thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions
6128 commits 1 branch 0 tags 94 MiB
Commit graph

34 commits

Author SHA1 Message Date
James George
3073d156b4 chore(agent): bump version to v0.1.17 2026-04-28 18:18:29 +05:30
Shreyas
84f774265b
fix: remediate quinn-proto vulnerability across native packages (#6174) 
Co-authored-by: orbisai0security <242526317+orbisai0security@users.noreply.github.com>
 2026-04-22 23:55:27 +05:30
Shreyas
f62405088d
chore(agent): bump agent and dependency chain (#5607) 
This updates Hoppscotch Agent dependencies to align with
 `v2025.11.0` security patch and other dependency chain.
 2025-11-24 19:59:57 +05:30
Shreyas
95a8be6f94
chore(agent): bump version to v0.1.15 (#5531) 
Regenerated lock file due to conflicting dependencies.
 2025-10-30 11:42:09 +05:30
Shreyas
ecf7d2507a
feat(relay): control redirect follow (#5508) 
Add per-domain toggle to disable automatic HTTP redirect following in
 the Native and Agent interceptors. When disabled, requests return the
 redirect response (status code, headers, body) without following the
 Location header.

 Previously HTTP redirects were always followed (on browser, can't do
 much about that, see
 https://fetch.spec.whatwg.org/#atomic-http-redirect-handling) without
 option to inspect the redirect response itself. This prevented
 developers from accessing redirect metadata needed when testing OAuth
 flows (PKCE where intermediate responses contain authorization tokens),
 authentication endpoints that return codes in Location headers with 302
 status, and debugging API redirect chains. But on the desktop app,
 redirects were just never followed, creating the opposite effect.

 The browser's fetch API applies atomic HTTP redirect handling per spec,
 making it impossible to intercept redirects and inspect their responses.
 The Native and Agent interceptors use curl and native HTTP clients
 respectively, both supporting redirect control, making this feature
 viable for these specific interceptors. (Proxyscotch tbd).
 2025-10-27 17:41:58 +05:30
Shreyas
9cb98f619d
chore(agent): bump version to 0.1.14 (#5405) 
Bump agent to version `v0.1.14` with `relay` dependency changes as per
 #5394, and direct dependency change according to #5402.
 2025-09-26 14:20:48 +05:30
Shreyas
6beca5c787
fix(native): bump tauri-plugin-shell to v2.2.1 (#5402) 
Updates `tauri-plugin-shell` from vulnerable version to `v2.2.1` to
 address `CVE-2025-31477` in `open` around scope validation.

 Affects both `hoppscotch-agent` and `hoppscotch-desktop`.

 Closes FE-1022
 2025-09-24 21:48:06 +05:30
Shreyas
3be91a4a51
fix(relay): multiple Set-Cookie headers in resp (#5394) 
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-09-23 17:14:29 +05:30
Shreyas
f234e66078
feat(desktop): portable phase-2 app loader infra (#5341) 
This implements backend path management, backup system, cross-platform utilities, and refactors the `appload` plugin arch to support portable mode deployment.

The changes are mainly establishing foundational infra maintaining current frontend behavior until phase-3+ integration.
 2025-08-26 20:48:31 +05:30
Shreyas
1cc20a4841
chore(agent): bump version to 0.1.12 (#5318) 
Updates agent to version `0.1.12` with relay dependency that includes
expanded MIME type support for file uploads.

Follows #5306
 2025-08-08 14:37:17 +05:30
Shreyas
137e95e873
fix(relay): expand MIME type support (#5306) 
This fixes file uploads incorrectly showing MIME type as "Other" instead
 of their actual content types by expanding the `MediaType` enum relay
 to include common audio, video, and image formats.

 Basically `MediaType` enum is used for both `ContentType` which would
 map to `ContentType` from `hoppscotch-data` (e.g. `multipart/form-data`)
 but also to `FormValue` in `interop`
 ```rust
 pub enum FormValue {
     ...
     File {
         filename: String,
         content_type: MediaType,
         data: Bytes,
     },
 }
 ```
 although the later should be much more pervasive.

