esperotech / yaade Goto Github PK

Sometimes I have to call a request with different parameters. In Postman there's a checkbox in front of each parameter, so I can activate and deactivate them. I find that very convenient and think it would be a nice feature in Yaade, too.

Something that would add a lot of functionality and improve the users work flow on Yaade would be adding tabs allowing for multiple open requests at once. This is something that Postman does brilliantly and even the likes of Hoppscotch have recently implemented. This would add a lot of value to Yaade and allow it to start competing directly with these other programs.

Seen in Hoppscotch here:

Would it be possible to add a "global" pre requests script option at the collection level (like Postman)?

Laravel Sanctum's stateful API auth requires the following pre-request actions for every POST request:

1. Make a GET request to /sanctum/csrf-cookie
2. Decode the returned XSRF-TOKEN cookie and save the value to an environment variable eg. "xsrfToken"

This is quite easy to implement in Postman via a collection-level pre request script. These scripts run before every request in the collection.

Then I just need to set the X-XSRF-TOKEN header on post requests to {{xsrfToken}} and everything works as expected.

It would be very helpful, if it was possible to duplicate requests (not just copy the ID) and move requests from one collection to another.

Hi.
One thing that this great app is missing for me is API documentation like postman and insomnia have.
Meaning to be able to write documentation for each API and request in yaade.

Hi team, thanks for this project. I have been looking for awhile on something like this and glad I stumbled on this project.

Would be great tool to use if we can include:

1. documentation for each requests, possibly markdown friendly
2. mock server facility so we can mock and add sample requests

With the above, it can be used as self-hosted stoplight.io

Hi.
So, using an environment variable in the request body like this:

{
    "token": ${token},
    "startRow": 0,
    "dateFilter": "all",
    "data": [{
        "field": "equipmentId",
        "operator": "iContains",
        "value": ["sample"]
    }]
}

And after pressing prettify, it looks like this:

{
    "token": $ {
        token
    },
    "startRow": 0,
    "dateFilter": "all",
    "data": [{
        "field": "equipmentId",
        "operator": "iContains",
        "value": ["sample"]
    }]
}

Which doesn't work anymore.

Unable to send requests even after installing the chrome extension and adding my yaade URL (eg, https://xx.xxxxx.xxx). Unable to add a trailing "/" since the extension strips it out. Should this work with Edge (and chrome extension)?

Receive this error:
Failed to connect to extension
The extension could not be connected. Please install the extension and copy the URL of this window into the host field of the extension. Then click retry.

It would be great if we could add folders and sub folders to collections to help keep things organised. Basically the same way Postman does it.

how to configure azure login? Giving an error "username not found"

i cannot create a new user group only admin is there by default

Hi

Laravel has an endpoint which sets a CSRF cookie. This endpoint doesn't return a body, just headers that are used to obtain the XSRF token value which can be used for Laravel's stateful API auth.

When calling this endpoint I'm getting the following error:

res.bodyAsString() must not be null

When searching in the response body for some text by pressing CTRL + F, I only find passages that are visible in the browser window. Means I don't find text, I didn't scroll to. Could you fix this?

example:
https://gitlab.ow2.org/bonita/bonita-openapi/-/tree/master
currently there is no way of importing this openapi spec into yajsw.

import of the entry point openapi/openapi.yaml causes the following error:

java.lang.RuntimeException: Unable to load RELATIVE ref: ./paths/loginservice.yaml path: /tmp

Suggestion: allow import of a .zip file with input of relative path to the entry point file.

This also raises the general question of support for http uris. I think that supporting http uris could lead to security issues or require authentication.

reference:
https://swagger.io/docs/specification/using-ref/

Didn't find an information about base path variable, do you have this setting?

1. create collection with openapi file
2. create basic collection

result: the openapi collection is duplicated

looking at the code it seems that the state property is not reset.

Great work guys! We’ve been looking for an alternative to Hoppscotch (fully self hosted with auth). Just started experimenting with Yaade and it’s looking promising.

Any plans to add a testing feature? Would be great if we could define tests in the UI and run them via CLI in our CI/CD pipeline

Take a look into the video to checkout the bug. The groups are not created, when I create a user.
https://github.com/EsperoTech/yaade/assets/12643853/52dd57ac-38b9-4843-bfd4-0dee4be01f14

in environment with many entries, at some point, the lower part of the modal box is no longer visible.
solution: add a scrollbar to the box

Hello Contributors,

how can I add Azure AD (https://docs.yaade.io/users-groups.html#azuread) in my running docker environment as auth provider? It's possible for you to give me a exact path and config file / snippet to configure this auth provider?

Thanks.

