Add Support for Postman Authorization via API Key #52
Conversation
|
Hey there ! Thanks for the PR :) |
|
Here is the use case. Instead of having header being added to every HTTP request in the collection, Postman supports global level authorization. For example by API Key.
This key will be added to the requests within the collection. |
There was a problem hiding this comment.
Okay, that's what I thought thanks for the addition and suggestion.
After looking at the docs: https://learning.postman.com/docs/sending-requests/authorization/authorization-types/, it seems it could support most of the use cases so I think it's a nice addition.
I added some comments and suggestions, to harmonize it all. Graphman is quite an old codebase now, but I think it would be nice this way.
Sorry for the delay of my review, I had a lot of work lately :))
Also can you please add the flag usage to README.md?
Thank you!
src/cli.ts
Outdated
| combinedHeaders.push(args.Hapikey); | ||
| } | ||
|
|
||
| const headers = parseHeaders(combinedHeaders); |
There was a problem hiding this comment.
I don't think you want to mix the global header and regular ones, as I can see you later filter it out. Please juste parse and pass those separately
There was a problem hiding this comment.
adding the combined header because they should be used in api call, right?
src/format.ts
Outdated
| } | ||
|
|
||
| function queryToItem( | ||
| query: FormattedQuery, | ||
| url: string, | ||
| headers?: Record<string, string>, | ||
| apiKeyHeader?: string, |
There was a problem hiding this comment.
If you separate them as suggested, you can just remove it from this signature
src/format.ts
Outdated
| value, | ||
| })), | ||
| header: Object.entries(headers ?? {}) | ||
| .filter(([key]) => key !== apiKeyHeader) |
There was a problem hiding this comment.
Idem you won't need to filter it out
src/format.ts
Outdated
| @@ -83,17 +94,24 @@ export function queryCollectionToPostmanCollection( | |||
| queryCollection: QueryCollection, | |||
| url: string, | |||
| headers?: Record<string, string>, | |||
| ) { | |||
| apiKeyHeader?: string, | |||
There was a problem hiding this comment.
Pass the global header as a tuple[string,string]
src/format.ts
Outdated
| value: string; | ||
| type: string; | ||
| }[]; | ||
| }; | ||
| } | ||
|
|
||
| function queryToItem( | ||
| query: FormattedQuery, | ||
| url: string, | ||
| headers?: Record<string, string>, |
There was a problem hiding this comment.
We should change this type to Array<[string,string]>, and make it mandatory (it will just be empty if no headers).
src/index.ts
Outdated
| @@ -8,14 +8,24 @@ export { outrospect }; | |||
| export async function createPostmanCollection( | |||
| url: string, | |||
| headers?: Record<string, string>, | |||
| apiKeyHeader?: string, | |||
src/lib.ts
Outdated
| `\n\nError parsing: \n ${h}. \n Please verify your headers.\n`, | ||
| ); | ||
| } | ||
| export function parseHeaders(headers?: string[]): Record<string, string> { |
There was a problem hiding this comment.
Here you can return an array of tuples
src/cli.ts
Outdated
| const args = parse(Deno.args, { | ||
| boolean: ["help", "h"], | ||
| collect: ["H"], | ||
| string: ["Hapikey"], |
There was a problem hiding this comment.
I think the flag name is not really explicit, something like '--Global-Header', that may be shortened to '-GH', would be more explicit. Or maybe --AuthHeader?
|
Changes have been added, please review. |
src/index.ts
Outdated
| const queryCollection = outrospectionToQueries(outrospection); | ||
| // Remove the authHeader from individual request headers | ||
| const headersWithoutAuth = headers.filter(([key]) => authHeader ? key !== authHeader[0] : true); |
There was a problem hiding this comment.
I don't think you need to filter it out now that it is passed separately
There was a problem hiding this comment.
