From 06d8864ca230664cbe246aaef39a217bc1b499b0 Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Tue, 25 Mar 2025 08:17:58 +0530 Subject: [PATCH 01/15] Create application_nikhil_apiauth_and_features.md currently working --- ...application_nikhil_apiauth_and_features.md | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md new file mode 100644 index 00000000..ae2ef8dc --- /dev/null +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -0,0 +1,112 @@ +# APIDash GSoC Proposal + +## About Me + +**Full Name:** Nikhil Ludder +**Contact Info:** +- **Email:** nikhilljatt@gmail.com +- **Phone:** +91 8708200907 +- **Discord Handle:** @badnikhil +- **GitHub:** [badnikhil](https://github.com/badnikhil) +- **Instagram:** [bad.nikhill](https://www.instagram.com/bad.nikhill/) +- **Time Zone:** UTC+5:30 (IST) + +--- + +## University Information + +- **University:** Indian Institute of Technology (IIT) Madras +- **Program:** BS in Data Science +- **Year:** 2024 +- **Expected Graduation Date:** 2028 + +--- + +## Second Institution Information + +- **University:** KIET Group of Institutions, Ghaziabad +- **Program:** B.Tech in Computer Science with AI/ML +- **Year:** 2024 +- **Expected Graduation Date:** 2028 + +--- + +## Motivation & Experience + +**Have you worked on or contributed to a FOSS project before?** +Yes, I’ve been actively contributing to APIDash! I’ve opened 3 pull requests (PRs) and raised 3 issues so far, and I’m currently working on 3 additional PRs. This is my first experience contributing to FOSS, and I’ve gained a solid understanding of the codebase, especially in preparing for tasks like enhancing authentication support and improving GraphQL features. You can check my work on GitHub: [badnikhil](https://github.com/badnikhil). + +**What’s your proudest achievement or project?** +One of my proudest moments was leading a team during a college hackathon to build an API client. It was a time-crunch situation, and we had to deliver a functional tool under tight deadlines. This experience taught me a lot about problem-solving, teamwork, and how to implement APIs effectively. It really sparked my passion for creating developer tools, much like APIDash. + +**What kind of problems motivate you the most?** +I get excited about challenges that take complex technology and turn it into something accessible and easy to use. I love working on tools that streamline workflows for developers, like improving APIDash’s authentication methods or enhancing its GraphQL capabilities. Solving these problems not only makes life easier for other developers, but it also pushes me to stay sharp and keep learning new technologies like Flutter and Dart. + +**Will you be working on GSoC full-time?** +Yes, I’ll be working on GSoC full-time. My college vacation overlaps perfectly with the GSoC timeline, and I have support from my institution for such opportunities(leave will be provided if needed), so I can dedicate most of my time to tackle tasks efficiently. Coding is my only hobby, and I’m excited to immerse myself fully in this project. + +**Do you mind syncing up with mentors regularly?** +Absolutely! I believe regular sync-ups are essential to keep things on track. I’m excited to share my progress, discuss challenges, and refine my approach with mentor feedback to ensure the project stays on course. + +**What interests you the most about APIDash?** +I’m fascinated by how APIDash is built entirely in Flutter, which is a framework I’m passionate about. Its potential to become a go-to API client for developers really excites me. The ability to enhance its authentication support and improve GraphQL features aligns perfectly with my interests, and I’m eager to contribute to its growth. + +**What areas of the project could be improved?** +- **Authentication Support:** I’m eager to add more authentication methods like Basic Auth, OAuth 2.0, JWT Bearer, and Digest Auth. This would make APIDash a powerful tool for testing secure APIs. It’s something I’m passionate about, and I’d love to keep exploring ways to improve authentication in the future. +- **GraphQL Enhancements:** I want to make the GraphQL editor more feature-rich, with support for query beautification, schema inspection, and variables, fragments, mutations, and subscriptions. I see a lot of potential in this area and would love to push it forward, making APIDash a top choice for GraphQL developers. + +--- + +## Project Proposal + +**Title:** Feature Improvements and Adding Authentication Support in APIDash + +**Abstract:** +This project aims to improve APIDash by adding support for multiple API authentication methods and enhancing its GraphQL features. Specifically, I’ll focus on adding authentication methods like Basic Auth, OAuth 2.0, JWT Bearer, Digest Auth, and others. Additionally, I’ll work on enhancing the GraphQL editor to support query beautification, schema inspection, and variables, fragments, mutations, and subscriptions. I'll also add more widget and integration tests to ensure reliability and quality. With my prior experience in the codebase, I’ll begin implementation after initial discussions with mentors and devote 7+ hours a day in the early stages to make efficient progress. + +--- + +## Detailed Description + +The project focuses on three main areas: + +1. **API Authentication Methods:** + - **Basic Authentication:** Implement username/password encoding in requests. + - **API Key:** Add key-value pair support in headers/query parameters. + - **Bearer Token:** Enable access key (e.g., JWT) authentication. + - **JWT Bearer:** Implement token generation and management. + - **Digest Auth:** Handle nonce-based hash key authentication. + - **OAuth 1.0 & OAuth 2.0:** Integrate OAuth flows with token management. + +2. **GraphQL Enhancements:** + - Improve the GraphQL editor with features like query beautification and expand/collapse options. + - Add schema inspection capabilities. + - Support GraphQL variables, fragments, mutations, and subscriptions. + +3. **Testing & Quality:** + - Increase code coverage with additional widget and integration tests to ensure stability and reliability. + +--- + +## Weekly Timeline + +The project spans 12 weeks, starting in late May 2025. I plan to dedicate around 50+ hours per week in the beginning to efficiently tackle tasks, with flexibility as needed: + +- **Week 1:** Discuss with mentors, finalize setup, and outline the implementation plan. +- **Week 2:** Implement Basic Authentication and API Key; submit PRs for review. +- **Week 3:** Add Bearer Token and JWT Bearer; continue refining and submitting PRs. +- **Week 