Owned),
             timeout_ms: self.timeout_ms,
+            username: self.username.map(Cow::into_owned).map(Cow::Owned),
+            password: self.password.map(Cow::into_owned).map(Cow::Owned),
         }
     }
 }