-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Support for Postman Authorization via API Key #52
Conversation
Hey there ! Thanks for the PR :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, that's what I thought thanks for the addition and suggestion.
After looking at the docs: https://learning.postman.com/docs/sending-requests/authorization/authorization-types/, it seems it could support most of the use cases so I think it's a nice addition.
I added some comments and suggestions, to harmonize it all. Graphman is quite an old codebase now, but I think it would be nice this way.
Sorry for the delay of my review, I had a lot of work lately :))
Also can you please add the flag usage to README.md?
Thank you!
src/cli.ts
Outdated
combinedHeaders.push(args.Hapikey); | ||
} | ||
|
||
const headers = parseHeaders(combinedHeaders); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you want to mix the global header and regular ones, as I can see you later filter it out. Please juste parse and pass those separately
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
adding the combined header because they should be used in api call, right?
src/format.ts
Outdated
} | ||
|
||
function queryToItem( | ||
query: FormattedQuery, | ||
url: string, | ||
headers?: Record<string, string>, | ||
apiKeyHeader?: string, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you separate them as suggested, you can just remove it from this signature
src/format.ts
Outdated
value, | ||
})), | ||
header: Object.entries(headers ?? {}) | ||
.filter(([key]) => key !== apiKeyHeader) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Idem you won't need to filter it out
src/format.ts
Outdated
@@ -83,17 +94,24 @@ export function queryCollectionToPostmanCollection( | |||
queryCollection: QueryCollection, | |||
url: string, | |||
headers?: Record<string, string>, | |||
) { | |||
apiKeyHeader?: string, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pass the global header as a tuple[string,string]
src/format.ts
Outdated
value: string; | ||
type: string; | ||
}[]; | ||
}; | ||
} | ||
|
||
function queryToItem( | ||
query: FormattedQuery, | ||
url: string, | ||
headers?: Record<string, string>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should change this type to Array<[string,string]>
, and make it mandatory (it will just be empty if no headers).
src/index.ts
Outdated
@@ -8,14 +8,24 @@ export { outrospect }; | |||
export async function createPostmanCollection( | |||
url: string, | |||
headers?: Record<string, string>, | |||
apiKeyHeader?: string, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
idem tuple here
src/lib.ts
Outdated
`\n\nError parsing: \n ${h}. \n Please verify your headers.\n`, | ||
); | ||
} | ||
export function parseHeaders(headers?: string[]): Record<string, string> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here you can return an array of tuples
src/cli.ts
Outdated
const args = parse(Deno.args, { | ||
boolean: ["help", "h"], | ||
collect: ["H"], | ||
string: ["Hapikey"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the flag name is not really explicit, something like '--Global-Header', that may be shortened to '-GH', would be more explicit. Or maybe --AuthHeader
?
Changes have been added, please review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, maybe adding a -AH
shorthand for the flag would be a nice addition
src/index.ts
Outdated
const queryCollection = outrospectionToQueries(outrospection); | ||
// Remove the authHeader from individual request headers | ||
const headersWithoutAuth = headers.filter(([key]) => authHeader ? key !== authHeader[0] : true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you need to filter it out now that it is passed separately
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The purpose of this filtering is to avoid confusion. If an Auth Header is present, we should not include the same Auth Header at the request level. It should only be included at the Postman collection level.
src/lib.ts
Outdated
if (typeof header !== "string") { | ||
throw new Error(`Header is not a string: ${header}`); | ||
} | ||
const [key, value] = header.split(": ", 2); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to trim both the key and value, as it was before
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
src/lib.ts
Outdated
} | ||
|
||
async function query( | ||
url: string, | ||
query: string, | ||
headers?: Record<string, string>, | ||
headers?: Array<[string, string]>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should not be optional
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
An alias could be only one single character, so added -A as an alias for AuthHeader. |
e99a717
to
5c87222
Compare
Sorry I was of for about 3 weeks, and did not touch any computer |
src/cli.ts
Outdated
: undefined; | ||
|
||
if (authHeader) { | ||
headers.push(authHeader); // Add AuthHeader to headers for API access |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my last concern is this part, I don't get why you add the authHeader to the regular headers. This defeats the point of having it separate no ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's basically needed to get a response :)
these are the headers which are being passed by the tool to the API, not the headers from the collection
src/index.ts
Outdated
const queryCollection = outrospectionToQueries(outrospection); | ||
// Remove the authHeader from individual request headers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And this should not be needed at all
Hey @sl4wa, I just pushed a few changes to clean up some stuff, and simplify. |
Hi, i'm testing the changes. It does not work for me. Seems that if we don't pass the new header along with the other HTTP headers it can't authorize. |
Then what's the point of having it globally as a separate parameter, if we duplicate it everywhere? If it is in the right place in the collection it should work. I believe something is missing in the collection generation part. Maybe the requests need to specify that they rely on the global header ? |
You're right, there is no need to duplicate the header on the each postman's request level. It should be specified only once on the collection level. But we still need to add this header to the requests that are being passed by this tool to get the schema. Ater the latest changes I'm not able to do that.
Once rolling back to commit from Jul 31, all works fine. |
Yes but then it means that we duplicate the header, which defeats the hole point of this MR and can already be done via Postman is currently having some issues: https://status.postman.com so I cannot test it. If you can export a collection that has global authentication has you need it to json, I'll be happy to look into it, maybe: collection.auth = {
type: "apikey",
apikey: [
{ key: "in", value: "header", type: "string" },
{ key: "value", value: authHeader[1], type: "string" },
{ key: "key", value: authHeader[0], type: "string" },
], is wrong. |
Oh okay that's why you merged it. |
Passed the header to introspection too, without duplicating it everywhere |
Thanks, it works good now! With the latest changes the auth header is added to every Postman HTTP request. However I think we should filter it out and have it only at the collection level. |
Oh that's my bad then, the goal was precisely not to do this yes. Looking into it |
Fixed, was a little bug in my code (did not clone the header array so I was mutating it), should be all good |
Thanks, it works perfectly fine now. |
merging :) |
Thanks for approval. I've noticed that in README we are specifying the v1.2.1 tag. This should probably be updated when you're ready. |
Summary
This PR adds support for Postman API key authorization via a new console parameter
--AuthHeader="header: value"
or-A="header: value"
.Changes
--AuthHeader
(-A
) parameter.createPostmanCollection
to accept API key header and value, handling the global authorization header separately and filtering it out from individual request headers.queryCollectionToPostmanCollection
andqueryToItem
to include the API key authorization block in the Postman collection and ensure the API key header is not added to individual items.parseHeaders
to handle the--AuthHeader
(-A
) parameter correctly, returning an array of[string, string]
tuples.Testing
--AuthHeader
(-A
) parameter.Additional Notes
Please review the changes and let me know if any adjustments are needed.