Merge branch 'dev' into fix-oauth-provider-attributes-mapping

Author: aq-ikhwa-tech

.DS_Store

@@ -9,3 +9,4 @@ client/node_modules/
 client/packages/lowcoder-plugin-demo/.yarn/install-state.gz
 client/packages/lowcoder-plugin-demo/yarn.lock
 client/packages/lowcoder-plugin-demo/.yarn/cache/@types-node-npm-16.18.68-56f72825c0-094ae9ed80.zip
+.DS_Store

.gitignore

@@ -102,6 +102,7 @@ export interface HttpConfig {
 
   authConfig: {
     type: AuthType;
+    authId?: string;
   } & (
     | {
         username: string; // basic auth

client/packages/lowcoder/src/api/datasourceApi.ts

@@ -11,6 +11,7 @@ export const UserConnectionSource = {
 };
 
 export type UserConnection = {
+  authId: any;
   source: string;
   name: string;
   rawUserInfo?: JSONObject;

client/packages/lowcoder/src/constants/userConstants.ts

@@ -1,5 +1,5 @@
 import { Rule } from "antd/lib/form";
-import { HttpConfig } from "api/datasourceApi";
+import { HttpConfig, OAuthConfig } from "api/datasourceApi";
 import {
   DatasourceForm,
   FormInputItem,
@@ -21,12 +21,14 @@ import {
 } from "../form";
 import { DatasourceFormProps } from "./datasourceFormRegistry";
 import { useHostCheck } from "./useHostCheck";
+import { useSelector } from "react-redux";
+import { getUser } from "redux/selectors/usersSelectors";
 
 const AuthTypeOptions = [
   { label: "None", value: "NO_AUTH" },
   { label: "Basic", value: "BASIC_AUTH" },
   { label: "Digest", value: "DIGEST_AUTH" },
-  { label: "OAuth 2.0(Inherit from login)", value: "OAUTH2_INHERIT_FROM_LOGIN" },
+  { label: "OAuth 2.0 (Inherit from login)", value: "OAUTH2_INHERIT_FROM_LOGIN" },
   // { label: "OAuth 2.0", value: "oAuth2" },
 ] as const;
 
@@ -50,7 +52,16 @@ export const HttpDatasourceForm = (props: DatasourceFormProps) => {
   const datasourceConfig = datasource?.datasourceConfig as HttpConfig;
   // const oauthConfig = datasourceConfig?.authConfig as OAuthConfig;
 
+  // here we get the Auth Sources from a user to enable user impersonation
+  const userAuthSources = useSelector(getUser).connections?.filter(authSource => authSource.source !== "EMAIL");;
+  const userAuthSourcesOptions = userAuthSources?.map(item => ({
+    label: item.source,
+    value: item.authId
+  })) || [];
+
   const [authType, setAuthType] = useState(datasourceConfig?.authConfig?.type);
+  const [authId, setAuthId] = useState(datasourceConfig?.authConfig?.authId);
+  
   // const [grantType, setGrantType] = useState(oauthConfig?.grantType ?? "authorization_code");
 
   const hostRule = useHostCheck();
@@ -98,6 +109,22 @@ export const HttpDatasourceForm = (props: DatasourceFormProps) => {
     }
   };
 
+  const showUserAuthSourceSelector = () => {
+    if (authType === "OAUTH2_INHERIT_FROM_LOGIN") {
+      return (
+        <FormSelectItem
+          name={"authId"}
+          label="User Authentication Source"
+          options={userAuthSourcesOptions}
+          initialValue={datasourceConfig?.authConfig?authId : null}
+          afterChange={(value) => setAuthId(value) }
+          labelWidth={142}
+        />
+      );
+    }
+    return null;
+  };
+
   return (
     <DatasourceForm form={form} preserve={false}>
       <FormSection size={props.size}>
@@ -149,6 +176,7 @@ export const HttpDatasourceForm = (props: DatasourceFormProps) => {
           afterChange={(value) => setAuthType(value)}
           labelWidth={142}
         />
+        {showUserAuthSourceSelector()}
         {showAuthItem(authType)}
       </FormSection>
 

client/packages/lowcoder/src/pages/datasource/form/httpDatasourceForm.tsx

@@ -50,6 +50,7 @@ export function useDatasourceForm() {
             ...config,
             authConfig: {
               type: form.getFieldsValue()["authConfigType"],
+              authId: form.getFieldsValue()["authId"],
               username: form.getFieldsValue()["username"],
               password: form.getFieldsValue()["password"],
             },

client/packages/lowcoder/src/pages/datasource/form/useDatasourceForm.ts

@@ -1,6 +1,7 @@
 package org.lowcoder.plugin.graphql;
 