 This is a follow up on #5244

 Closes FE-887
 Closes #3810
 Closes #5223
 Closes #5233

 The issue occurred because the `relay`'s `MediaType` couldn't deserialize
 beyond the basic types (text, JSON, XML, etc.), lacked support for
 other media file types. The TypeScript layer correctly detected MIME
 types (e.g., "audio/x-m4a"), but the deserialization process fell back
 to `MediaType::Other`. Main reason for servers performing strict MIME
 validation to reject uploads.
 2025-08-08 13:51:46 +05:30
Shreyas
9eeac1ac70
chore(agent): version bump (#5150) 2025-06-13 15:18:43 +05:30
Shreyas
9ef2c461ba
feat(agent): file-based logs with rotation (#5147) 2025-06-13 13:48:33 +05:30
Shreyas
8c6ec87f90
fix(relay): better matching for content-type detection (#5025) 2025-04-29 13:10:08 +05:30
jamesgeorge007
9a5b5323ab chore: bump version to 2025.3.1 2025-04-09 19:47:01 +05:30
Shreyas
9cc8b68077
fix(kernel): deterministic form data processing (#4945) 2025-04-08 14:50:04 +05:30
jamesgeorge007
3c535b2ad4 chore: bump version to 2025.3.0 2025-03-27 13:15:30 +05:30
Shreyas
72ff950d91
fix(relay): avoid override with header passthrough (#4931) 
The current implementation causes duplicate `Content-Type` headers when users
override headers in the UI or use OAuth2 authentication with the agent.
Web servers receive multiple `Content-Type` headers which causes
undefined behavior and 400 errors for backends that don't accept duplicate headers.

This also fixes inconsistent behavior when overriding the `Content-Type` header
with custom values (e.g., `application/json;v=2`).

While HTTP/1.1 headers are case-insensitive per RFC 7230, inconsistent handling
across server implementations can treat differently-cased variations (e.g.,
"Content-Type" vs "content-type") as distinct headers. HTTP/2 (RFC 7540) mandates
converting all header field names to lowercase, which would prevent this issue.

This patch removes the automatic content-type header insertion, allowing user-defined
headers to take precedence without duplication. The is a temporary
workaround until we implement a HTTP/2-compliant solution with proper normalization.

This was implemented initially to support moving lower level handling
towards the kernel, although since the larger refactor has been slightly
deferred in favor of stability, this change is suitable for current
state.

This will be revisited when we implement HTTP/2 compliant header handling in the
kernel layer as part of our upcoming kernel efforts.

Use the following request to test this out on Desktop app and Agent and
override `Content-Type` header to `application/json;=v2`:

```
curl --request POST \
  --url 'https://echo.qubit.codes/?qp=1' \
  --header 'Content-Type: application/json;v=2' \
  --data '{ "test-key": "test-value" }'
```
 2025-03-25 16:34:27 +05:30
Shreyas
18c233b9f9
fix(common): normalize headers before final relay (#4911) 2025-03-19 15:47:41 +05:30
jamesgeorge007
8c67c832d2 chore: bump version to 2025.2.3 2025-03-19 14:41:08 +05:30
Shreyas
60cc41f745
fix(desktop): preserve formdata ordering (#4892) 2025-03-19 14:04:13 +05:30
jamesgeorge007
6bd2574cba chore: bump agent version to 0.1.6 2025-03-12 14:08:06 +05:30
Shreyas
dd3bf52711
feat(kernel): isolate type ser/de to platform (#4860) 2025-03-10 22:45:51 +05:30
Shreyas
81f2dce531
fix(agent): version bumps (#4849) 2025-03-06 18:16:09 +05:30
Shreyas
42f90d3f05
fix: enable aws auth passthrough (#4825) 2025-03-05 18:31:59 +05:30
Shreyas
8be8178b05
fix: support for apikey auth for native interceptors (#4821) 2025-03-05 14:15:37 +05:30
Shreyas
a6147f4ce4
feat: platform independent core and the new desktop app (#4684) 
* feat(desktop): init

