thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions
api-client/packages/hoppscotch-selfhost-web/src/platform/auth/desktop/index.ts

561 lines
14 KiB
TypeScript
Raw Normal View History

feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
import * as E from "fp-ts/Either"
import { BehaviorSubject, Subject } from "rxjs"
import { Ref, ref, watch } from "vue"
import { content } from "@hoppscotch/kernel"
import { Io } from "@hoppscotch/common/kernel/io"
import { listen } from "@tauri-apps/api/event"
import { getService } from "@hoppscotch/common/modules/dioc"
import { parseBodyAsJSON } from "@hoppscotch/common/helpers/functional/json"
import { AuthEvent, AuthPlatformDef } from "@hoppscotch/common/platform/auth"
import { PersistenceService } from "@hoppscotch/common/services/persistence"
import { KernelInterceptorService } from "@hoppscotch/common/services/kernel-interceptor.service"
import Login from "@platform-components/Login.vue"
import { getAllowedAuthProviders, updateUserDisplayName } from "./api"
export type HoppUserWithAuthDetail = {
uid: string
displayName: string | null
email: string | null
photoURL: string | null
provider?: string
accessToken?: string
refreshToken?: string
emailVerified: boolean
}
interface GQLResponse {
data?: {
me: HoppUserWithAuthDetail
}
errors?: Array<{ message: string }>
}
export const authEvents$ = new Subject<AuthEvent>()
export const currentUser$ = new BehaviorSubject<HoppUserWithAuthDetail | null>(
null
)
export const probableUser$ = new BehaviorSubject<HoppUserWithAuthDetail | null>(
null
)
const isGettingInitialUser: Ref<null | boolean> = ref(null)
const persistenceService = getService(PersistenceService)
const interceptorService = getService(KernelInterceptorService)
async function logout() {
const { response } = interceptorService.execute({
id: Date.now(),
url: `${import.meta.env.VITE_BACKEND_API_URL}/auth/logout`,
version: "HTTP/1.1",
method: "GET",
})
await response
await persistenceService.removeLocalConfig("refresh_token")
await persistenceService.removeLocalConfig("access_token")
}
async function signInUserWithGithubFB() {
await Io.openExternalLink({
chore: add proper error msg and disable email updation in SH (#5247) Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
2025-07-25 07:12:51 +00:00
url: `${
import.meta.env.VITE_BACKEND_API_URL
}/auth/github?redirect_uri=desktop`,
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
})
}
async function signInUserWithGoogleFB() {
await Io.openExternalLink({
chore: add proper error msg and disable email updation in SH (#5247) Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
2025-07-25 07:12:51 +00:00
url: `${
import.meta.env.VITE_BACKEND_API_URL
}/auth/google?redirect_uri=desktop`,
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
})
}
async function signInUserWithMicrosoftFB() {
await Io.openExternalLink({
chore: add proper error msg and disable email updation in SH (#5247) Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
2025-07-25 07:12:51 +00:00
url: `${
import.meta.env.VITE_BACKEND_API_URL
}/auth/microsoft?redirect_uri=desktop`,
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
})
}
async function getInitialUserDetails(): Promise<
GQLResponse | { error: string }
> {
try {
const accessToken = await persistenceService.getLocalConfig("access_token")
chore: resolve lint errors
2025-07-28 18:20:36 +00:00
const refreshToken =
await persistenceService.getLocalConfig("refresh_token")
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
if (!accessToken || !refreshToken) {
return { error: "auth/cookies_not_found" }
}
const { response } = interceptorService.execute({
id: Date.now(),
url: `${import.meta.env.VITE_BACKEND_GQL_URL}`,
method: "POST",
version: "HTTP/1.1",
headers: {
Authorization: `Bearer ${accessToken}`,
fix(web): add explicit headers following prior normalization (#4951) These changes add explicit `Content-Type` headers to direct (via `native` interceptor) authentication requests after changes made in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) that modified how `Content-Type` headers are handled in the `relay` plugin. In [issue #4905](https://github.com/hoppscotch/hoppscotch/issues/4905), that was about Hoppscotch Agent and Native interceptor inconsistently handling `Content-Type` headers. The issue had two main manifestations, duplicate headers - when overriding the `Content-Type` header in the UI or using OAuth2 authentication, the agent would send multiple `Content-Type` headers to the web server. This caused undefined behavior and often 400 errors for backends that don't accept duplicate headers. And inconsistent overrides - even when the content type was explicitly set (for example to `application/json;v=2`), the agent/native would inconsistently apply this override. Server