Enhance OpenAPI integration with runtime auth handling

Updated the `openapi-operation-executor` package to version 0.12.1. Implemented functionality to dynamically generate runtime credentials and incorporate authorization headers in API requests. Added methods for handling API key retrieval from runtime security credentials.

.prettierrc

@@ -0,0 +1,6 @@
+{
+  "printWidth": 120,
+  "trailingComma": "all",
+  "singleQuote": true,
+  "semi": true
+}

package.json

@@ -42,7 +42,7 @@
 		]
 	},
 	"dependencies": {
-		"@comake/openapi-operation-executor": "^0.11.1",
+		"@comake/openapi-operation-executor": "^0.12.1",
 		"@comake/rmlmapper-js": "^0.5.2",
 		"@comunica/query-sparql-rdfjs": "^2.10.0",
 		"@rdfjs/data-model": "^1.3.0",

src/SklEngine.ts

@@ -2,6 +2,7 @@
 import type {
   OpenApi,
   OpenApiClientConfiguration,
+  OperationWithPathInfo,
 } from '@comake/openapi-operation-executor';
 import { OpenApiOperationExecutor } from '@comake/openapi-operation-executor';
 import { getIdFromNodeObjectIfDefined, type ReferenceNodeObject } from '@comake/rmlmapper-js';
@@ -54,6 +55,7 @@ import {
 } from './util/Util';
 import { SKL, SHACL, RDFS, SKL_ENGINE, XSD, RDF } from './util/Vocabularies';
 import { GroupByOptions, GroupByResponse } from './storage/GroupOptionTypes';
+import { AxiosRequestConfig } from 'axios';
 
 export type VerbHandler = <T extends OrArray<NodeObject> = OrArray<NodeObject>>(
   params: JSONObject,
@@ -826,6 +828,31 @@ export class SKLEngine {
     });
   }
 