* feat(desktop): external app download and setup

* feat(desktop): offload app load to plugin system

* perf(desktop): add rdbms facade and caching layer

* feat: parallelize signing, shared trust, lru cache

* feat: webapp encoder + compressor + hasher server

* feat(desktop): app autoupdate with hashed loader

* feat(kernel): init `hoppscotch-kernel`

* feat(kernel): `io`

* feat(kernel): `network`

* feat(kernel): `network` - native interceptor

* feat(kernel): `network` - interceptor - rest

* feat(kernel): `network` - interceptor - graphql

* feat(kernel): `network` - interceptor - capabilities

* feat(kernel): `network` - interceptor - `FormData`

* feat(kernel): `network` - interceptor - `oauth2.0`

* feat(kernel): `store`

* feat(desktop): dragging, traffic light, plugin workspaces

* feat(kernel|wip): `store`

* feat(kernel): `network` - capabilities - with active

* feat(kernel|wip): `network` - interceptor - `proxy`

* feat(kernel|wip): `network` - relay ext

* feat(kernel): `network` - interceptor - `proxy`

* feat(kernel): `network` - interceptor - decoding

* feat(kernel): `network` - interceptor - Kernel Err

* feat(kernel): `network` - flow transformation

* feat(kernel): `network` - request status

* fix(desktop): repositioning traffic lights on fullscreen exit

* feat(kernel): `network` - interceptor - `agent`

* feat(kernel): `store` - track updates

* feat(kernel): `network` - interceptor - extension

* feat(kernel): `network` - updates as overrides

* feat(interceptor): pre-process request encoding

* fix(ui): mismatched extension button size/position

* feat(kernel): `network` - interceptor - `browser`

* feat(native): common certs componsable

* fix(kernel): interceptor selection store and json parse

* feat(kernel): `network` - consistent multipart encoding

* feat(kernel): `network` - interceptor - `OAuth2.0`

* feat(kernel): `network` - interceptor - cookie support

* feat(agent): registration list, log-sink, relay

* feat(kernel): `network` - interceptor subtitles

* feat(kernel): `store` - persist network settings

* fix(agent): encrypted ser/de certificate requests

* feat(kernel): `kernelInterceptor` spotlight service

* fix(kernel): gql introspection edge-case schema

* ref: conditionals for migrated components

* feat(kernel): `localaccess` capability via relay

* feat(kernel): `network` - explicit types and lint

* feat(kernel): `store` - isolate host and platform

* feat(kernel): `store` - persistence service

* fix(infra): whitelisted origins, non-std engines

* feat(desktop): impl deep-link callbacks

* feat(kernel): `auth`

* feat(kernel): `io` - event listeners

* feat(kernel): platform migration

* fix: dep `vue` import on Win 11

Fixes `error TS2305: Module '"vue"' has no exported member
'VueConstructor'.` arising from `splitpane` dependency.

* fix(webapp-server): platform independent res paths

* feat(desktop): auth and emit via embedded server

* feat(platform): host, csp and bundle compatibility

- Bundle name format for using as host
- Windows UI handler HWND casting and version detection
- CSP headers type handling in URI protocol
- Protocol whitelist in env config

* feat(desktop|wip): login flow with `auth-tokens`

feat(desktop|wip): typesafe auth

* feat(backend): `auth` token flow, gql/websocket

feat(desktop): working auth for gql

feat: gql client with refresh token

* feat(backend): `auth` token flow, authorization bearer

* fix(gen): qualifier clash when invalidating cache

* feat(common): coordinated initialization service

* fix(desktop): appload persistence in data json

* feat(desktop|wip): desktop icons and updater

* fix: typos in readme docs

* fix: docker ignore copying on windows

* fix: update `.lock` file after rebase

* fix: `persistenceService` setup in tests

* fix: remove old console logs

* fix: console error on invalid schema

Show console error if default value is used when loading invalid data from
local storage

* fix(test): `PersistenceService` methods

* fix(test): `PersistenceService` rest tab state

* fix(test): `PersistenceService` gql tab state

* fix(test): `PersistenceService` global env

* fix(test): `PersistenceService` mqtt request

* fix(test): `PersistenceService` sse request

* fix(test): `PersistenceService` socketio request

* fix(test): `PersistenceService` websocket request

* fix(test): `PersistenceService` secret environment

* fix(test): `PersistenceService` selected env

* fix(test): `PersistenceService` collections

* fix(test): `PersistenceService` environments

* fix(test): `PersistenceService` history

* fix(test): `PersistenceService` settings

* fix(test): `PersistenceService` migrations

* fix(test): `InspectionService` request inspector

* feat(desktop): button to clear bundle/key cache

This is useful when there are partial updates to the web app or bundle gen server
which haven't been correctly propagated when the app bundle was downloaded.

If the user were to change the self host instance without updating the
desktop app; which is possible albeit rarely under very certain circumstances,
desktop app will refuse to load the bundle, this is because the desktop app
cannot differentiate between partial updates vs incorrect bundle being hosted
since both will fail verification.

The button lets the user decide what should be the appropriate action,
clear the bundle and trust the hosted app
or make sure the app is built and hosted correctly.

* fix(desktop): enforce one version per instance

This was part of a leftover scaffolding from development.