4:** Implement Digest Auth; refine based on mentor feedback. +- **Week 5:** Add OAuth 1.0 and OAuth 2.0; review progress with mentors. +- **Week 6:** Enhance GraphQL editor; start working on beautify and expand/collapse features. +- **Week 7:** Add schema inspection, variables/fragments support. +- **Week 8:** Implement GraphQL mutations and subscriptions; write widget tests. +- **Week 9:** Increase code coverage with integration tests; refine based on feedback. +- **Week 10:** Finalize features and conduct additional testing. +- **Week 11:** Polish documentation and address remaining feedback. +- **Week 12:** Buffer week for delays; submit final deliverables and complete any remaining tasks. + +--- + +## Final Thoughts + +I’m excited about the opportunity to contribute to APIDash and bring my skills in Flutter, Dart, and API development to enhance the project. I’m committed to delivering high-quality code, regular updates, and collaborating closely with mentors to ensure that the project is successful. From 704b00d96e22f92e04f7147eca407536a932ecc6 Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 00:01:53 +0530 Subject: [PATCH 02/15] Update application_nikhil_apiauth_and_features.md --- ...application_nikhil_apiauth_and_features.md | 116 ++++++++---------- 1 file changed, 50 insertions(+), 66 deletions(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index ae2ef8dc..2d16ec0a 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -3,22 +3,39 @@ ## About Me **Full Name:** Nikhil Ludder -**Contact Info:** -- **Email:** nikhilljatt@gmail.com -- **Phone:** +91 8708200907 -- **Discord Handle:** @badnikhil -- **GitHub:** [badnikhil](https://github.com/badnikhil) -- **Instagram:** [bad.nikhill](https://www.instagram.com/bad.nikhill/) +**Contact Info:** + +- **Email:** [nikhilljatt@gmail.com](mailto:nikhilljatt@gmail.com) +- **Discord Handle:** @badnikhil +- **GitHub:** [badnikhil](https://github.com/badnikhil) +- **LINKEDIN:** [NIKHIL LUDDER](www.linkedin.com/in/nikhil-ludder-ba631216b) - **Time Zone:** UTC+5:30 (IST) --- +## Skills + +- **Flutter & Dart Development:** Advanced knowledge in Flutter app development, with a strong focus on API clients, network communication, and performance optimizations. +- **API Development & Integration:** Deep experience working with REST APIs, GraphQL, WebSockets, authentication methods (OAuth, JWT, API keys), and network protocols. +- **Programming Languages:** Currently Proficient in C++, Dart, and x86 Assembly but adaptable to any(worked with 15+ languages) with a strong grasp of low-level computing concepts. +- **Frameworks & Libraries:** Expertise in networking libraries, authentication strategies, and API testing tools. +- **Low-Level System Knowledge:** Understanding of computer architecture, memory management, operating systems, and system performance optimizations. +- **Problem-Solving & Competitive Coding:** Rated 5-star @CodeChef and 1600+ on LeetCode, with a solid grasp of algorithms and data structures. +- **Collaboration & Open Source Contributions:** Actively contributing to APIDash, with multiple PRs : + - [PR 1](https://github.com/foss42/apidash/pull/693) + - [PR 2 (WORKING ON IT)](https://github.com/foss42/apidash/pull/681) + - [PR 3](https://github.com/foss42/apidash/pull/670) + - [PR 4](https://github.com/foss42/apidash/pull/654) + - [PR 5](https://github.com/foss42/apidash/pull/649) + +--- + ## University Information - **University:** Indian Institute of Technology (IIT) Madras - **Program:** BS in Data Science - **Year:** 2024 -- **Expected Graduation Date:** 2028 +- **Expected Graduation Date:** 2028 --- @@ -27,86 +44,53 @@ - **University:** KIET Group of Institutions, Ghaziabad - **Program:** B.Tech in Computer Science with AI/ML - **Year:** 2024 -- **Expected Graduation Date:** 2028 +- **Expected Graduation Date:** 2028 --- ## Motivation & Experience -**Have you worked on or contributed to a FOSS project before?** -Yes, I’ve been actively contributing to APIDash! I’ve opened 3 pull requests (PRs) and raised 3 issues so far, and I’m currently working on 3 additional PRs. This is my first experience contributing to FOSS, and I’ve gained a solid understanding of the codebase, especially in preparing for tasks like enhancing authentication support and improving GraphQL features. You can check my work on GitHub: [badnikhil](https://github.com/badnikhil). +**FOSS Contributions:** +I’ve been actively contributing to APIDash, submitting multiple PRs and raising issues. I have studied the codebase in depth and will begin implementation immediately after the initial discussions with mentors. -**What’s your proudest achievement or project?** -One of my proudest moments was leading a team during a college hackathon to build an API client. It was a time-crunch situation, and we had to deliver a functional tool under tight deadlines. This experience taught me a lot about problem-solving, teamwork, and how to implement APIs effectively. It really sparked my passion for creating developer tools, much like APIDash. +**Proudest Achievement:** +Leading a college hackathon team to build an API client under a strict deadline. This experience strengthened my problem-solving skills and ability to work efficiently under pressure. -**What kind of problems motivate you the most?** -I get excited about challenges that take complex technology and turn it into something accessible and easy to use. I love working on tools that streamline workflows for developers, like improving APIDash’s authentication methods or enhancing its GraphQL capabilities. Solving these problems not only makes life easier for other developers, but it also pushes me to stay sharp and keep learning new technologies like Flutter and Dart. +**Interest in APIDash:** +I love how APIDash is fully built in Flutter, and I see a lot of potential in enhancing its authentication support and code generation features. -**Will you be working on GSoC full-time?** -Yes, I’ll be working on GSoC full-time. My college vacation overlaps perfectly with the GSoC timeline, and I have support from my institution for such opportunities(leave will be provided if needed), so I can dedicate most of my time to tackle tasks efficiently. Coding is my only hobby, and I’m excited to immerse myself fully in this project. - -**Do you mind syncing up with mentors regularly?** -Absolutely! I believe regular sync-ups are essential to keep things on track. I’m excited to share my progress, discuss challenges, and refine my approach with mentor feedback to ensure the project stays on course. - -**What interests you the most about APIDash?