Persistent header is not used correctly

SylvainMarty commented 1 year ago

Hello,

We want to use Restish in our system to call some API routes already documented with OpenAPI. We are using Restish in dockerized environment. For a few routes, we only want to make them callable by the CLI. To do so, a unique token is generated when the container start and is added to the Restish user config. The token is also added in env variable so the backend can use it to check if the API call came from the CLI. From the Restish point of view, we want it to add the token in the custom header X-Cli-Secret for every request it's sending to our API. To set the configuration up, we used restish api configure admin command and we followed the Persistent Header documentation and also the OpenAPI Auto Configuration documentation.

We have a weird issue and we can't understand why: the persistent header we configure in the Restish user config is never set when sending the API call to our API but it is actually send when fetching the OpenAPI documentation. We don't understand why the persistent header is not present in the actual API call...

I added all the data we have at the end of this issue.

Can you help us find what is wrong with our setup?

Thank you for your help and for this amazing tool!

Data

Restish user config available in /home/node/.restish/apis.json

```json { "admin": { "base": "http://localhost:3000/apidoc/cli-json", "profiles": { "default": { "headers": { "x-cli-secret": "819d23ba-3ebd-408c-95ac-78abc93edc2c" }, "auth": { "name": "CliSecret" } } }, "tls": {} } } ```

OpenAPI document (served by http://localhost:3000/apidoc/cli-json)

```json { "openapi": "3.0.0", "paths": { "/cli/subscriptions": { "post": { "operationId": "SubscriptionController_startSchedulerCycle", "parameters": [], "responses": { "204": { "description": "" } }, "tags": [ "Subscription CLI API" ], "security": [ { "CliSecret": [] } ] } } }, "info": { "title": "CLI API", "description": "", "version": "1.0.0", "contact": {} }, "tags": [], "servers": [], "components": { "securitySchemes": { "CliSecret": { "type": "apiKey", "name": "x-cli-secret", "description": "CLI-Secret token", "in": "header" } }, "schemas": {} }, "security": [ { "CliSecret": [] } ], "x-cli-config": { "security": "CliSecret" } } ```