 import static com.google.common.base.MoreObjects.firstNonNull;
+import static org.apache.commons.collections4.MapUtils.emptyIfNull;
 import static org.apache.commons.lang3.StringUtils.firstNonBlank;
 import static org.apache.commons.lang3.StringUtils.trimToEmpty;
 import static org.lowcoder.plugin.graphql.GraphQLError.GRAPHQL_EXECUTION_ERROR;
@@ -10,6 +11,8 @@
 import static org.lowcoder.sdk.exception.PluginCommonError.QUERY_EXECUTION_ERROR;
 import static org.lowcoder.sdk.exception.PluginCommonError.QUERY_EXECUTION_TIMEOUT;
 import static org.lowcoder.sdk.plugin.restapi.auth.RestApiAuthType.DIGEST_AUTH;
+import static org.lowcoder.sdk.plugin.restapi.auth.RestApiAuthType.OAUTH2_INHERIT_FROM_LOGIN;
+import static org.lowcoder.sdk.util.ExceptionUtils.propagateError;
 import static org.lowcoder.sdk.util.JsonUtils.readTree;
 import static org.lowcoder.sdk.util.JsonUtils.toJsonThrows;
 import static org.lowcoder.sdk.util.MustacheHelper.renderMustacheString;
@@ -30,6 +33,8 @@
 
 import javax.annotation.Nullable;
 
+import com.google.common.collect.ImmutableMap;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.lowcoder.plugin.graphql.constants.ResponseDataType;
@@ -83,6 +88,8 @@
 public class GraphQLExecutor implements QueryExecutor<GraphQLDatasourceConfig, Object, GraphQLQueryExecutionContext> {
     private static final String RESPONSE_DATA_TYPE = "X-LOWCODER-RESPONSE-DATA-TYPE";
     private static final String GRAPHQL_TYPE = "application/graphql";
+
+    private static final String DEFAULT_GRAPHQL_ERROR_CODE = "GRAPHQL_EXECUTION_ERROR";
     private static final int MAX_REDIRECTS = 5;
     private static final Set<String> BINARY_DATA_TYPES = Set.of("application/zip",
             "application/octet-stream",
@@ -245,53 +252,54 @@ private List<Property> buildBodyParams(List<Property> datasourceBodyFormData, Li
 
     @Override
     public Mono<QueryExecutionResult> executeQuery(Object o, GraphQLQueryExecutionContext context) {
-        return Mono.defer(() -> {
-            URI uri = RestApiUriBuilder.buildUri(context.getUrl(), new HashMap<>(), context.getUrlParams());
-            WebClient.Builder webClientBuilder = WebClientBuildHelper.builder()
-                    .disallowedHosts(commonConfig.getDisallowedHosts())
-                    .toWebClientBuilder();
-
-            Map<String, String> allHeaders = context.getHeaders();
-            String contentType = context.getContentType();
-            allHeaders.forEach(webClientBuilder::defaultHeader);
-
-            //basic auth
-            AuthConfig authConfig = context.getAuthConfig();
-            if (authConfig != null && authConfig.getType() == RestApiAuthType.BASIC_AUTH) {
-                webClientBuilder.defaultHeaders(AuthHelper.basicAuth((BasicAuthConfig) authConfig));
-            }
+        return Mono.defer(() -> authByOauth2InheritFromLogin(context))
+                .then(Mono.defer(() -> {
+                    URI uri = RestApiUriBuilder.buildUri(context.getUrl(), new HashMap<>(), context.getUrlParams());
+                    WebClient.Builder webClientBuilder = WebClientBuildHelper.builder()
+                            .disallowedHosts(commonConfig.getDisallowedHosts())
+                            .toWebClientBuilder();
+
+                    Map<String, String> allHeaders = context.getHeaders();
+                    String contentType = context.getContentType();
+                    allHeaders.forEach(webClientBuilder::defaultHeader);
+
+                    //basic auth
+                    AuthConfig authConfig = context.getAuthConfig();
+                    if (authConfig != null && authConfig.getType() == RestApiAuthType.BASIC_AUTH) {
+                        webClientBuilder.defaultHeaders(AuthHelper.basicAuth((BasicAuthConfig) authConfig));
+                    }
 
-            if (MediaType.MULTIPART_FORM_DATA_VALUE.equals(contentType)) {
-                webClientBuilder.filter(new BufferingFilter());
-            }
+                    if (MediaType.MULTIPART_FORM_DATA_VALUE.equals(contentType)) {
+                        webClientBuilder.filter(new BufferingFilter());
+                    }
 
-            webClientBuilder.defaultCookies(injectCookies(context));
+                    webClientBuilder.defaultCookies(injectCookies(context));
 