** -I’m fascinated by how APIDash is built entirely in Flutter, which is a framework I’m passionate about. Its potential to become a go-to API client for developers really excites me. The ability to enhance its authentication support and improve GraphQL features aligns perfectly with my interests, and I’m eager to contribute to its growth. - -**What areas of the project could be improved?** -- **Authentication Support:** I’m eager to add more authentication methods like Basic Auth, OAuth 2.0, JWT Bearer, and Digest Auth. This would make APIDash a powerful tool for testing secure APIs. It’s something I’m passionate about, and I’d love to keep exploring ways to improve authentication in the future. -- **GraphQL Enhancements:** I want to make the GraphQL editor more feature-rich, with support for query beautification, schema inspection, and variables, fragments, mutations, and subscriptions. I see a lot of potential in this area and would love to push it forward, making APIDash a top choice for GraphQL developers. +**Time Commitment:** +I will be working on GSoC full-time, dedicating 7+ hours per day, especially in the early stages, to ensure smooth progress. --- ## Project Proposal -**Title:** Feature Improvements and Adding Authentication Support in APIDash +### **Title:** Enhancing Authentication Support & Code Generation in APIDash -**Abstract:** -This project aims to improve APIDash by adding support for multiple API authentication methods and enhancing its GraphQL features. Specifically, I’ll focus on adding authentication methods like Basic Auth, OAuth 2.0, JWT Bearer, Digest Auth, and others. Additionally, I’ll work on enhancing the GraphQL editor to support query beautification, schema inspection, and variables, fragments, mutations, and subscriptions. I'll also add more widget and integration tests to ensure reliability and quality. With my prior experience in the codebase, I’ll begin implementation after initial discussions with mentors and devote 7+ hours a day in the early stages to make efficient progress. - ---- - -## Detailed Description - -The project focuses on three main areas: - -1. **API Authentication Methods:** - - **Basic Authentication:** Implement username/password encoding in requests. - - **API Key:** Add key-value pair support in headers/query parameters. - - **Bearer Token:** Enable access key (e.g., JWT) authentication. - - **JWT Bearer:** Implement token generation and management. - - **Digest Auth:** Handle nonce-based hash key authentication. - - **OAuth 1.0 & OAuth 2.0:** Integrate OAuth flows with token management. - -2. **GraphQL Enhancements:** - - Improve the GraphQL editor with features like query beautification and expand/collapse options. - - Add schema inspection capabilities. - - Support GraphQL variables, fragments, mutations, and subscriptions. - -3. **Testing & Quality:** - - Increase code coverage with additional widget and integration tests to ensure stability and reliability. +### **Abstract:** +This project aims to expand APIDash by implementing multiple authentication methods (Basic Auth, OAuth 2.0, JWT, Digest Auth, API Keys) and improving its code generation capabilities. With prior experience in the codebase, I have already mapped out the necessary changes and will begin work right after mentor discussions. --- ## Weekly Timeline -The project spans 12 weeks, starting in late May 2025. I plan to dedicate around 50+ hours per week in the beginning to efficiently tackle tasks, with flexibility as needed: - -- **Week 1:** Discuss with mentors, finalize setup, and outline the implementation plan. -- **Week 2:** Implement Basic Authentication and API Key; submit PRs for review. -- **Week 3:** Add Bearer Token and JWT Bearer; continue refining and submitting PRs. -- **Week 4:** Implement Digest Auth; refine based on mentor feedback. -- **Week 5:** Add OAuth 1.0 and OAuth 2.0; review progress with mentors. -- **Week 6:** Enhance GraphQL editor; start working on beautify and expand/collapse features. -- **Week 7:** Add schema inspection, variables/fragments support. -- **Week 8:** Implement GraphQL mutations and subscriptions; write widget tests. -- **Week 9:** Increase code coverage with integration tests; refine based on feedback. -- **Week 10:** Finalize features and conduct additional testing. -- **Week 11:** Polish documentation and address remaining feedback. -- **Week 12:** Buffer week for delays; submit final deliverables and complete any remaining tasks. +| Week | Task | +|------|------| +| **Week 1** | Finalize implementation plan, initial setup, mentor discussions | +| **Week 2** | Implement Basic Authentication, API Key authentication | +| **Week 3** | Add Bearer Token & JWT authentication | +| **Week 4** | Implement Digest Authentication | +| **Week 5** | OAuth 1.0 & OAuth 2.0 implementation | +| **Week 6-7** | Expand code generation support to new languages | +| **Week 8** | Refine code generation templates & improve output quality | +| **Week 9** | Increase test coverage, add integration tests | +| **Week 10** | Finalize features, conduct additional testing | +| **Week 11** | Documentation, bug fixes, and final refinements | +| **Week 12** | Submit final deliverables, address mentor feedback | --- ## Final Thoughts -I’m excited about the opportunity to contribute to APIDash and bring my skills in Flutter, Dart, and API development to enhance the project. I’m committed to delivering high-quality code, regular updates, and collaborating closely with mentors to ensure that the project is successful. +I am fully committed to delivering high-quality contributions to APIDash, leveraging my expertise in Flutter, API development, and low-level systems understanding. I will actively collaborate with mentors and ensure the successful implementation of these improvements. From bbc6bc6e1dd328a31718895460697ee321b7664b Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 00:04:06 +0530 Subject: [PATCH 03/15] Update application_nikhil_apiauth_and_features.md --- .../2025/gsoc/application_nikhil_apiauth_and_features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index 2d16ec0a..2d56d4fe 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -66,7 +66,7 @@ I will be working on GSoC full-time, dedicating 7+ hours per day, especially in ## Project Proposal -### **Title:** Enhancing Authentication Support & Code Generation in APIDash +### **Title:** Adding Authentication Support & Enhance Code Generation feature in APIDash ### **Abstract:** This project aims to expand APIDash by implementing multiple authentication methods (Basic Auth, OAuth 2.0, JWT, Digest Auth, API Keys) and improving its code generation capabilities. With prior experience in the codebase, I have already mapped out the necessary changes and will begin work right after mentor discussions. From aeb7dedb4a51199b282ae85c2bc4c4fd8f6683e7 Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 02:49:35 +0530 Subject: [PATCH 04/15] Update application_nikhil_apiauth_and_features.md --- .../gsoc/application_nikhil_apiauth_and_features.