logs revealed that roughly 50% of requests would use the correct override value, while the others would revert to the default `application/json`. The two-part solution implemented first in [PR #4911](https://github.com/hoppscotch/hoppscotch/pull/4911) addressed the duplicate headers issue by implementing header normalization before final relay. This prevented duplicate headers with different casing from being sent and [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) then resolved the inconsistent override behavior by removing the automatic `Content-Type` header insertion in the `ContentHandler` component. As explained in the PR description, this was a temporary workaround until we implement a HTTP/2-compliant solution with proper normalization. While the fixes in PR #4911 and #4931 correctly resolved the header inconsistency issues for general API requests, they introduced a new problem: **requests that previously relied on the automatic `Content-Type` insertion now have no `Content-Type` header at all**. This mainly affects direct calls around authentication flows in the desktop module, which were using the `content.json()` functionality without explicitly setting `Content-Type` headers, relying on the automatic insertion that has now been removed. These changes add the now-required explicit `Content-Type` headers to three authentication-related API calls in the desktop platform module: - **The initial user details GraphQL query**: ```javascript headers: { Authorization: `Bearer ${accessToken}`, "Content-Type": "application/json", }, ``` - **The magic link email submission endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` - **The token verification endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` This will make sure that authentication flows continue to work properly with the native interceptor after the header handling changes. As noted in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931), this is considered a **temporary solution**. The plan is to revisit the content-type handling when we implement a more comprehensive HTTP/2-compliant header normalization system in the kernel layer. While HTTP/1.1 headers are case-insensitive per [RFC 7230](https://tools.ietf.org/html/rfc7230), inconsistent handling across server implementations can treat differently-cased variations as distinct headers. HTTP/2 ([RFC 7540](https://tools.ietf.org/html/rfc7540)) mandates converting all header field names to lowercase, which would prevent these issues altogether. In such cases, relying fully on `MediaType` interface from the kernel will help handling these edge-cases.
2025-04-04 09:15:05 +00:00
"Content-Type": "application/json",
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
},
content: content.json({
query: `query Me {
me {
uid
displayName
email
photoURL
isAdmin
createdOn
}
}`,
}),
})
const responseBytes = await response
if (E.isLeft(responseBytes)) {
return { error: "auth/cookies_not_found" }
}
const res = parseBodyAsJSON<GQLResponse>(responseBytes.right.body)
if (res._tag == "Some" && res.value.data?.me) {
return {
data: {
me: {
...res.value.data.me,
refreshToken,
accessToken,
emailVerified: true,
},
},
}
}
return { error: "auth/cookies_not_found" }
} catch (error) {
return { error: "auth/cookies_not_found" }
}
}
async function setUser(user: HoppUserWithAuthDetail | null) {
const accessToken = await persistenceService.getLocalConfig("access_token")
const refreshToken = await persistenceService.getLocalConfig("refresh_token")
if (!accessToken || !refreshToken) return null
const userWithToken =
user && accessToken && refreshToken
? {
...user,
accessToken,
refreshToken,
}
: null
currentUser$.next(userWithToken)
probableUser$.next(userWithToken)
await persistenceService.setLocalConfig(
"login_state",
JSON.stringify(userWithToken)
)
}
export async function setInitialUser() {
isGettingInitialUser.value = true
const res = await getInitialUserDetails()
fix(web): add explicit headers following prior normalization (#4951) These changes add explicit `Content-Type` headers to direct (via `native` interceptor) authentication requests after changes made in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) that modified how `Content-Type` headers are handled in the `relay` plugin. In [issue #4905](https://github.com/hoppscotch/hoppscotch/issues/4905), that was about Hoppscotch Agent and Native interceptor inconsistently handling `Content-Type` headers. The issue had two main manifestations, duplicate headers - when overriding the `Content-Type` header in the UI or using OAuth2 authentication, the agent would send multiple `Content-Type` headers to the web server. This caused undefined behavior and often 400 errors for backends that don't accept duplicate headers. And inconsistent overrides - even when the content type was explicitly set (for example to `application/json;v=2`), the agent/native would inconsistently apply this override. Server logs revealed that roughly 50% of requests would use the correct override value, while the others would revert to the default `application/json`. The two-part solution implemented first in [PR #4911](https://github.com/hoppscotch/hoppscotch/pull/4911) addressed the duplicate headers issue by implementing header normalization before final relay. This prevented duplicate headers with different casing from being sent and [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) then resolved the inconsistent override behavior by removing the automatic `Content-Type` header insertion in the `ContentHandler` component. As explained in the PR description, this was a temporary workaround until we implement a HTTP/2-compliant solution with proper normalization. While the fixes in PR #4911 and #4931 correctly resolved the header inconsistency issues for general API requests, they introduced a new problem: **requests that previously relied on the automatic `Content-Type` insertion now have no `Content-Type` header at all**. This mainly affects direct calls around authentication flows in the desktop module, which were using the `content.json()` functionality without explicitly setting `Content-Type` headers, relying on the automatic insertion that has now been removed. These changes add the now-required explicit `Content-Type` headers to three authentication-related API calls in the desktop platform module: - **The initial user details GraphQL query**: ```javascript headers: { Authorization: `Bearer ${accessToken}`, "Content-Type": "application/json", }, ``` - **The magic link email submission endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` - **The token verification endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` This will make sure that authentication flows continue to work properly with the native interceptor after the header handling changes. As noted in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931), this is considered a **temporary solution**. The plan is to revisit the content-type handling when we implement a more comprehensive HTTP/2-compliant header normalization system in the kernel layer. While HTTP/1.1 headers are case-insensitive per [RFC 7230](https://tools.ietf.org/html/rfc7230), inconsistent handling across server implementations can treat differently-cased variations as distinct headers. HTTP/2 ([RFC 7540](https://tools.ietf.org/html/rfc7540)) mandates converting all header field names to lowercase, which would prevent these issues altogether. In such cases, relying fully on `MediaType` interface from the kernel will help handling these edge-cases.
2025-04-04 09:15:05 +00:00
// NOTE: This is required for further diagnosis,
// to be removed after patch confirmation.
console.info("Auth response structure:", JSON.stringify(res, null, 2))
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
if ("error" in res) {
await setUser(null)
isGettingInitialUser.value = false
return
}
if (res.errors?.[0]?.message === "Unauthorized") {
const isRefreshSuccess = await refreshToken()
if (isRefreshSuccess) {
await setInitialUser()
} else {
await setUser(null)
isGettingInitialUser.value = false
}
return
}
if (res.data?.me) {
const hoppBackendUser = res.data.me
const accessToken = await persistenceService.getLocalConfig("access_token")
if (!accessToken) return null
if (!accessToken) {
await setUser(null)
isGettingInitialUser.value = false
return
}
const HoppUserWithAuthDetail: HoppUserWithAuthDetail = {
uid: hoppBackendUser.uid,
displayName: hoppBackendUser.displayName,
email: hoppBackendUser.email,
photoURL: hoppBackendUser.photoURL,
emailVerified: true,
accessToken,
}
await setUser(HoppUserWithAuthDetail)
isGettingInitialUser.value = false
authEvents$.next({
event: "login",
user: HoppUserWithAuthDetail,
})
}
}
async function refreshToken() {
try {
chore: resolve lint errors
2025-07-28 18:20:36 +00:00
const refreshToken =
await persistenceService.getLocalConfig("refresh_token")
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
if (!refreshToken) return null
const { response } = interceptorService.execute({
id: Date.now(),
url: `${import.meta.env.VITE_BACKEND_API_URL}/auth/refresh`,
method: "GET",
version: "HTTP/1.1",
headers: {
Authorization: `Bearer ${refreshToken}`,
},
})
const res = await response
if (E.isLeft(res)) return false
await setAuthCookies(res.right.headers)
const isSuccessful = res.right.status === 200
if (isSuccessful && currentUser$.value) {
authEvents$.next({
event: "login",
user: {
uid: currentUser$.value.uid,
displayName: currentUser$.value.displayName,
email: currentUser$.value.email,
photoURL: currentUser$.value.photoURL,