I have Yaade working fine right now using the extension. However, I would like to configure it to use "Server" to avoid having to install the extension everywhere. The docs talk about this in the "Proxies" section under "Environment", but I find the instructions confusing. Here are my questions:

• The docs talk about "Proxies" and the two options, but it does not show a table of the appropriate environmental variable like it does with other variables. Is Extension/Server set via an environmental variable or some other way. If the former, what is the name of the variable? I have tried both "proxy" and "proxies" and neither seem to work.
• The default is "Extension", but I am confused why it would not default to "Server" since that is simpler and avoids dependencies. What am I missing?
• As I read the directions, it made me wonder if the "Server" vs "Extension" choice could be a setting in Yaade, but I cannot find that. (Maybe a configuration in docker run?)

TIA!

i have two questions about postman collection import.

• collection multi depth
• collection variables

1. depth.
   If i have a collection that has multi depth like directory, then import operation must occur 500 error.
   postman's collection supports multi depth (like directory), but yaade's collection only supports 1 depth.
   when I flatten this collection, then I could import this.

i suggest multi depth of collection.

2. variables
   if i want to use a variable of environment in postman, the format is {{VARIABLE_NAME}}.
   but the format in yaade is ${VARIABLE_NAME}.
   after i import the postman collection, i should find the variables and replace {{xxx}} to ${xxx}. that is not compitible I think.

I suggest variable parser when postman import.

I just deployed a new docker, added a collection and a request. I click save and it remembers the URL but all of the body of the request is lost any time I switch to a different request and go back to the request I clicked save on.

Hosting a demo site so that users could try out the app in one click would be helpful.

As the title and this comment say. 😉

Thank you for your work! 🙌

Currently JSON responses are displayed as a single line, even when they are sent with beautified indentation. The request body editor is already able to beautify content for CodeMirror. Would be great to make this an option for the response as well, or at least not remove formatting from the response itself.

Hello,

thank you for providing this great tool.
Since I just switched from Postman and have to do repetitive steps to set up all the requests I need, I have a few suggestions. One of them:

In my API I have to do a login call first (and save the received token in an environment variable) and then call any other request. In every other request I have to set up the same headers: Authorization with token from the environment and custom headers.
It would be very nice, if I could define the headers in the collection. Or if I could set the headers with the request script (when it works collection-wide: #63).

It would be great to have a timestamp next to the info of a sent request (next to Status, Time, Size).
This would help to better identify if a request has been sent and to later recall when it has been sent.

OIDC Callback is null? it's not empty cuz i filled it out, see screenshot below

I'm trying to use keycloak as provider with the following configuration

{
    "providers": [{
        "id": "b2b",
        "label": "Login with Keycloak",
        "provider": "keycloak",
        "params": {
            "site": "https://url_to_keycloak",
            "clientId": "yaade",
            "clientSecret": "SECRET",
            "callbackUrl": "http://url_to_callback",
            "fields": {
                "username": "/username"
                "groups": "/groups"
            },
            "scopes": ["openid", "email"]
        }
    }]
}

but after signing in on keycloak page get this error in web browser:

{"classLoaderName":null,"moduleName":"java.base","moduleVersion":"11.0.11","methodName":"run","fileName":"Thread.java","lineNumber":829,"className":"java.lang.Thread","nativeMethod":false}],"code":500,"message":"Username not found: /username","suppressed":[],"localizedMessage":"Username not found: /username"}

yaade launched with

$ docker run -d --restart=always -p 9339:9339 \
    -e YAADE_ADMIN_USERNAME=admin -v yaade:/app/data \
    --name yaade esperotech/yaade:latest

there are no revers proxy or any front

in docker log i see these messages

[vert.x-eventloop-thread-0] ERROR com.espero.yaade.server.Server - [Thu, 1 Jun 2023 11:44:09 GMT] "GET /api/login?providerid=b2b HTTP_1_1" 500 Username not found: /username "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
[vert.x-eventloop-thread-0] ERROR io.vertx.ext.web.handler.impl.LoggerHandlerImpl - 3.28.85.101 - - [Thu, 1 Jun 2023 11:44:09 GMT] "GET /api/login?providerid=b2b HTTP/1.1" 500 20022 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"

also i have not found any examples with keycloak configuration regarding "fields"

Hi 👋

I would like to find out if yaade supports mutiple users, and/or does it have single sign on capabilities?

I would like to install it in our company network and share requests/responses for different users and customer projects!

Thank you for you work!

Greetings
Niklas

It would be great if I could specify OAuth 2 options to automatically fetch an access token from an security token service like Keycloak and use it with the Authorization header.