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index 2d56d4fe..2a3cd0db 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -16,9 +16,8 @@ ## Skills - **Flutter & Dart Development:** Advanced knowledge in Flutter app development, with a strong focus on API clients, network communication, and performance optimizations. -- **API Development & Integration:** Deep experience working with REST APIs, GraphQL, WebSockets, authentication methods (OAuth, JWT, API keys), and network protocols. -- **Programming Languages:** Currently Proficient in C++, Dart, and x86 Assembly but adaptable to any(worked with 15+ languages) with a strong grasp of low-level computing concepts. -- **Frameworks & Libraries:** Expertise in networking libraries, authentication strategies, and API testing tools. +- **API Development & Integration:** Deep experience working with REST APIs, GraphQL, WebSockets, authentication methods and network protocols. +- **Programming Languages:** Currently Proficient in C++, Dart, and x86 Assembly but adaptable to any(worked with 10+ languages) with a strong grasp of low-level computing concepts. - **Low-Level System Knowledge:** Understanding of computer architecture, memory management, operating systems, and system performance optimizations. - **Problem-Solving & Competitive Coding:** Rated 5-star @CodeChef and 1600+ on LeetCode, with a solid grasp of algorithms and data structures. - **Collaboration & Open Source Contributions:** Actively contributing to APIDash, with multiple PRs : @@ -56,8 +55,9 @@ I’ve been actively contributing to APIDash, submitting multiple PRs and raisin **Proudest Achievement:** Leading a college hackathon team to build an API client under a strict deadline. This experience strengthened my problem-solving skills and ability to work efficiently under pressure. -**Interest in APIDash:** -I love how APIDash is fully built in Flutter, and I see a lot of potential in enhancing its authentication support and code generation features. +**Interest in APIDash:** + +APIDash is fascinating because of its fully Flutter-based architecture, which ensures a seamless and consistent cross-platform experience. Its efficient approach to request management and response visualization makes it a powerful yet lightweight tool. The way it streamlines code generation further enhances its usability for developers working with APIs. **Time Commitment:** I will be working on GSoC full-time, dedicating 7+ hours per day, especially in the early stages, to ensure smooth progress. From a527ee14f5280333859469db33209b57a2c8f8bd Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 19:32:13 +0530 Subject: [PATCH 05/15] Update application_nikhil_apiauth_and_features.md --- ...application_nikhil_apiauth_and_features.md | 231 +++++++++++++++++- 1 file changed, 229 insertions(+), 2 deletions(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index 2a3cd0db..100a23d4 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -66,7 +66,7 @@ I will be working on GSoC full-time, dedicating 7+ hours per day, especially in ## Project Proposal -### **Title:** Adding Authentication Support & Enhance Code Generation feature in APIDash +### **Title:** Adding Authentication Support & Enhance/Update Code Generation feature in APIDash ### **Abstract:** This project aims to expand APIDash by implementing multiple authentication methods (Basic Auth, OAuth 2.0, JWT, Digest Auth, API Keys) and improving its code generation capabilities. With prior experience in the codebase, I have already mapped out the necessary changes and will begin work right after mentor discussions. @@ -82,7 +82,7 @@ This project aims to expand APIDash by implementing multiple authentication meth | **Week 3** | Add Bearer Token & JWT authentication | | **Week 4** | Implement Digest Authentication | | **Week 5** | OAuth 1.0 & OAuth 2.0 implementation | -| **Week 6-7** | Expand code generation support to new languages | +| **Week 6-7** | Expand code generation support to new languages() | | **Week 8** | Refine code generation templates & improve output quality | | **Week 9** | Increase test coverage, add integration tests | | **Week 10** | Finalize features, conduct additional testing | @@ -90,6 +90,233 @@ This project aims to expand APIDash by implementing multiple authentication meth | **Week 12** | Submit final deliverables, address mentor feedback | --- +# APIDash Authentication Integration and Code Generation + +## Overview +This document provides a detailed approach to implementing authentication mechanisms in APIDash, covering API client integration and code generation updates. + +## Authentication Methods to be Implemented +1. **Basic Authentication** - Username & Password +2. **API Key Authentication** - Key-Value pair in headers or query +3. **Bearer Token Authentication** - JWT-based authentication +4. **JWT Bearer Authentication** - Generating and sending JWT tokens +5. **Digest Authentication** - Nonce-based authentication +6. **OAuth 1.0** - Legacy token-based authentication +7. **OAuth 2.0** - Modern token-based authentication + +## 1. Basic Authentication +Basic authentication requires sending a username and password in the HTTP request headers. + +```dart + +Future fetchDataWithBasicAuth(String url, String username, String password) async { + String basicAuth = 'Basic ' + base64Encode(utf8.encode('$username:$password')); + + final response = await http.get( + Uri.parse(url), + headers: { + 'Authorization': basicAuth, + }, + ); + return response; +} +``` + +Generated Code (Dart) +``` +http.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'Authorization': 'Basic base64encoded(username:password)', + }, +); +``` + +## 2. API Key Authentication +API Key is sent either in headers or query parameters. + +``` +Future fetchDataWithApiKey(String url, String apiKey) async { + final response = await http.get( + Uri.parse(url), + headers: { + 'X-API-KEY': apiKey, + }, + ); + return response; +} +``` + +### Generated Code(Dart) +```dart +http.