emailVerified: currentUser$.value.emailVerified,
},
})
}
return isSuccessful
} catch (err) {
return false
}
}
async function sendMagicLink(email: string) {
const { response } = interceptorService.execute({
id: Date.now(),
url: `${import.meta.env.VITE_BACKEND_API_URL}/auth/signin?origin=desktop`,
version: "HTTP/1.1",
method: "POST",
fix(web): add explicit headers following prior normalization (#4951) These changes add explicit `Content-Type` headers to direct (via `native` interceptor) authentication requests after changes made in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) that modified how `Content-Type` headers are handled in the `relay` plugin. In [issue #4905](https://github.com/hoppscotch/hoppscotch/issues/4905), that was about Hoppscotch Agent and Native interceptor inconsistently handling `Content-Type` headers. The issue had two main manifestations, duplicate headers - when overriding the `Content-Type` header in the UI or using OAuth2 authentication, the agent would send multiple `Content-Type` headers to the web server. This caused undefined behavior and often 400 errors for backends that don't accept duplicate headers. And inconsistent overrides - even when the content type was explicitly set (for example to `application/json;v=2`), the agent/native would inconsistently apply this override. Server logs revealed that roughly 50% of requests would use the correct override value, while the others would revert to the default `application/json`. The two-part solution implemented first in [PR #4911](https://github.com/hoppscotch/hoppscotch/pull/4911) addressed the duplicate headers issue by implementing header normalization before final relay. This prevented duplicate headers with different casing from being sent and [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) then resolved the inconsistent override behavior by removing the automatic `Content-Type` header insertion in the `ContentHandler` component. As explained in the PR description, this was a temporary workaround until we implement a HTTP/2-compliant solution with proper normalization. While the fixes in PR #4911 and #4931 correctly resolved the header inconsistency issues for general API requests, they introduced a new problem: **requests that previously relied on the automatic `Content-Type` insertion now have no `Content-Type` header at all**. This mainly affects direct calls around authentication flows in the desktop module, which were using the `content.json()` functionality without explicitly setting `Content-Type` headers, relying on the automatic insertion that has now been removed. These changes add the now-required explicit `Content-Type` headers to three authentication-related API calls in the desktop platform module: - **The initial user details GraphQL query**: ```javascript headers: { Authorization: `Bearer ${accessToken}`, "Content-Type": "application/json", }, ``` - **The magic link email submission endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` - **The token verification endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` This will make sure that authentication flows continue to work properly with the native interceptor after the header handling changes. As noted in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931), this is considered a **temporary solution**. The plan is to revisit the content-type handling when we implement a more comprehensive HTTP/2-compliant header normalization system in the kernel layer. While HTTP/1.1 headers are case-insensitive per [RFC 7230](https://tools.ietf.org/html/rfc7230), inconsistent handling across server implementations can treat differently-cased variations as distinct headers. HTTP/2 ([RFC 7540](https://tools.ietf.org/html/rfc7540)) mandates converting all header field names to lowercase, which would prevent these issues altogether. In such cases, relying fully on `MediaType` interface from the kernel will help handling these edge-cases.
2025-04-04 09:15:05 +00:00
headers: {
"Content-Type": "application/json",
},
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
content: content.json({ email }),
})
const res = await response
if (E.isLeft(res)) throw new Error("Failed to send magic link")
if (res.right.data && res.right.data.deviceIdentifier) {
await persistenceService.setLocalConfig(
"deviceIdentifier",
res.right.data.deviceIdentifier
)
} else {
throw new Error("Does not get device identifier")
}
return res.right.data
}
async function setAuthCookies(headers: Headers) {
const cookieHeader = headers.get("set-cookie")
const cookies = cookieHeader ? cookieHeader.split(",") : []
const accessTokenMatch = cookies.join(",").match(/access_token=([^;]+)/)
const refreshTokenMatch = cookies.join(",").match(/refresh_token=([^;]+)/)
if (accessTokenMatch) {