E.g., Insomnia has this feature:

At the moment the icon for prettifying the request is a star icon which isn't usually correlated with prettifying code.
I suggest a { } icon which is much more standard and familiar

Current Icon for cleaning code:

Suggested Icon for cleaning code:

https://icons8.com/icon/122223/curly-brackets

Add an yaade CORS extension for Firefox

I really like Yaade. Something basic I'm missing though is being able to re-order the collections and requests. This helps me keep stuff organized.

Currently, in order to duplicate a full collection, you would need to create the new collection and duplicate/move each request from the old collection.

I'm not sure about this, but is it even technically possible to set the user agent when using the Chrome extension? At the moment it always says "chrome" as user agent. I worked around this by accepting a custom header as user agent in my API, so it's not a big problem for me. But would be nice if it worked "out of the box".

Hi guys

Any chance of getting a pre-request script feature like Postman? See: https://learning.postman.com/docs/writing-scripts/pre-request-scripts/

This is required for Laravel's session-based Sanctum authentication. See this gist for more details: https://gist.github.com/janzikmund/3047ba4b7031efbabd7ade115f1e3317

I have set up Yaade on my cloud server, and it is currently running via Apache2 using the URL https://example.com. Simultaneously, I am developing an springboot application on my localhost that utilizes CORS. The application will be accessible via https://localhost:8080.

In my application's configuration, I have added the following line: configuration.setAllowedOrigins(Arrays.asList(frontendUrl, "https://example.com"));

However, when I send a POST request from Yaade to https://localhost:8080/register, I receive an invalid CORS request error in the response body.

To address this issue, I attempted to modify the configuration line to configuration.setAllowedOrigins("*');, which resolved the problem. Even though I specified "https://example.com" as the allowed origin, which is where I access Yaade, I'm still encountering this issue.

I would appreciate assistance in understanding why I am facing this problem despite configuring the allowed origins correctly.

Hi.
Thanks for the great project.
A very small thing that I noticed is there is no link to the repository from the About page and no version number.
I think it's pretty standard to have them there.

Groups for a collection can only be set when it's created. Editable collection groups would allow collections to be rolled out to different groups when ready.

In case of changes in the openapi.yaml, I need to delete the collection and create a new one with the new openapi.yaml.
The Edit Panel of the Collection only allows for renaming the Collection.
Let's add a feature to re-upload the openapi.yaml for an existing collection from the edit panel.

I'm following the docs for OpenID Connect but can't seem to get it to work with my Authentik deployment.

If I set the provider config to this:

{
  "providers": [{
    "id": "authentik",
    "label": "Sign in with Authentik",
    "provider": "oidc-discovery",
    "params": {
      "scopes": ["openid", "email"],
      "site": "https://<REDACTED>/application/o/yaade/.well-known/openid-configuration",
      "clientId": "<REDACTED>",
      "clientSecret": "<REDACTED>"
    }
  }]
}

Then I get the below error:

But if I set the provider config to this (i.e. change the site param):

{
  "providers": [{
    "id": "authentik",
    "label": "Sign in with Authentik",
    "provider": "oidc-discovery",
    "params": {
      "scopes": ["openid", "email"],
      "site": "https://<REDACTED>/application/o/yaade",
      "clientId": "<REDACTED>",
      "clientSecret": "<REDACTED>"
    }
  }]
}

Then I get the below error:

Setting the {"validateIssuer": false} parameter as per the API docs results in all attempts failing with null as shown in the second example.

I am trying to run yaade on my ubuntu machine using npm. I tried setting the env using export YAADE_ADMIN_USERNAME=admin but I doesn't work. ofc it works while I run it using the executable jar file but when I use npm run dev it doesn't work. what's the workaround for this ?

When using different environments and their variables extensively, opening the popup and closing it for each variable change hinders the flow a little bit.

Having a (optional) fixed panel for the environment of the current route could be a good idea.

Hello,

Like Hoppscotch do, that would be a very great feature to import Postman collections and environments from files.
This feature would encourage a lot Postman users to migrate to Yaade (that's my case)

For the implementation, the best would obviously be to integrate this feature to the Yaade UI.

But, for a quick-win, this functionality could be a side tool to convert postman files to yaade exports. The user could then be able to import converted files in the Yaade UI.

Thanks you guys for your work !

The OpenApi/Swagger UI generates an example request from the example data defined in the openapi.yaml.
It would be awesome if Yaade would do the same.

Hello team,

creator of Password4j here.

I've created a PR to upgrade Password4j from 1.5.4 to 1.7.1 maintaining backward compatibility with the hashes produced so far.

In general it's better to always specify the parameters of Argon2 (or any other algorithm) in the code or in a properties file, like I did in my PR. In 1.6.1 the implicit configurations were changed in order to fit OWASP's minimum security requirements and without the properties file you would had inconsistencies.

Enjoy 🚀