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'X-API-KEY': 'your_api_key', + }, +); +``` + +## 3. Bearer Token Authentication +Bearer token-based authentication requires an access token in the `Authorization` header. +``` +Future fetchDataWithBearerToken(String url, String token) async { + final response = await http.get( + Uri.parse(url), + headers: { + 'Authorization': 'Bearer $token', + }, + ); + return response; +} +``` + + Generated Code (Dart) +``` +http.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'Authorization': 'Bearer your_access_token', + }, +); +``` + +## 4. JWT Bearer Authentication +In JWT authentication, the client generates a JWT and sends it with requests. + +``` + +String generateJwt(String secretKey, Map claims) { + final builder = JsonWebSignatureBuilder() + ..jsonContent = claims + ..addRecipient(JsonWebKey.fromPem(secretKey), algorithm: 'RS256'); + + return builder.build().toCompactSerialization(); +} +``` + +Generated Code(Dart) +``` +http.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'Authorization': 'Bearer generated_jwt_token', + }, +); +``` + +## 5. Digest Authentication +Digest authentication requires a challenge-response mechanism. + +``` +Future fetchDataWithDigestAuth(String url, String username, String password) async { + + final response1 = await http.get(Uri.parse(url)); + String nonce = response1.headers['www-authenticate'] ?? ''; + + // Generate digest response (simplified, needs hashing implementation) + String digestResponse = generateDigestResponse(username, password, nonce); + + final response2 = await http.get( + Uri.parse(url), + headers: { + 'Authorization': 'Digest $digestResponse', + }, + ); + return response2; +} +``` + +Generated Code (Dart) +``` +http.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'Authorization': 'Digest generated_digest_token', + }, +); +``` + +## 6. OAuth 1.0 +OAuth 1.0 uses a consumer key and secret to obtain a request token. + +``` +Future fetchDataWithOAuth1(String url, String consumerKey, String consumerSecret) async { + String authHeader = generateOAuth1Signature(url, consumerKey, consumerSecret); + + final response = await http.get( + Uri.parse(url), + headers: { + 'Authorization': authHeader, + }, + ); + return response; +} +``` +Generated Code (Dart) +``` +http.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'Authorization': 'OAuth oauth_signature', + }, +); +``` + +## 7. OAuth 2.0 +OAuth 2.0 allows for token-based authentication. + +``` +Future fetchOAuth2Token(String tokenUrl, String clientId, String clientSecret) async { + final response = await http.post( + Uri.parse(tokenUrl), + body: { + 'client_id': clientId, + 'client_secret': clientSecret, + 'grant_type': 'client_credentials', + }, + ); + return jsonDecode(response.body)['access_token']; +} +``` +Generated Code (Dart) +``` +http.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'Authorization': 'Bearer your_access_token', + }, +); +``` + +--- + +#### Languages in Codegen + +Elixir - Using HTTPoison + +TypeScript - Separate from JavaScript, using Axios and fetch + +Haskell - Using http-client + +Perl - Using LWP::UserAgent + +Scala - Using sttp and Akka HTTP + +R - Using httr + +Lua - Using LuaSocket + +Erlang - Using httpc + +Shell (Wget) - Alternative to cURL for CLI-based requests + + +--- + + +## Conclusion +This document provides a detailed breakdown of implementing authentication in APIDash. Each method has been explained with API client implementation and corresponding code generation snippets. Further enhancements will be made by updating Code generation to handle authentication requests. ## Final Thoughts From bdbc412c07c2ff1363e21283c3495d276ce4b90d Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 21:38:06 +0530 Subject: [PATCH 06/15] Update application_nikhil_apiauth_and_features.md --- ...application_nikhil_apiauth_and_features.md | 893 ++++++++++++++---- 1 file changed, 735 insertions(+), 158 deletions(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index 100a23d4..f77a3f18 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -19,13 +19,15 @@ - **API Development & Integration:** Deep experience working with REST APIs, GraphQL, WebSockets, authentication methods and network protocols. - **Programming Languages:** Currently Proficient in C++, Dart, and x86 Assembly but adaptable to any(worked with 10+ languages) with a strong grasp of low-level computing concepts. - **Low-Level System Knowledge:** Understanding of computer architecture, memory management, operating systems, and system performance optimizations. -- **Problem-Solving & Competitive Coding:** Rated 5-star @CodeChef and 1600+ on LeetCode, with a solid grasp of algorithms and data structures. +- **Problem-Solving & Competitive Coding:** Rated 5-star @CodeChef and 1600+ on LeetCode. - **Collaboration & Open Source Contributions:** Actively contributing to APIDash, with multiple PRs : - - [PR 1](https://github.com/foss42/apidash/pull/693) - - [PR 2 (WORKING ON IT)](https://github.com/foss42/apidash/pull/681) - - [PR 3](https://github.com/foss42/apidash/pull/670) - - [PR 4](https://github.com/foss42/apidash/pull/654) - - [PR 5](https://github.com/foss42/apidash/pull/649) + + [**PR #693**](https://github.com/foss42/apidash/pull/693) – Fixed code generation for Swift + [**PR #681**](https://github.com/foss42/apidash/pull/681) – *In Progress:* Adding support for multiple params in requests and the code generation feature + [**PR #670**](https://github.com/foss42/apidash/pull/670) – Added onboarding screen + [**PR #654**](https://github.com/foss42/apidash/pull/654) – Fixed a video player crash bug and an error occurring during tests + [**PR #649**](https://github.com/foss42/apidash/pull/649) – Updated a link in the README file + --- @@ -60,7 +62,7 @@ Leading a college hackathon team to build an API client under a strict deadline. APIDash is fascinating because of its fully Flutter-based architecture, which ensures a seamless and consistent cross-platform experience. Its efficient approach to request management and response visualization makes it a powerful yet lightweight tool. The way it streamlines code generation further enhances its usability for developers working with APIs. **Time Commitment:** -I will be working on GSoC full-time, dedicating 7+ hours per day, especially in the early stages, to ensure smooth progress. +I will be working on GSoC full-time, dedicating 7+ hours per day, especially in the early stages, to ensure smooth progress. My vacations align perfectly with GSoC Timeline and my institute is very supportive for such opportunitites (if needed leave will be granted but i am sure it won't be necessary). --- @@ -69,7 +71,7 @@ I will be working on GSoC