const accessToken = accessTokenMatch[1]
await persistenceService.setLocalConfig("access_token", accessToken)
}
if (refreshTokenMatch) {
const refreshToken = refreshTokenMatch[1]
await persistenceService.setLocalConfig("refresh_token", refreshToken)
}
}
export const def: AuthPlatformDef = {
customLoginSelectorUI: Login,
getCurrentUserStream: () => currentUser$,
getAuthEventsStream: () => authEvents$,
getProbableUserStream: () => probableUser$,
getCurrentUser: () => currentUser$.value,
getProbableUser: () => probableUser$.value,
async getAllowedAuthProviders() {
return await getAllowedAuthProviders()
},
getBackendHeaders() {
const accessToken = currentUser$.value?.accessToken
return accessToken
? {
Authorization: `Bearer ${accessToken}`,
}
: ({} as Record<string, string>)
},
getGQLClientOptions() {
const accessToken = currentUser$.value?.accessToken
return {
// For GraphQL subscriptions via WebSocket
connectionParams: accessToken
? {
Authorization: `Bearer ${accessToken}`,
}
: undefined,
// For regular HTTP queries
fetchOptions: {
headers: accessToken
? { Authorization: `Bearer ${accessToken}` }
: undefined,
},
}
},
axiosPlatformConfig() {
const accessToken = currentUser$.value?.accessToken
return {
headers: accessToken
? {
Authorization: `Bearer ${accessToken}`,
}
: {},
}
},
willBackendHaveAuthError() {
return !currentUser$.value
},
onBackendGQLClientShouldReconnect(func) {
authEvents$.subscribe((event) => {
if (event.event === "login" || event.event === "logout") {
func()
}
})
},
isSignInWithEmailLink(url: string) {
const urlObject = new URL(url)
const searchParams = new URLSearchParams(urlObject.search)
return searchParams.has("token")
},
async processMagicLink(): Promise<void> {
return Promise.resolve()
},
getDevOptsBackendIDToken() {
return null
},
async performAuthInit() {
const loginState = await persistenceService.getLocalConfig("login_state")
const probableUser = JSON.parse(loginState ?? "null")
probableUser$.next(probableUser)
await setInitialUser()
await listen<string>(
"scheme-request-received",
async (event: { payload: string }) => {
const deepLink = event.payload
const params = new URLSearchParams(deepLink.split("?")[1])
const accessToken = params.get("access_token")
const refreshToken = params.get("refresh_token")
const token = params.get("token")
if (accessToken && refreshToken) {
await persistenceService.setLocalConfig("access_token", accessToken)
await persistenceService.setLocalConfig("refresh_token", refreshToken)
return
}
if (token) {
await persistenceService.setLocalConfig("verifyToken", token)
await this.signInWithEmailLink("", "")
await setInitialUser()
}
}
)
},
waitProbableLoginToConfirm() {
return new Promise<void>((resolve, reject) => {
if (this.getCurrentUser()) {
resolve()
}
if (!probableUser$.value) reject(new Error("no_probable_user"))
const unwatch = watch(isGettingInitialUser, (val) => {
if (val === true || val === false) {
resolve()
unwatch()
}
})
})
},
async signInWithEmail(email: string) {
await sendMagicLink(email)
},
async verifyEmailAddress() {
return
},
async signInUserWithGoogle() {
await signInUserWithGoogleFB()
},
async signInUserWithGithub() {
await signInUserWithGithubFB()
return undefined
},
async signInUserWithMicrosoft() {
await signInUserWithMicrosoftFB()
},
async signInWithEmailLink(_email: string, url: string) {
chore: resolve lint errors
2025-07-28 18:20:36 +00:00
const deviceIdentifier =
await persistenceService.getLocalConfig("deviceIdentifier")
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
if (!deviceIdentifier) {
throw new Error(
"Device Identifier not found, you can only signin from the browser you generated the magic link"
)
}
const urlObject = new URL(url)
const searchParams = new URLSearchParams(urlObject.search)
const token = searchParams.get("token")
const verifyToken =
token || (await persistenceService.getLocalConfig("verifyToken"))
const { response } = interceptorService.execute({
id: Date.now(),
url: `${import.meta.env.VITE_BACKEND_API_URL}/auth/verify`,
version: "HTTP/1.1",
method: "POST",
fix(web): add explicit headers following prior normalization (#4951) These changes add explicit `Content-Type` headers to direct (via `native` interceptor) authentication requests after changes made in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) that modified how `Content-Type` headers are handled in the `relay` plugin. In [issue #4905](https://github.com/hoppscotch/hoppscotch/issues/4905), that was about Hoppscotch Agent and Native interceptor inconsistently handling `Content-Type` headers. The issue had two main manifestations, duplicate headers - when overriding the `Content-Type` header in the UI or using OAuth2 authentication, the agent would send multiple `Content-Type` headers to the web server. This caused undefined behavior and