The purpose of this filtering is to avoid confusion. If an Auth Header is present, we should not include the same Auth Header at the request level. It should only be included at the Postman collection level.
src/lib.ts
Outdated
| if (typeof header !== "string") { | ||
| throw new Error(`Header is not a string: ${header}`); | ||
| } | ||
| const [key, value] = header.split(": ", 2); |
There was a problem hiding this comment.
You need to trim both the key and value, as it was before
src/lib.ts
Outdated
| } | ||
|
|
||
| async function query( | ||
| url: string, | ||
| query: string, | ||
| headers?: Record<string, string>, | ||
| headers?: Array<[string, string]>, |
|
An alias could be only one single character, so added -A as an alias for AuthHeader. |
sl4wa
force-pushed
the
add-apikey-auth
branch
4 times, most recently
from
e99a717
to
5c87222
Compare
|
Sorry I was of for about 3 weeks, and did not touch any computer |
src/cli.ts
Outdated
| : undefined; | ||
|
|
||
| if (authHeader) { | ||
| headers.push(authHeader); // Add AuthHeader to headers for API access |
There was a problem hiding this comment.
my last concern is this part, I don't get why you add the authHeader to the regular headers. This defeats the point of having it separate no ?
There was a problem hiding this comment.
it's basically needed to get a response :)
these are the headers which are being passed by the tool to the API, not the headers from the collection
src/index.ts
Outdated
| const queryCollection = outrospectionToQueries(outrospection); | ||
| // Remove the authHeader from individual request headers |
There was a problem hiding this comment.
And this should not be needed at all
|
Hey @sl4wa, I just pushed a few changes to clean up some stuff, and simplify. |
|
Hi, i'm testing the changes. It does not work for me. Seems that if we don't pass the new header along with the other HTTP headers it can't authorize. |
Then what's the point of having it globally as a separate parameter, if we duplicate it everywhere? If it is in the right place in the collection it should work. I believe something is missing in the collection generation part. Maybe the requests need to specify that they rely on the global header ? |
|
You're right, there is no need to duplicate the header on the each postman's request level. It should be specified only once on the collection level. But we still need to add this header to the requests that are being passed by this tool to get the schema. Ater the latest changes I'm not able to do that. Once rolling back to commit from Jul 31, all works fine. |
Yes but then it means that we duplicate the header, which defeats the hole point of this MR and can already be done via Postman is currently having some issues: https://status.postman.com so I cannot test it. If you can export a collection that has global authentication has you need it to json, I'll be happy to look into it, maybe: collection.auth = {
type: "apikey",
apikey: [
{ key: "in", value: "header", type: "string" },
{ key: "value", value: authHeader[1], type: "string" },
{ key: "key", value: authHeader[0], type: "string" },
],is wrong. |
Oh okay that's why you merged it. |
|
Passed the header to introspection too, without duplicating it everywhere |
Thanks, it works good now! With the latest changes the auth header is added to every Postman HTTP request. However I think we should filter it out and have it only at the collection level. |
Oh that's my bad then, the goal was precisely not to do this yes. Looking into it |
|
Fixed, was a little bug in my code (did not clone the header array so I was mutating it), should be all good |
|
Thanks, it works perfectly fine now. |
|
merging :) |
|
Thanks for approval. I've noticed that in README we are specifying the v1.2.1 tag. This should probably be updated when you're ready. |
Summary
This PR adds support for Postman API key authorization via a new console parameter
--AuthHeader="header: value"or-A="header: value".Changes
--AuthHeader(-A) parameter.createPostmanCollectionto accept API key header and value, handling the global authorization header separately and filtering it out from individual request headers.queryCollectionToPostmanCollectionandqueryToItemto include the API key authorization block in the Postman collection and ensure the API key header is not added to individual items.parseHeadersto handle the--AuthHeader(-A) parameter correctly, returning an array of[string, string]tuples.Testing
--AuthHeader(-A) parameter.Additional Notes
Please review the changes and let me know if any adjustments are needed.