full-time, dedicating 7+ hours per day, especially in ### **Title:** Adding Authentication Support & Enhance/Update Code Generation feature in APIDash ### **Abstract:** -This project aims to expand APIDash by implementing multiple authentication methods (Basic Auth, OAuth 2.0, JWT, Digest Auth, API Keys) and improving its code generation capabilities. With prior experience in the codebase, I have already mapped out the necessary changes and will begin work right after mentor discussions. +This project aims to expand APIDash by implementing multiple authentication methods and improving its code generation capabilities Alongside adding relevant tests. With prior experience in the codebase, I have already mapped out the necessary changes and will begin work right after mentor discussions. --- @@ -90,10 +92,7 @@ This project aims to expand APIDash by implementing multiple authentication meth | **Week 12** | Submit final deliverables, address mentor feedback | --- -# APIDash Authentication Integration and Code Generation - -## Overview -This document provides a detailed approach to implementing authentication mechanisms in APIDash, covering API client integration and code generation updates. +# Authentication Integration ## Authentication Methods to be Implemented 1. **Basic Authentication** - Username & Password @@ -104,219 +103,797 @@ This document provides a detailed approach to implementing authentication mechan 6. **OAuth 1.0** - Legacy token-based authentication 7. **OAuth 2.0** - Modern token-based authentication -## 1. Basic Authentication -Basic authentication requires sending a username and password in the HTTP request headers. +#### 1. Basic Authentication -```dart +Basic authentication requires sending a username and password in the HTTP request headers. I will implement this with proper encoding and security measures: -Future fetchDataWithBasicAuth(String url, String username, String password) async { +``` +Future basicAuth(String url, String username, String password) async { + // Encode credentials properly with UTF-8 and Base64 String basicAuth = 'Basic ' + base64Encode(utf8.encode('$username:$password')); - final response = await http.get( - Uri.parse(url), - headers: { - 'Authorization': basicAuth, - }, - ); - return response; + // Create a secure HTTP client with proper timeout and SSL configuration + final client = http.Client(); + try { + final response = await client.get( + Uri.parse(url), + headers: { + 'Authorization': basicAuth, + 'Content-Type': 'application/json', + }, + ).timeout(const Duration(seconds: 10)); + + // Handle different response codes + if (response.statusCode == 401) { + throw Exception('Authentication failed. Please check credentials.'); + } + + return response; + } catch (e) { + + throw Exception('Authentication request failed: $e'); + } finally { + client.close(); + } } ``` -Generated Code (Dart) +Generated Code (Dart): ``` -http.get( - Uri.parse('https://api.example.com/data'), - headers: { - 'Authorization': 'Basic base64encoded(username:password)', - }, -); -``` - -## 2. API Key Authentication -API Key is sent either in headers or query parameters. - -``` -Future fetchDataWithApiKey(String url, String apiKey) async { - final response = await http.get( - Uri.parse(url), +final client = http.Client(); +try { + final response = await client.get( + Uri.parse('https://api.example.com/data'), headers: { - 'X-API-KEY': apiKey, + 'Authorization': 'Basic base64encoded(username:password)', + 'Content-Type': 'application/json', }, - ); - return response; + ).timeout(const Duration(seconds: 10)); + + if (response.statusCode >= 200 && response.statusCode < 300) { + + print(response.body); + } else { + + print('Error: ${response.statusCode}'); + } +} finally { + client.close(); } ``` -### Generated Code(Dart) -```dart -http.get( - Uri.parse('https://api.example.com/data'), - headers: { - 'X-API-KEY': 'your_api_key', - }, -); +#### 2. API Key Authentication + +API Key authentication can be implemented in headers or query parameters, and I'll support both approaches with proper error handling: + +``` +Future fetchDataWithApiKey(String url, String apiKey, {bool useQueryParam = false}) async { + final client = http.Client(); + try { + Uri uri = Uri.parse(url); + + // Support both header-based and query parameter-based API keys + if (useQueryParam) { + // For query parameter approach, append the API key to the URL + final queryParams = Map.from(uri.queryParameters); + queryParams['api_key'] = apiKey; + uri = uri.replace(queryParameters: queryParams); + + return await client.get( + uri, + headers: {'Content-Type': 'application/json'}, + ).timeout(const Duration(seconds: 10)); + } else { + // For header-based approach, include the API key in the headers + return await client.get( + uri, + headers: { + 'X-API-KEY': apiKey, + 'Content-Type': 'application/json', + }, + ).timeout(const Duration(seconds: 10)); + } + } catch (e) { + throw Exception('API Key authentication failed: $e'); + } finally { + client.close(); + } +} ``` -## 3. Bearer Token Authentication -Bearer token-based authentication requires an access token in the `Authorization` header. +Generated Code (Dart): +``` +// APIDash-generated API Key request (header method) +final client = http.Client(); +try { + final response = await client.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'X-API-KEY': 'your_api_key', + 'Content-Type': 'application/json', + }, + ).timeout(const Duration(seconds: 10)); + + if (response.statusCode == 200) { + final data = jsonDecode(response.body); + // Process data + } else { + print('Request failed with status: ${response.statusCode}'); + } +} finally { + client.close(); +} +``` + +#### 3. Bearer Token Authentication + +Bearer token authentication uses an access token in the Authorization header. I'll implement proper token handling and error management: + ``` Future fetchDataWithBearerToken(String url, String token) async { - final response = await http.get( - Uri.parse(url), + final client = http.Client(); + try { + final response = await client.get( + Uri.parse(url), + headers: { + 'Authorization': 'Bearer $token', + 'Content-Type': 'application/json', + }, + ).timeout(const Duration(seconds: 15)); + + // Handle token expiration and other common auth issues + if (response.statusCode == 401) { + // Token might be expired, trigger refresh mechanism + throw Exception('Token expired or invalid'); + } else if (response.statusCode == 403) { + throw Exception('Token does not have sufficient permissions'); + } + + return response; + } catch (e) { + throw Exception('Bearer token