often 400 errors for backends that don't accept duplicate headers. And inconsistent overrides - even when the content type was explicitly set (for example to `application/json;v=2`), the agent/native would inconsistently apply this override. Server logs revealed that roughly 50% of requests would use the correct override value, while the others would revert to the default `application/json`. The two-part solution implemented first in [PR #4911](https://github.com/hoppscotch/hoppscotch/pull/4911) addressed the duplicate headers issue by implementing header normalization before final relay. This prevented duplicate headers with different casing from being sent and [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931) then resolved the inconsistent override behavior by removing the automatic `Content-Type` header insertion in the `ContentHandler` component. As explained in the PR description, this was a temporary workaround until we implement a HTTP/2-compliant solution with proper normalization. While the fixes in PR #4911 and #4931 correctly resolved the header inconsistency issues for general API requests, they introduced a new problem: **requests that previously relied on the automatic `Content-Type` insertion now have no `Content-Type` header at all**. This mainly affects direct calls around authentication flows in the desktop module, which were using the `content.json()` functionality without explicitly setting `Content-Type` headers, relying on the automatic insertion that has now been removed. These changes add the now-required explicit `Content-Type` headers to three authentication-related API calls in the desktop platform module: - **The initial user details GraphQL query**: ```javascript headers: { Authorization: `Bearer ${accessToken}`, "Content-Type": "application/json", }, ``` - **The magic link email submission endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` - **The token verification endpoint**: ```javascript headers: { "Content-Type": "application/json", }, ``` This will make sure that authentication flows continue to work properly with the native interceptor after the header handling changes. As noted in [PR #4931](https://github.com/hoppscotch/hoppscotch/pull/4931), this is considered a **temporary solution**. The plan is to revisit the content-type handling when we implement a more comprehensive HTTP/2-compliant header normalization system in the kernel layer. While HTTP/1.1 headers are case-insensitive per [RFC 7230](https://tools.ietf.org/html/rfc7230), inconsistent handling across server implementations can treat differently-cased variations as distinct headers. HTTP/2 ([RFC 7540](https://tools.ietf.org/html/rfc7540)) mandates converting all header field names to lowercase, which would prevent these issues altogether. In such cases, relying fully on `MediaType` interface from the kernel will help handling these edge-cases.
2025-04-04 09:15:05 +00:00
headers: {
"Content-Type": "application/json",
},
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
content: content.json({
token: verifyToken,
deviceIdentifier,
}),
})
const res = await response
if (E.isLeft(res)) throw new Error("Failed to verify email link")
await setAuthCookies(res.right.headers)
await persistenceService.removeLocalConfig("deviceIdentifier")
await persistenceService.removeLocalConfig("verifyToken")
},
// Removed parameter from here because we do not use it
async setEmailAddress() {
return
},
async setDisplayName(name: string) {
if (!name) return E.left("USER_NAME_CANNOT_BE_EMPTY")
if (!currentUser$.value) return E.left("NO_USER_LOGGED_IN")
const res = await updateUserDisplayName(name)
if (E.isRight(res)) {
const user = currentUser$.value
if (user) {
await setUser({
...user,
displayName: res.right.updateDisplayName.displayName ?? null,
})
}
return E.right(undefined)
}
return E.left(res.left)
},
async signOutUser() {
await logout()
probableUser$.next(null)
currentUser$.next(null)
await persistenceService.removeLocalConfig("login_state")
authEvents$.next({
event: "logout",
})
},
fix: handle actions for logged-in users in case of token expiration (#5249) Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Nivedin <53208152+nivedin@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
2025-09-22 13:36:40 +00:00
feat: add auth refresh token flow if token expires (#5490)
2025-10-26 16:54:59 +00:00
async refreshAuthToken() {
const refreshed = await refreshToken()
return refreshed ?? false
},
fix: handle actions for logged-in users in case of token expiration (#5249) Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Nivedin <53208152+nivedin@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
2025-09-22 13:36:40 +00:00
/**
* Verifies if the current user's authentication tokens are valid