* fix(desktop): bundle url not stored after download

* fix(desktop): stalling progress on updates

* fix(backend): helper to parse cookie into kv-pairs

* feat(desktop): launch session on working endpoints

* fix(common): preserve `auth` structure and default

* fix: loading native networking with kernel mode

* fix: fallback for unhandled response error

* fix: `urlencoded` content request processing

* feat: `interceptor` - error mapping for `browser`

* fix: backwards compatibility for `digest` auth

* fix: platform check for `initializationService`

* fix: `interceptor` - analytics `strategy` resolution

* fix: `interceptor` - check for `cookies` component

* fix: enable digest auth support for `native`

* test: `interceptor` - kernel interceptor

* fix(relay): `grantType` casing for OAuth2.0

* test(wip): kernel transformers

* fix(relay): auth headers discarding others

* fix(desktop): http version deserialization

* fix(common): `grantType` extractor, auth processor

* fix: `PersistenceService` - parsing edge cases

* fix(infra): post rebase fixup

* fix(web): component structure and lint

* fix(desktop): cohesive splash opener, scroll url section

* fix: explicit auto auth and docs on url auth

* fix(relay): special chars failing proxy auth

* fix: finer cert control setting option

* fix: post-rebase fixup

* feat(appload): ability to vendor pre-built bytes

* fix: avoid copying over `target` dir in containers

* fix: auth key missing in capability set

* fix(desktop): relax `refresh_token` requirement

This is to support Firebase token

* fix(desktop): normalization for Windows WebView

* feat(desktop): instance switcher and vendored app

* fix(desktop): merge artifacts and conflicts

* feat(desktop): instance switcher improvements

* fix: derive instance name from normalized name

* fix: pkg links, lints and UI edge cases

* feat(desktop): restore window state after relaunch

* fix(desktop): distinguish header for cloud/default

* fix: instance switcher in web mode

* fix: close dropdown on new instance modal

* fix: whitelist vendored app origin

* feat(desktop): platform parity - `collections`

* fix: history entries population desync

* fix(desktop): check for history storage status

* fix(desktop): safe parse `globalEnv`

* feat(desktop): platform parity - `environment`

* fix: use settings store for proxy url

* fix: lint, unused imports

* fix: proxy input enabled for other interceptors

* feat: reverse proxy for desktop app server

* fix: duplicate entries after connecting to sh

* fix: specify instance org qualified

* fix: remove debugging logs

* feat(desktop): enable `devtools` in release builds

* fix(desktop): prepend protocol validation edgecase

* feat(desktop): clear cache on removing instance

* fix: better response toast message

* fix: avoid reverse proxy for webapp server

* fix(desktop): ignore subpath in instance name

* feat: switcher ui/ux improvements

* feat: more switcher ui/ux improvements

* feat(server): specify bundle version at build time

* fix(desktop): missing migration as rebase artifact

* fix: minor switcher ui/ux improvement

* fix: rebase artifacts

* fix: consolidated toast on success

* fix: missing i18n strings

* fix(desktop): handle drag and drop fe side

* feat: confirmation modal on instance removal

* chore: minor UI update

* chore: minor UI changes

* fix: gql connection partial refactor

* fix: resolve merge artifacts

* chore: prod lint

* feat(desktop): better desktop app update ux

* fix: broken gql connection.ts

---------

Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
 2025-02-28 00:01:25 +05:30
Shreyas
ecf5d9f6d2
fix(agent): propagate default values to persistent store (#4511) 2024-11-06 15:00:52 +05:30
Shreyas
8643819926
chore(agent): bump version to 0.1.2 (#4497) 
Co-authored-by: Andrew Bastin <andrewbastin.k@gmail.com>
 2024-10-30 21:11:32 +05:30
Shreyas
bd7bd97809
feat: portable version of hoppscotch-agent (#4468) 2024-10-24 15:46:20 +05:30
Shreyas
f52219bb95
feat: openssl based hoppscotch-relay for request forwarding (#4442) 2024-10-24 14:20:51 +05:30
Shreyas
aef11e329f
chore(agent): major version dependency bump (#4446) 2024-10-23 21:22:19 +05:30
Andrew Bastin
fdb250a608 chore: bump agent version to 0.1.1 2024-10-04 13:00:32 +05:30
Andrew Bastin
f75900ed30
feat: hoppscotch agent and agent interceptor (#4396) 
Co-authored-by: CuriousCorrelation <CuriousCorrelation@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2024-10-03 20:26:30 +05:30