Command & ouput

**Restish command :** ```sh restish admin subscription-controller-start-scheduler-cycle -v --rsh-no-cache ``` **Ouput :** ``` DEBUG: Checking API entrypoint http://localhost:3000/apidoc/cli-json/ DEBUG: Adding TLS configuration DEBUG: Making request: GET /apidoc/cli-json/ HTTP/1.1 Host: localhost:3000 Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/* Accept-Encoding: gzip, br User-Agent: restish-0.15.1 X-Cli-Secret: 4417b5ed-ff8a-45f6-aeac-6a9d85c84e60 DEBUG: Got response from server in 8.953ms: HTTP/1.1 200 OK Content-Length: 562 Access-Control-Allow-Origin: * Connection: keep-alive Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"232-0U0hjEODOIqXVdfFBBEU2uIz31E" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 {"openapi":"3.0.0","paths":{"/cli/subscriptions":{"post":{"operationId":"SubscriptionController_startSchedulerCycle","parameters":[],"responses":{"204":{"description":""}},"tags":["Subscription CLI API"],"security":[{"CliSecret":[]}]}}},"info":{"title":"Guidap V2 CLI API","description":"","version":"1.0.0","contact":{}},"tags":[],"servers":[],"components":{"securitySchemes":{"CliSecret":{"type":"apiKey","name":"x-cli-secret","description":"CLI-Secret token","in":"header"}},"schemas":{}},"security":[{"CliSecret":[]}],"x-cli-config":{"security":"CliSecret"}} DEBUG: Unmarshalling from application/json DEBUG: Checking http://localhost:3000/openapi.json DEBUG: Adding TLS configuration DEBUG: Making request: GET /openapi.json HTTP/1.1 Host: localhost:3000 Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/* Accept-Encoding: gzip, br User-Agent: restish-0.15.1 DEBUG: Got response from server in 4.8148ms: HTTP/1.1 404 Not Found Content-Length: 1440 Access-Control-Allow-Origin: * Connection: keep-alive Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"5a0-rgioFpE8qs9dgBPWEv9D19ExH4Y" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 {"statusCode":404,"code":"NotFoundException","message":"Cannot GET /openapi.json","timestamp":1671440691695,"stackTrace":"NotFoundException: Cannot GET /openapi.json\n at callback (/usr/src/app/node_modules/@nestjs/core/router/routes-resolver.js:77:19)\n at /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:23\n at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:323:13)\n at /usr/src/app/node_modules/express/lib/router/index.js:284:7\n at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:341:12)\n at next (/usr/src/app/node_modules/express/lib/router/index.js:275:10)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:127:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)"} DEBUG: Checking http://localhost:3000/openapi.yaml DEBUG: Adding TLS configuration DEBUG: Making request: GET /openapi.yaml HTTP/1.1 Host: localhost:3000 Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/* Accept-Encoding: gzip, br User-Agent: restish-0.15.1 DEBUG: Got response from server in 3.5798ms: HTTP/1.1 404 Not Found Content-Length: 1440 Access-Control-Allow-Origin: * Connection: keep-alive Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"5a0-sM+ZWzS94S0FALo0tDPatPOwpI4" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 {"statusCode":404,"code":"NotFoundException","message":"Cannot GET /openapi.yaml","timestamp":1671440691699,"stackTrace":"NotFoundException: Cannot GET /openapi.yaml\n at callback (/usr/src/app/node_modules/@nestjs/core/router/routes-resolver.js:77:19)\n at /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:23\n at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:323:13)\n at /usr/src/app/node_modules/express/lib/router/index.js:284:7\n at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:341:12)\n at next (/usr/src/app/node_modules/express/lib/router/index.js:275:10)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:127:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)"} DEBUG: Checking http://localhost:3000/apidoc/cli-json/openapi.json DEBUG: Adding TLS configuration DEBUG: Making request: GET /apidoc/cli-json/openapi.json HTTP/1.1 Host: localhost:3000 Accept: application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,application/cbor;q=0.9,*/* Accept-Encoding: gzip, br User-Agent: restish-0.15.1 X-Cli-Secret: 4417b5ed-ff8a-45f6-aeac-6a9d85c84e60 DEBUG: Got response from server in 7.1564ms: HTTP/1.1 404 Not Found Content-Length: 1472 Access-Control-Allow-Origin: * Connection: keep-alive Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"5c0-fi1Jz4PRlrdYKf0TQLzUvbIMEyI" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 {"statusCode":404,"code":"NotFoundException","message":"Cannot GET /apidoc/cli-json/openapi.json","timestamp":1671440691703,"stackTrace":"NotFoundException: Cannot GET /apidoc/cli-json/openapi.json\n at callback (/usr/src/app/node_modules/@nestjs/core/router/routes-resolver.js:77:19)\n at /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:23\n at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:323:13)\n at /usr/src/app/node_modules/express/lib/router/index.js:284:7\n at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:341:12)\n at next (/usr/src/app/node_modules/express/lib/router/index.js:275:10)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:127:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)"} DEBUG: Checking http://localhost:3000/apidoc/cli-json/openapi.yaml DEBUG: Adding TLS configuration DEBUG: Making request: GET /apidoc/cli-json/openapi.yaml HTTP/1.1 Host: localhost:3000 Accept: text/*;q=0.2,application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,*/* Accept-Encoding: gzip, br User-Agent: restish-0.15.1 X-Cli-Secret: 4417b5ed-ff8a-45f6-aeac-6a9d85c84e60 DEBUG: Got response from server in 3.8443ms: HTTP/1.1 404 Not Found Content-Length: 1472 Access-Control-Allow-Origin: * Connection: keep-alive Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"5c0-foX7DW5d75ANfxDzvONwAdqsrT4" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 {"statusCode":404,"code":"NotFoundException","message":"Cannot GET /apidoc/cli-json/openapi.yaml","timestamp":1671440691710,"stackTrace":"NotFoundException: Cannot GET /apidoc/cli-json/openapi.yaml\n at callback (/usr/src/app/node_modules/@nestjs/core/router/routes-resolver.js:77:19)\n at /usr/src/app/node_modules/@nestjs/core/router/router-proxy.js:9:23\n at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/usr/src/app/node_modules/express/lib/router/index.js:323:13)\n at /usr/src/app/node_modules/express/lib/router/index.js:284:7\n at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:341:12)\n at next (/usr/src/app/node_modules/express/lib/router/index.js:275:10)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:127:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)\n at next (/usr/src/app/node_modules/express/lib/router/route.js:131:14)"} DEBUG: Checking http://localhost:3000/apidoc/cli-json/ DEBUG: Adding TLS configuration DEBUG: Making request: GET /apidoc/cli-json/ HTTP/1.1 Host: localhost:3000 Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/* Accept-Encoding: gzip, br User-Agent: restish-0.15.1 X-Cli-Secret: 4417b5ed-ff8a-45f6-aeac-6a9d85c84e60 DEBUG: Got response from server in 3.638ms: HTTP/1.1 200 OK Content-Length: 562 Access-Control-Allow-Origin: * Connection: keep-alive Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"232-0U0hjEODOIqXVdfFBBEU2uIz31E" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 {"openapi":"3.0.0","paths":{"/cli/subscriptions":{"post":{"operationId":"SubscriptionController_startSchedulerCycle","parameters":[],"responses":{"204":{"description":""}},"tags":["Subscription CLI API"],"security":[{"CliSecret":[]}]}}},"info":{"title":"Guidap V2 CLI API","description":"","version":"1.0.0","contact":{}},"tags":[],"servers":[],"components":{"securitySchemes":{"CliSecret":{"type":"apiKey","name":"x-cli-secret","description":"CLI-Secret token","in":"header"}},"schemas":{}},"security":[{"CliSecret":[]}],"x-cli-config":{"security":"CliSecret"}} DEBUG: API loading took 47.1928ms DEBUG: Configuration: map[app-name:restish config-directory:/home/node/.restish rsh-ca-cert: rsh-client-cert: rsh-client-key: rsh-filter: rsh-header:[] rsh-insecure:false rsh-no-cache:true rsh-no-paginate:false rsh-output-format:auto rsh-profile:default rsh-query:[] rsh-raw:false rsh-server: rsh-verbose:true server-index:0] DEBUG: Adding TLS configuration DEBUG: Making request: POST /cli/subscriptions HTTP/1.1 Host: localhost:3000 Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/* Accept-Encoding: gzip, br User-Agent: restish-0.15.1 DEBUG: Got response from server in 5.3336ms: HTTP/1.1 401 Unauthorized Content-Length: 1513 Access-Control-Allow-Origin: * Connection: keep-alive Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"5e9-qrJKwpkMWVAoizAjzSpKJI2iyIU" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 {"statusCode":401,"code":"UnauthorizedException","message":"Unauthorized","timestamp":1671440691735,"stackTrace":"UnauthorizedException: Unauthorized\n at CliSecretAuthGuard.handleRequest (/usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:68:30)\n at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:49:128\n at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:91:24\n at allFailed (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:110:18)\n at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:183:28)\n at CliSecretStrategy.strategy.fail (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:305:9)\n at CliSecretStrategy.Strategy.authenticate (/usr/src/app/node_modules/passport-headerapikey/lib/Strategy.js:48:25)\n at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:369:16)\n at authenticate (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:370:7)\n at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:96:3\n at new Promise ()\n at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:88:83\n at CliSecretAuthGuard. (/usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:49:36)\n at Generator.next ()\n at fulfilled (/usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:17:58)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)"} DEBUG: Unmarshalling from application/json HTTP/1.1 401 Unauthorized Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 1513 Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Content-Type: application/json; charset=utf-8 Date: Mon, 19 Dec 2022 09:04:51 GMT Etag: W/"5e9-qrJKwpkMWVAoizAjzSpKJI2iyIU" Expect-Ct: max-age=0 Keep-Alive: timeout=5 Referrer-Policy: no-referrer Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Xss-Protection: 0 { code: "UnauthorizedException" message: "Unauthorized" stackTrace: "UnauthorizedException: Unauthorized at CliSecretAuthGuard.handleRequest (/usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:68:30) at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:49:128 at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:91:24 at allFailed (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:110:18) at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:183:28) at CliSecretStrategy.strategy.fail (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:305:9) at CliSecretStrategy.Strategy.authenticate (/usr/src/app/node_modules/passport-headerapikey/lib/Strategy.js:48:25) at attempt (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:369:16) at authenticate (/usr/src/app/node_modules/passport/lib/middleware/authenticate.js:370:7) at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:96:3 at new Promise () at /usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:88:83 at CliSecretAuthGuard. (/usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:49:36) at Generator.next () at fulfilled (/usr/src/app/node_modules/@nestjs/passport/dist/auth.guard.js:17:58) at processTicksAndRejections (node:internal/process/task_queues:96:5)" statusCode: 401 timestamp: 1671440691735 } ```