-            WebClient client = webClientBuilder
-                    .exchangeStrategies(EXCHANGE_STRATEGIES)
-                    .build();
-            if (!GRAPHQL_TYPE.equalsIgnoreCase(contentType)) {
-                context.setQueryBody(convertToGraphQLBody(context));
-            }
-            BodyInserter<?, ? super ClientHttpRequest> bodyInserter = buildBodyInserter(
-                    context.isEncodeParams(),
-                    contentType,
-                    context.getQueryBody(),
-                    context.getBodyParams());
-            return httpCall(client, context.getHttpMethod(), uri, bodyInserter, 0, authConfig, DEFAULT_HEADERS_CONSUMER)
-                    .flatMap(clientResponse -> clientResponse.toEntity(byte[].class))
-                    .map(this::convertToQueryExecutionResult)
-                    .onErrorResume(error -> {
-                        if (error instanceof TimeoutException) {
-                            return Mono.just(QueryExecutionResult.error(QUERY_EXECUTION_TIMEOUT, "QUERY_TIMEOUT_ERROR", error));
-                        }
-                        if (error instanceof PluginException pluginException) {
-                            throw pluginException;
-                        }
-                        return Mono.just(
-                                QueryExecutionResult.error(GRAPHQL_EXECUTION_ERROR, "GRAPHQL_EXECUTION_ERROR", error));
-                    });
-        });
+                    WebClient client = webClientBuilder
+                            .exchangeStrategies(EXCHANGE_STRATEGIES)
+                            .build();
+                    if (!GRAPHQL_TYPE.equalsIgnoreCase(contentType)) {
+                        context.setQueryBody(convertToGraphQLBody(context));
+                    }
+                    BodyInserter<?, ? super ClientHttpRequest> bodyInserter = buildBodyInserter(
+                            context.isEncodeParams(),
+                            contentType,
+                            context.getQueryBody(),
+                            context.getBodyParams());
+                    return httpCall(client, context.getHttpMethod(), uri, bodyInserter, 0, authConfig, DEFAULT_HEADERS_CONSUMER)
+                            .flatMap(clientResponse -> clientResponse.toEntity(byte[].class))
+                            .map(this::convertToQueryExecutionResult)
+                            .onErrorResume(error -> {
+                                if (error instanceof TimeoutException) {
+                                    return Mono.just(QueryExecutionResult.error(QUERY_EXECUTION_TIMEOUT, "QUERY_TIMEOUT_ERROR", error));
+                                }
+                                if (error instanceof PluginException pluginException) {
+                                    throw pluginException;
+                                }
+                                return Mono.just(
+                                        QueryExecutionResult.error(GRAPHQL_EXECUTION_ERROR, "GRAPHQL_EXECUTION_ERROR", error));
+                            });
+                }));
     }
 
     private Consumer<MultiValueMap<String, String>> injectCookies(GraphQLQueryExecutionContext request) {
@@ -458,6 +466,39 @@ private ResponseBodyData parseResponseDataInfo(byte[] body, MediaType contentTyp
         }
     }
 
+    private Mono<Void> authByOauth2InheritFromLogin(GraphQLQueryExecutionContext context) {
+        if (context.getAuthConfig() == null || context.getAuthConfig().getType() != OAUTH2_INHERIT_FROM_LOGIN) {
+            return Mono.empty();
+        }
+        return context.getAuthTokenMono()
+                .doOnNext(properties -> {
+                    Map<String, List<Property>> propertyMap = properties.stream()
+                            .collect(Collectors.groupingBy(Property::getType));
+
+                    List<Property> params = propertyMap.get("param");
+                    if (CollectionUtils.isNotEmpty(params)) {
+                        Map<String, String> paramMap = new HashMap<>(emptyIfNull(context.getUrlParams()));
+                        for (Property param : params) {
+                            paramMap.put(param.getKey(), param.getValue());
+                        }
+                        context.setUrlParams(ImmutableMap.copyOf(paramMap));
+                    }
+
+                    List<Property> headers = propertyMap.get("header");
+                    if (CollectionUtils.isNotEmpty(headers)) {
+                        Map<String, String> headerMap = new HashMap<>(emptyIfNull(context.getHeaders()));
+                        for (Property header : headers) {
+                            headerMap.put(header.getKey(), header.getValue());
+                        }
+                        context.setHeaders(ImmutableMap.copyOf(headerMap));
+                    }
+                })
+                .switchIfEmpty(Mono.error(new PluginException(GRAPHQL_EXECUTION_ERROR, DEFAULT_GRAPHQL_ERROR_CODE,
+                        "$ACCESS_TOKEN parameter missing.")))
+                .onErrorResume(throwable -> propagateError(GRAPHQL_EXECUTION_ERROR, DEFAULT_GRAPHQL_ERROR_CODE, throwable))
+                .then();
+    }
+
     @Getter
     @Builder
     private static class ResponseBodyData {

server/api-service/lowcoder-plugins/graphqlPlugin/src/main/java/org/lowcoder/plugin/graphql/GraphQLExecutor.java