+  private async findgetOpenApiRuntimeAuthorizationVerbIfDefined(): Promise<Verb | undefined> {
+    return (await this.findByIfExists({
+      type: SKL.Verb,
+      [RDFS.label]: 'getOpenApiRuntimeAuthorization',
+    })) as Verb;
+  }
+
+  private async getRuntimeCredentialsWithSecurityCredentials(securityCredentials: Entity, integrationId: string, openApiOperationInformation: OperationWithPathInfo): Promise<JSONObject> {
+    const getOpenApiRuntimeAuthorizationVerb = await this.findgetOpenApiRuntimeAuthorizationVerbIfDefined();
+    if (!getOpenApiRuntimeAuthorizationVerb) {
+      return {};
+    }
+    const mapping = await this.findVerbIntegrationMapping(getOpenApiRuntimeAuthorizationVerb['@id'], integrationId);
+    if (!mapping) {
+      return {};
+    }
+    const args = {
+      securityCredentials,
+      openApiExecutorOperationWithPathInfo: openApiOperationInformation,
+    } as JSONObject;
+    const operationInfoJsonLd = await this.performParameterMappingOnArgsIfDefined(args, mapping, undefined, true);
+    const headers = getValueIfDefined<JSONObject>(operationInfoJsonLd[SKL.headers]);
+    return headers ?? {};
+  }
+
   private async createOpenApiOperationExecutorWithSpec(openApiDescription: OpenApi): Promise<OpenApiOperationExecutor> {
     const executor = new OpenApiOperationExecutor();
     await executor.setOpenapiSpec(openApiDescription);
@@ -889,31 +916,83 @@ export class SKLEngine {
     const integrationId = (account[SKL.integration] as ReferenceNodeObject)['@id'];
     const openApiDescription = await this.getOpenApiDescriptionForIntegration(integrationId);
     const openApiExecutor = await this.createOpenApiOperationExecutorWithSpec(openApiDescription);
+    const openApiOperationInformation = await openApiExecutor.getOperationWithPathInfoMatchingOperationId(operationId);
     const securityCredentials = await this.findSecurityCredentialsForAccountIfDefined(account['@id']);
-    Logger.getInstance().log('Security Credentials', securityCredentials);
+    let runtimeAuthorization: JSONObject = {};
+    if (securityCredentials) {
+      const generatedRuntimeCredentials = await this.getRuntimeCredentialsWithSecurityCredentials(
+        securityCredentials,
+        integrationId,
+        openApiOperationInformation,
+      );
+      if (generatedRuntimeCredentials && Object.keys(generatedRuntimeCredentials).length > 0) {
+        runtimeAuthorization = generatedRuntimeCredentials;
+      }
+    }
+    const apiKey = [
+      getValueIfDefined<string>(securityCredentials?.[SKL.apiKey]),
+      this.getAuthorizationHeaderFromRuntimeCredentials(runtimeAuthorization),
+    ].find(Boolean);
     const configuration = {
       accessToken: getValueIfDefined<string>(securityCredentials?.[SKL.accessToken]),
       bearerToken: getValueIfDefined<string>(securityCredentials?.[SKL.bearerToken]),
-      apiKey: getValueIfDefined<string>(securityCredentials?.[SKL.apiKey]),
+      apiKey,
       basePath: getValueIfDefined<string>(account[SKL.overrideBasePath]),
       username: getValueIfDefined<string>(securityCredentials?.[SKL.clientId]),
       password: getValueIfDefined<string>(securityCredentials?.[SKL.clientSecret]),
     };
-    const response = await openApiExecutor.executeOperation(operationId, configuration, operationArgs)
-      .catch(async(error: Error | AxiosError): Promise<any> => {
-        if (axios.isAxiosError(error) && await this.isInvalidTokenError(error, integrationId) && securityCredentials) {
-          const refreshedConfiguration = await this.refreshSecurityCredentials(
-            securityCredentials,
-            integrationId,
-            account,
-          );
-          return await openApiExecutor.executeOperation(operationId, refreshedConfiguration, operationArgs);
-        }
+    let response;
+    try {
+      const additionalHeaders = this.getHeadersFromRuntimeCredentials(runtimeAuthorization) as any;
+      let executeOperationOptions: AxiosRequestConfig| undefined;
+      if (
+        additionalHeaders &&
+        typeof additionalHeaders === 'object' &&
+        !Array.isArray(additionalHeaders) &&
+        Object.keys(additionalHeaders).length > 0
+      ) {
+        executeOperationOptions = { headers: additionalHeaders };
+      }
+      response = await openApiExecutor.executeOperation(operationId, configuration, operationArgs, executeOperationOptions);
+    } catch (error) {
+      if (axios.isAxiosError(error) && (await this.isInvalidTokenError(error, integrationId)) && securityCredentials) {
+        const refreshedConfiguration = await this.refreshSecurityCredentials(
+          securityCredentials,
+          integrationId,
+          account,
+        );
+        response = await openApiExecutor.executeOperation(operationId, refreshedConfiguration, operationArgs);
+      } else {
         throw error;
-      });
+      }
+    }
     return response;
   }
 
+  private getHeadersFromRuntimeCredentials(runtimeCredentials: JSONObject): JSONObject {
+    let returnValue: JSONObject = {};
+    if (
+      runtimeCredentials.headers &&
+      typeof runtimeCredentials.headers === 'object' &&
+      Object.keys(runtimeCredentials.headers).length > 0 &&
+      !Array.isArray(runtimeCredentials.headers)
+    ) {
+      returnValue = runtimeCredentials.headers;
+    }
+    return returnValue;
+  }
+
+  private getAuthorizationHeaderFromRuntimeCredentials(runtimeCredentials: JSONObject): string | undefined {
+    const headers = this.getHeadersFromRuntimeCredentials(runtimeCredentials);
+    if (headers && 'Authorization' in headers) {
+      const authorizationHeader = headers['Authorization'];
+      if (typeof authorizationHeader === 'string') {
+        return authorizationHeader;
+      }
+    }
+    return undefined;
+  }
+
   private async isInvalidTokenError(error: AxiosError, integrationId: string): Promise<boolean> {
     const integration = await this.findBy({ id: integrationId });
     const errorMatcher = integration[SKL.invalidTokenErrorMatcher] as NodeObject;

src/util/Vocabularies.ts

@@ -93,6 +93,8 @@ export const SKL = createNamespace(SKL_NAMESPACE, [
   'Dataview',
   'Entity',
   'query',
+  'getOpenApiRuntimeAuthorization',
+  'headers',
 ]);
 
 export const SKL_ENGINE_NAMESPACE = 'https://standardknowledge.com/ontologies/skl-engine/';