SylvainMarty commented 1 year ago

We managed to make this work by moving the actual persistent header we wanted to send in every request in the config.json file.

Under the Persistent Headers & Query Params section, we can read this:

Follow the prompts to add or edit persistent headers or query params. These are values that get sent with every request when using that profile.

I think this is misleading: the persistent headers are only sent by Restish when fetching the OpenAPI document but never when calling the actual API route. Or maybe it's just a bug? 👀

danielgtaylor commented 1 year ago

@SylvainMarty I'm actually unable to reproduce this issue. Can you try something for me? I set up a local API Bin instance on a port I can guarantee has nothing else running and ran against it with the following config:

$ cd apibin
$ go run . -p 8889

"apibin": {
    "base": "http://localhost:8889",
    "profiles": {
      "default": {
        "headers": {
          "x-cli-secret": "819d23ba-3ebd-408c-95ac-78abc93edc2c"
        }
      }
    }
  },

Here's an excerpt from the results:

$ restish apibin/ -v
...
DEBUG: Making request:
GET / HTTP/1.1
Host: localhost:8889
Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/*
Accept-Encoding: gzip, br
User-Agent: restish-dev-2023-01-14-10:34
X-Cli-Secret: 819d23ba-3ebd-408c-95ac-78abc93edc2c

DEBUG: Got response from server in 3.181666ms:
...
DEBUG: Unmarshalling from application/cbor
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 394
Content-Type: application/cbor
Date: Wed, 18 Jan 2023 04:59:29 GMT
Etag: "jjGjNLAgnIQ"
Last-Modified: Tue, 01 Feb 2022 12:34:56 GMT
Link: </schemas/EchoModel.json>; rel="describedby"
Vary: *

{
  $schema: "http://localhost:8889/schemas/EchoModel.json"
  body: ""
  headers: {
    Accept: "application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/*"
    Accept-Encoding: "gzip, br"
    User-Agent: "restish-dev-2023-01-14-10:34"
    X-Cli-Secret: "819d23ba-3ebd-408c-95ac-78abc93edc2c"
  }
  host: "localhost:8889"
  method: "GET"
  path: "/"
  url: "http://localhost:8889/"
}

As you can see the value is both in the debug-printed request and the response, meaning the server saw and echoed the value back to you. Same results if I add the auth name and same results if I use the OpenAPI-generated command like restish apibin get-echo --rsh-no-cache -v.

Can you try this on your side and see if you can repro the issue? I'm wondering if it could be related to your container and its mounts or whether it has a persistent disk or if something else might be going on.

FWIW, the code that builds the request is the same no matter which way it is called.

danielgtaylor commented 1 year ago

Closing due to inactivity, feel free to reopen if needed.

stutibiyani commented 1 month ago

Hi Daniel! I am facing a similar issue. I tried to repro with your api bin example and it worked. But when I am trying out with my config it fails. One more thing to note, if I pass the header using a flag (-H 'key:value') that works too. My config looks something like this:


 "test": {
    "base": "https://$url/backend/swagger",
    "profiles": {
      "default": {
        "headers": {
          "Authorization": "Bearer $token",
          "x-swagger": "$swagger-token" // required to get the openapi spec
        }
      }
    },
    "tls": {}
  },

danielgtaylor / restish

Persistent header is not used correctly #154

Data