Skip to content

Commit

Permalink
chore: openapi: remove https restriction
Browse files Browse the repository at this point in the history
Signed-off-by: Grant Linville <[email protected]>
  • Loading branch information
g-linville committed Dec 4, 2024
1 parent c39a069 commit 198c2d0
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 31 deletions.
6 changes: 0 additions & 6 deletions docs/docs/03-tools/03-openapi.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,6 @@ Will be resolved as `https://api.example.com/v1`.

## Authentication

:::warning
All authentication options will be completely ignored if the server uses HTTP and not HTTPS, unless the request is for `localhost` or 127.0.0.1.
This is to protect users from accidentally sending credentials in plain text.
HTTP is only OK, if it's on localhost/127.0.0.1.
:::

### 1. Security Schemes

GPTScript will read the defined [security schemes](https://swagger.io/docs/specification/authentication/) in the OpenAPI definition. The currently supported types are `apiKey` and `http`.
Expand Down
20 changes: 9 additions & 11 deletions pkg/engine/openapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -197,19 +197,17 @@ func (e *Engine) runOpenAPI(tool types.Tool, input string) (*Return, error) {
return nil, fmt.Errorf("failed to create request: %w", err)
}

// Check for authentication (only if using HTTPS or localhost)
if u.Scheme == "https" || u.Hostname() == "localhost" || u.Hostname() == "127.0.0.1" {
if len(instructions.SecurityInfos) > 0 {
if err := openapi.HandleAuths(req, envMap, instructions.SecurityInfos); err != nil {
return nil, fmt.Errorf("error setting up authentication: %w", err)
}
// Check for authentication
if len(instructions.SecurityInfos) > 0 {
if err := openapi.HandleAuths(req, envMap, instructions.SecurityInfos); err != nil {
return nil, fmt.Errorf("error setting up authentication: %w", err)
}
}

// If there is a bearer token set for the whole server, and no Authorization header has been defined, use it.
if token, ok := envMap["GPTSCRIPT_"+env.ToEnvLike(u.Hostname())+"_BEARER_TOKEN"]; ok {
if req.Header.Get("Authorization") == "" {
req.Header.Set("Authorization", "Bearer "+token)
}
// If there is a bearer token set for the whole server, and no Authorization header has been defined, use it.
if token, ok := envMap["GPTSCRIPT_"+env.ToEnvLike(u.Hostname())+"_BEARER_TOKEN"]; ok {
if req.Header.Get("Authorization") == "" {
req.Header.Set("Authorization", "Bearer "+token)
}
}

Expand Down
23 changes: 9 additions & 14 deletions pkg/openapi/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
"mime/multipart"
"net/http"
"net/url"
"os"
"strings"

"github.com/getkin/kin-openapi/openapi3"
Expand Down Expand Up @@ -69,22 +68,18 @@ func Run(operationID, defaultHost, args string, t *openapi3.T, envs []string) (s
return "", false, fmt.Errorf("failed to create request: %w", err)
}

// Check for authentication (only if using HTTPS or localhost)
if u.Scheme == "https" || u.Hostname() == "localhost" || u.Hostname() == "127.0.0.1" {
if len(opInfo.SecurityInfos) > 0 {
if err := HandleAuths(req, envMap, opInfo.SecurityInfos); err != nil {
return "", false, fmt.Errorf("error setting up authentication: %w", err)
}
// Check for authentication
if len(opInfo.SecurityInfos) > 0 {
if err := HandleAuths(req, envMap, opInfo.SecurityInfos); err != nil {
return "", false, fmt.Errorf("error setting up authentication: %w", err)
}
}

// If there is a bearer token set for the whole server, and no Authorization header has been defined, use it.
if token, ok := envMap["GPTSCRIPT_"+env.ToEnvLike(u.Hostname())+"_BEARER_TOKEN"]; ok {
if req.Header.Get("Authorization") == "" {
req.Header.Set("Authorization", "Bearer "+token)
}
// If there is a bearer token set for the whole server, and no Authorization header has been defined, use it.
if token, ok := envMap["GPTSCRIPT_"+env.ToEnvLike(u.Hostname())+"_BEARER_TOKEN"]; ok {
if req.Header.Get("Authorization") == "" {
req.Header.Set("Authorization", "Bearer "+token)
}
} else {
fmt.Fprintf(os.Stderr, "no auth")
}

// Handle query parameters
Expand Down

0 comments on commit 198c2d0

Please sign in to comment.