@@ -110,6 +110,13 @@ public boolean isForwardAllCookies() {
         return forwardAllCookies;
     }
 
+    public boolean isOauth2InheritFromLogin() {
+        if (this.authConfig != null) {
+            return this.authConfig.getType().name().equals(RestApiAuthType.OAUTH2_INHERIT_FROM_LOGIN.name());
+        }
+        return false;
+    }
+
     @Override
     public DatasourceConnectionConfig mergeWithUpdatedConfig(DatasourceConnectionConfig updatedConfig) {
         if (!(updatedConfig instanceof GraphQLDatasourceConfig updatedApiConfig)) {

server/api-service/lowcoder-sdk/src/main/java/org/lowcoder/sdk/plugin/graphql/GraphQLDatasourceConfig.java

@@ -23,6 +23,7 @@
 import org.lowcoder.sdk.exception.BizError;
 import org.lowcoder.sdk.models.Property;
 import org.lowcoder.sdk.models.QueryExecutionResult;
+import org.lowcoder.sdk.plugin.graphql.GraphQLDatasourceConfig;
 import org.lowcoder.sdk.plugin.restapi.RestApiDatasourceConfig;
 import org.lowcoder.sdk.plugin.restapi.auth.OAuthInheritAuthConfig;
 import org.lowcoder.sdk.query.QueryVisitorContext;
@@ -122,7 +123,11 @@ public Mono<QueryExecutionResult> executeApplicationQuery(ServerWebExchange exch
                     if(datasource.getDetailConfig() instanceof RestApiDatasourceConfig restApiDatasourceConfig
                             && restApiDatasourceConfig.isOauth2InheritFromLogin()) {
                         paramsAndHeadersInheritFromLogin = getAuthParamsAndHeadersInheritFromLogin(tuple.getT1(), ((OAuthInheritAuthConfig)restApiDatasourceConfig.getAuthConfig()).getAuthId());
+                    }
 
+                    if(datasource.getDetailConfig() instanceof GraphQLDatasourceConfig graphQLDatasourceConfig
+                            && graphQLDatasourceConfig.isOauth2InheritFromLogin()) {
+                        paramsAndHeadersInheritFromLogin = getAuthParamsAndHeadersInheritFromLogin(tuple.getT1(), ((OAuthInheritAuthConfig)graphQLDatasourceConfig.getAuthConfig()).getAuthId());
                     }
 
                     QueryVisitorContext queryVisitorContext = new QueryVisitorContext(userId, app.getOrganizationId(), port, cookies, paramsAndHeadersInheritFromLogin, commonConfig.getDisallowedHosts());

server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/query/ApplicationQueryApiService.java

@@ -42,6 +42,7 @@
 import org.lowcoder.sdk.exception.PluginCommonError;
 import org.lowcoder.sdk.models.Property;
 import org.lowcoder.sdk.models.QueryExecutionResult;
+import org.lowcoder.sdk.plugin.graphql.GraphQLDatasourceConfig;
 import org.lowcoder.sdk.plugin.restapi.RestApiDatasourceConfig;
 import org.lowcoder.sdk.plugin.restapi.auth.OAuthInheritAuthConfig;
 import org.lowcoder.sdk.query.QueryVisitorContext;
@@ -310,12 +311,16 @@ public Mono<QueryExecutionResult> executeLibraryQuery(ServerWebExchange exchange
 
 
                     // check if oauth inherited from login and save token
-                    if(datasource.getDetailConfig() instanceof RestApiDatasourceConfig restApiDatasourceConfig
-                            && restApiDatasourceConfig.isOauth2InheritFromLogin()) {
+                    if(datasource.getDetailConfig() instanceof RestApiDatasourceConfig restApiDatasourceConfig && restApiDatasourceConfig.isOauth2InheritFromLogin()) {
                         paramsAndHeadersInheritFromLogin = getParamsAndHeadersInheritFromLogin
                                 (user, ((OAuthInheritAuthConfig)restApiDatasourceConfig.getAuthConfig()).getAuthId());
                     }
 
+                    if(datasource.getDetailConfig() instanceof GraphQLDatasourceConfig graphQLDatasourceConfig && graphQLDatasourceConfig.isOauth2InheritFromLogin()) {
+                        paramsAndHeadersInheritFromLogin = getParamsAndHeadersInheritFromLogin
+                                (user, ((OAuthInheritAuthConfig)graphQLDatasourceConfig.getAuthConfig()).getAuthId());
+                    }
+
                     QueryVisitorContext queryVisitorContext = new QueryVisitorContext(userId, orgId, port, cookies, paramsAndHeadersInheritFromLogin,
                             commonConfig.getDisallowedHosts());
                     Map<String, Object> queryConfig = baseQuery.getQueryConfig();