authentication failed: $e'); + } finally { + client.close(); + } +} +``` + +Generated Code (Dart): +``` +final client = http.Client(); +try { + final response = await client.get( + Uri.parse('https://api.example.com/data'), headers: { - 'Authorization': 'Bearer $token', + 'Authorization': 'Bearer your_access_token', + 'Content-Type': 'application/json', }, - ); - return response; + ).timeout(const Duration(seconds: 15)); + + if (response.statusCode >= 200 && response.statusCode < 300) { + final responseData = jsonDecode(response.body); + // Process response data + } else if (response.statusCode == 401) { + // Handle token expiration + print('Token expired. Please refresh authentication.'); + } else { + print('Request failed with status: ${response.statusCode}'); + } +} finally { + client.close(); } ``` - Generated Code (Dart) +#### 4. JWT Bearer Authentication + +JWT Bearer authentication will include proper token generation, validation, and expiration handling: + ``` -http.get( +String generateJwt(String secretKey, Map claims, {String algorithm = 'HS256'}) { + // Set standard claims if not provided + final fullClaims = { + 'iat': DateTime.now().millisecondsSinceEpoch ~/ 1000, // Issued at + 'exp': DateTime.now().add(Duration(hours: 1)).millisecondsSinceEpoch ~/ 1000, // Expiration + ...claims, + }; + + final header = { + 'alg': algorithm, + 'typ': 'JWT', + }; + + // Encode header and payload + final encodedHeader = base64Url.encode(utf8.encode(jsonEncode(header))); + final encodedPayload = base64Url.encode(utf8.encode(jsonEncode(fullClaims))); + + // Create signature + final dataToSign = '$encodedHeader.$encodedPayload'; + final hmac = Hmac(sha256, utf8.encode(secretKey)); + final digest = hmac.convert(utf8.encode(dataToSign)); + final signature = base64Url.encode(digest.bytes); + + // Combine all parts to create JWT + return '$encodedHeader.$encodedPayload.$signature'; +} + +Future fetchDataWithJwtBearer(String url, String token) async { + final client = http.Client(); + try { + final response = await client.get( + Uri.parse(url), + headers: { + 'Authorization': 'Bearer $token', + 'Content-Type': 'application/json', + }, + ); + + return response; + } catch (e) { + throw Exception('JWT authentication failed: $e'); + } finally { + client.close(); + } +} +``` + +Generated Code (Dart): +``` +import 'dart:convert'; +import 'package:crypto/crypto.dart'; + +String generateJwt(String secretKey, Map payload) { + final header = {'alg': 'HS256', 'typ': 'JWT'}; + + // Encode header and payload + final encodedHeader = base64Url.encode(utf8.encode(jsonEncode(header))); + final encodedPayload = base64Url.encode(utf8.encode(jsonEncode(payload))); + + // Create signature + final dataToSign = '$encodedHeader.$encodedPayload'; + final hmac = Hmac(sha256, utf8.encode(secretKey)); + final digest = hmac.convert(utf8.encode(dataToSign)); + final signature = base64Url.encode(digest.bytes); + + return '$encodedHeader.$encodedPayload.$signature'; +} + +// Generate and use JWT token +final claims = { + 'sub': 'user123', + 'name': 'John Doe', + 'iat': DateTime.now().millisecondsSinceEpoch ~/ 1000, + 'exp': DateTime.now().add(Duration(hours: 1)).millisecondsSinceEpoch ~/ 1000 +}; + +final jwt = generateJwt('your_secret_key', claims); + +final response = await http.get( Uri.parse('https://api.example.com/data'), headers: { - 'Authorization': 'Bearer your_access_token', + 'Authorization': 'Bearer $jwt', + 'Content-Type': 'application/json', }, ); ``` -## 4. JWT Bearer Authentication -In JWT authentication, the client generates a JWT and sends it with requests. +#### 5. Digest Authentication -``` - -String generateJwt(String secretKey, Map claims) { - final builder = JsonWebSignatureBuilder() - ..jsonContent = claims - ..addRecipient(JsonWebKey.fromPem(secretKey), algorithm: 'RS256'); - - return builder.build().toCompactSerialization(); -} -``` - -Generated Code(Dart) -``` -http.get( - Uri.parse('https://api.example.com/data'), - headers: { - 'Authorization': 'Bearer generated_jwt_token', - }, -); -``` - -## 5. Digest Authentication -Digest authentication requires a challenge-response mechanism. +Digest authentication requires a challenge-response mechanism with proper nonce handling: ``` Future fetchDataWithDigestAuth(String url, String username, String password) async { + final client = http.Client(); + try { + // First request to get the challenge + final initialResponse = await client.get(Uri.parse(url)); + + if (initialResponse.statusCode != 401 || !initialResponse.headers.containsKey('www-authenticate')) { + throw Exception('Server did not respond with digest challenge'); + } + + // Parse the WWW-Authenticate header + final authHeader = initialResponse.headers['www-authenticate'] ?? ''; + if (!authHeader.toLowerCase().startsWith('digest ')) { + throw Exception('Server did not provide digest authentication challenge'); + } + + // Extract digest params (realm, nonce, qop, etc.) + final Map digestParams = {}; + final paramRegex = RegExp(r'(\w+)="([^"]*)"'); + paramRegex.allMatches(authHeader).forEach((match) { + digestParams[match.group(1)!] = match.group(2)!; + }); + + // Required params for digest auth + final String realm = digestParams['realm'] ?? ''; + final String nonce = digestParams['nonce'] ?? ''; + final String opaque = digestParams['opaque'] ?? ''; + final String algorithm = digestParams['algorithm'] ?? 'MD5'; + final String qop = digestParams['qop'] ?? ''; + + // Generate cnonce and response + final String cnonce = _generateCnonce(); + final String nc = '00000001'; + final String method = 'GET'; + + // Calculate digest response according to RFC 2617 + String ha1 = md5.convert(utf8.encode('$username:$realm:$password')).toString(); + String ha2 = md5.convert(utf8.encode('$method:$url')).toString(); + + String response; + if (qop.isNotEmpty) { + response = md5.convert(utf8.encode('$ha1:$nonce:$nc:$cnonce:$qop:$ha2')).toString(); + } else { + response = md5.convert(utf8.encode('$ha1:$nonce:$ha2')).toString(); + } + + // Build the Authorization header + String digestHeader = 'Digest username="$username", realm="$realm", ' + 'nonce="$nonce", uri="$url", algorithm=$algorithm, ' + 'response="$response"'; + + if (qop.isNotEmpty) { + digestHeader += ', qop=$qop, nc=$nc, cnonce="$cnonce"'; + } + + if (opaque.isNotEmpty) { + digestHeader += ', opaque="$opaque"'; + } + + // Make authenticated request + final authenticatedResponse = await client.get( + Uri.parse(url), + headers: { + 'Authorization': digestHeader, + 'Content-Type': 'application/json', + }, + ); + + return authenticatedResponse; + } catch (e) { + throw