* @returns True if tokens are valid, false otherwise
*/
async verifyAuthTokens() {
const BACKEND_API_URL = import.meta.env.VITE_BACKEND_API_URL
const { response } = interceptorService.execute({
id: Date.now(),
url: `${BACKEND_API_URL}/auth/verify-token`,
method: "GET",
version: "HTTP/1.1",
headers: {
"Content-Type": "application/json",
...this.getBackendHeaders(),
},
})
const res = await response
if (E.isLeft(res)) {
return false
}
return res.right.isValid
},
feat: platform independent core and the new desktop app (#4684) * feat(desktop): init * feat(desktop): external app download and setup * feat(desktop): offload app load to plugin system * perf(desktop): add rdbms facade and caching layer * feat: parallelize signing, shared trust, lru cache * feat: webapp encoder + compressor + hasher server * feat(desktop): app autoupdate with hashed loader * feat(kernel): init `hoppscotch-kernel` * feat(kernel): `io` * feat(kernel): `network` * feat(kernel): `network` - native interceptor * feat(kernel): `network` - interceptor - rest * feat(kernel): `network` - interceptor - graphql * feat(kernel): `network` - interceptor - capabilities * feat(kernel): `network` - interceptor - `FormData` * feat(kernel): `network` - interceptor - `oauth2.0` * feat(kernel): `store` * feat(desktop): dragging, traffic light, plugin workspaces * feat(kernel|wip): `store` * feat(kernel): `network` - capabilities - with active * feat(kernel|wip): `network` - interceptor - `proxy` * feat(kernel|wip): `network` - relay ext * feat(kernel): `network` - interceptor - `proxy` * feat(kernel): `network` - interceptor - decoding * feat(kernel): `network` - interceptor - Kernel Err * feat(kernel): `network` - flow transformation * feat(kernel): `network` - request status * fix(desktop): repositioning traffic lights on fullscreen exit * feat(kernel): `network` - interceptor - `agent` * feat(kernel): `store` - track updates * feat(kernel): `network` - interceptor - extension * feat(kernel): `network` - updates as overrides * feat(interceptor): pre-process request encoding * fix(ui): mismatched extension button size/position * feat(kernel): `network` - interceptor - `browser` * feat(native): common certs componsable * fix(kernel): interceptor selection store and json parse * feat(kernel): `network` - consistent multipart encoding * feat(kernel): `network` - interceptor - `OAuth2.0` * feat(kernel): `network` - interceptor - cookie support * feat(agent): registration list, log-sink, relay * feat(kernel): `network` - interceptor subtitles * feat(kernel): `store` - persist network settings * fix(agent): encrypted ser/de certificate requests * feat(kernel): `kernelInterceptor` spotlight service * fix(kernel): gql introspection edge-case schema * ref: conditionals for migrated components * feat(kernel): `localaccess` capability via relay * feat(kernel): `network` - explicit types and lint * feat(kernel): `store` - isolate host and platform * feat(kernel): `store` - persistence service * fix(infra): whitelisted origins, non-std engines * feat(desktop): impl deep-link callbacks * feat(kernel): `auth` * feat(kernel): `io` - event listeners * feat(kernel): platform migration * fix: dep `vue` import on Win 11 Fixes `error TS2305: Module '"vue"' has no exported member 'VueConstructor'.` arising from `splitpane` dependency. * fix(webapp-server): platform independent res paths * feat(desktop): auth and emit via embedded server * feat(platform): host, csp and bundle compatibility - Bundle name format for using as host - Windows UI handler HWND casting and version detection - CSP headers type handling in URI protocol - Protocol whitelist in env config * feat(desktop|wip): login flow with `auth-tokens` feat(desktop|wip): typesafe auth * feat(backend): `auth` token flow, gql/websocket feat(desktop): working auth for gql feat: gql client with refresh token * feat(backend): `auth` token flow, authorization bearer * fix(gen): qualifier clash when invalidating cache * feat(common): coordinated initialization service * fix(desktop): appload persistence in data json * feat(desktop|wip): desktop icons and updater * fix: typos in readme docs * fix: docker ignore copying on windows * fix: update `.lock` file after rebase * fix: `persistenceService` setup in tests * fix: remove old console logs * fix: console error on invalid schema Show console error if default value is used when loading invalid data from local storage * fix(test): `PersistenceService` methods * fix(test): `PersistenceService` rest tab state * fix(test): `PersistenceService` gql tab state * fix(test): `PersistenceService` global env * fix(test): `PersistenceService` mqtt request * fix(test): `PersistenceService` sse request * fix(test): `PersistenceService` socketio request * fix(test): `PersistenceService` websocket request * fix(test): `PersistenceService` secret environment * fix(test): `PersistenceService` selected env * fix(test): `PersistenceService` collections * fix(test): `PersistenceService` environments * fix(test): `PersistenceService` history * fix(test): `PersistenceService` settings * fix(test): `PersistenceService` migrations * fix(test): `InspectionService` request inspector * feat(desktop): button to clear bundle/key cache This is useful when there are partial updates to the web app or bundle gen server which haven't been correctly propagated when the app bundle was downloaded. If the user were to change the self host instance without updating the desktop app; which is possible albeit rarely under very certain circumstances, desktop app will refuse to load the bundle, this is because the desktop app cannot differentiate between partial updates vs incorrect bundle being hosted since both will fail verification. The button lets the user decide what should be the appropriate action, clear the bundle and trust the hosted app or make sure the app is built and hosted correctly. * fix(desktop): enforce one version per instance This was part of a leftover scaffolding from development. * fix(desktop): bundle url not stored after download * fix(desktop): stalling progress on updates * fix(backend): helper to parse cookie into kv-pairs * feat(desktop): launch session on working endpoints * fix(common): preserve `auth` structure and default * fix: loading native networking with kernel mode * fix: fallback for unhandled response error * fix: `urlencoded` content request processing * feat: `interceptor` - error mapping for `browser` * fix: backwards compatibility for `digest` auth * fix: platform check for `initializationService` * fix: `interceptor` - analytics `strategy` resolution * fix: `interceptor` - check for `cookies` component * fix: enable digest auth support for `native` * test: `interceptor` - kernel interceptor * fix(relay): `grantType` casing for OAuth2.0 * test(wip): kernel transformers * fix(relay): auth headers discarding others * fix(desktop): http version deserialization * fix(common): `grantType` extractor, auth processor * fix: `PersistenceService` - parsing edge cases * fix(infra): post rebase fixup * fix(web): component structure and lint * fix(desktop): cohesive splash opener, scroll url section * fix: explicit auto auth and docs on url auth * fix(relay): special chars failing proxy auth * fix: finer cert control setting option * fix: post-rebase fixup * feat(appload): ability to vendor pre-built bytes * fix: avoid copying over `target` dir in containers * fix: auth key missing in capability set * fix(desktop): relax `refresh_token` requirement This is to support Firebase token * fix(desktop): normalization for Windows WebView * feat(desktop): instance switcher and vendored app * fix(desktop): merge artifacts and conflicts * feat(desktop): instance switcher improvements * fix: derive instance name from normalized name * fix: pkg links, lints and UI edge cases * feat(desktop): restore window state after relaunch * fix(desktop): distinguish header for cloud/default * fix: instance switcher in web mode * fix: close dropdown on new instance modal * fix: whitelist vendored app origin * feat(desktop): platform parity - `collections` * fix: history entries population desync * fix(desktop): check for history storage status * fix(desktop): safe parse `globalEnv` * feat(desktop): platform parity - `environment` * fix: use settings store for proxy url * fix: lint, unused imports * fix: proxy input enabled for other interceptors * feat: reverse proxy for desktop app server * fix: duplicate entries after connecting to sh * fix: specify instance org qualified * fix: remove debugging logs * feat(desktop): enable `devtools` in release builds * fix(desktop): prepend protocol validation edgecase * feat(desktop): clear cache on removing instance * fix: better response toast message * fix: avoid reverse proxy for webapp server * fix(desktop): ignore subpath in instance name * feat: switcher ui/ux improvements * feat: more switcher ui/ux improvements * feat(server): specify bundle version at build time * fix(desktop): missing migration as rebase artifact * fix: minor switcher ui/ux improvement * fix: rebase artifacts * fix: consolidated toast on success * fix: missing i18n strings * fix(desktop): handle drag and drop fe side * feat: confirmation modal on instance removal * chore: minor UI update * chore: minor UI changes * fix: gql connection partial refactor * fix: resolve merge artifacts * chore: prod lint * feat(desktop): better desktop app update ux * fix: broken gql connection.ts --------- Co-authored-by: nivedin <nivedinp@gmail.com> Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
2025-02-27 18:31:25 +00:00
}
Copy permalink