Exception('Digest authentication failed: $e'); + } finally { + client.close(); + } +} - final response1 = await http.get(Uri.parse(url)); - String nonce = response1.headers['www-authenticate'] ?? ''; - - // Generate digest response (simplified, needs hashing implementation) - String digestResponse = generateDigestResponse(username, password, nonce); - - final response2 = await http.get( - Uri.parse(url), - headers: { - 'Authorization': 'Digest $digestResponse', - }, - ); - return response2; +String _generateCnonce() { + final random = Random(); + final values = List.generate(16, (i) => random.nextInt(256)); + return base64Url.encode(values).substring(0, 16); } ``` -Generated Code (Dart) +Generated Code (Dart): +This is a simplified example of the generated code ``` -http.get( +// First request to get the challenge +final client = http.Client(); +try { + // Initial request to get the challenge + final initialResponse = await client.get(Uri.parse('https://api.example.com/data')); + if (initialResponse.statusCode != 401) { + print('Server did not request authentication'); + return; + } + + // Parse the WWW-Authenticate header + final authHeader = initialResponse.headers['www-authenticate'] ?? ''; + if (!authHeader.toLowerCase().startsWith('digest ')) { + print('Server does not support digest authentication'); + return; + } + + // Extract digest parameters (simplified) + final realm = _extractParam(authHeader, 'realm'); + final nonce = _extractParam(authHeader, 'nonce'); + final qop = _extractParam(authHeader, 'qop'); + + // Generate cnonce and other required values + final cnonce = _generateCnonce(); + final nc = '00000001'; + + // Calculate response (simplified) + // In a real implementation, this would follow RFC 2617 algorithm + final digestResponse = 'generated_digest_response_here'; + + // Make authenticated request + final response = await client.get( + Uri.parse('https://api.example.com/data'), + headers: { + 'Authorization': 'Digest username="your_username", realm="$realm", ' + 'nonce="$nonce", uri="/data", response="$digestResponse", ' + 'qop=$qop, nc=$nc, cnonce="$cnonce"', + 'Content-Type': 'application/json', + }, + ); + + if (response.statusCode == 200) { + // Process successful response + } else { + print('Authentication failed: ${response.statusCode}'); + } +} finally { + client.close(); +} +``` + +#### 6. OAuth 1.0 + +OAuth 1.0 implementation will include proper signature generation and token handling: + +``` +Future fetchDataWithOAuth1( + String url, + String consumerKey, + String consumerSecret, + {String? token, String? tokenSecret} +) async { + final client = http.Client(); + try { + // Generate OAuth parameters + final timestamp = (DateTime.now().millisecondsSinceEpoch ~/ 1000).toString(); + final nonce = _generateNonce(); + + // Create parameter map for signature base string + final Map params = { + 'oauth_consumer_key': consumerKey, + 'oauth_nonce': nonce, + 'oauth_signature_method': 'HMAC-SHA1', + 'oauth_timestamp': timestamp, + 'oauth_version': '1.0', + }; + + // Add token if available + if (token != null) { + params['oauth_token'] = token; + } + + // Extract URL components + final uri = Uri.parse(url); + final baseUrl = '${uri.scheme}://${uri.host}${uri.path}'; + + // Add query parameters to signature parameters + if (uri.queryParameters.isNotEmpty) { + params.addAll(uri.queryParameters); + } + + // Create signature base string + final List paramPairs = []; + final sortedParams = SplayTreeMap.from(params); + sortedParams.forEach((key, value) { + paramPairs.add('${Uri.encodeComponent(key)}=${Uri.encodeComponent(value)}'); + }); + + final paramString = paramPairs.join('&'); + final signatureBaseString = 'GET&${Uri.encodeComponent(baseUrl)}&${Uri.encodeComponent(paramString)}'; + + // Create signing key + final signingKey = tokenSecret != null + ? '${Uri.encodeComponent(consumerSecret)}&${Uri.encodeComponent(tokenSecret)}' + : '${Uri.encodeComponent(consumerSecret)}&'; + + // Generate signature + final hmac = Hmac(sha1, utf8.encode(signingKey)); + final digest = hmac.convert(utf8.encode(signatureBaseString)); + final signature = base64.encode(digest.bytes); + + // Add signature to OAuth parameters + params['oauth_signature'] = signature; + + // Create Authorization header + final List authHeaderParts = []; + final oauthParams = params.entries.where((entry) => entry.key.startsWith('oauth_')); + oauthParams.forEach((entry) { + authHeaderParts.add('${entry.key}="${Uri.encodeComponent(entry.value)}"'); + }); + + final authHeader = 'OAuth ${authHeaderParts.join(', ')}'; + + // Make request with OAuth header + final response = await client.get( + uri, + headers: { + 'Authorization': authHeader, + 'Content-Type': 'application/json', + }, + ); + + return response; + } catch (e) { + throw Exception('OAuth 1.0 authentication failed: $e'); + } finally { + client.close(); + } +} + +String _generateNonce() { + final random = Random(); + final values = List.generate(16, (i) => random.nextInt(256)); + return base64Url.encode(values).substring(0, 16); +} +``` + +Generated Code (Dart): +``` +import 'dart:convert'; +import 'dart:math'; +import 'package:crypto/crypto.dart'; +import 'package:http/http.dart' as http; +import 'package:collection/collection.dart'; + +// Generate OAuth 1.0 signature and make request +final String consumerKey = 'your_consumer_key'; +final String consumerSecret = 'your_consumer_secret'; +final String token = 'your_access_token'; // If available +final String tokenSecret = 'your_token_secret'; // If available + +// Generate OAuth parameters +final timestamp = (DateTime.now().millisecondsSinceEpoch ~/ 1000).toString(); +final nonce = base64Url.encode(List.generate(16, (_) => Random().nextInt(256))).substring(0, 16); + +// Create parameter map +final params = SplayTreeMap.from({ + 'oauth_consumer_key': consumerKey, + 'oauth_nonce': nonce, + 'oauth_signature_method': 'HMAC-SHA1', + 'oauth_timestamp': timestamp, + 'oauth_token': token, // Include only if available + 'oauth_version': '1.0', +}); + +// Create signature (simplified) +final signatureBaseString = 'GET&${Uri.encodeComponent('https://api.example.com/data')}¶meter_string_here'; +final signingKey = '$consumerSecret&$tokenSecret'; +final signature = base64.encode(Hmac(sha1, utf8.encode(signingKey)) + .convert(utf8.encode(signatureBaseString)) + .bytes); + +// Create Authorization header +final authHeader = 'OAuth oauth_consumer_key="$consumerKey", ' + 'oauth_nonce="$nonce", oauth_signature="$signature", ' + 'oauth_signature_method="HMAC-SHA1", oauth_timestamp="$timestamp", ' + 'oauth_token="$token", oauth_version="1.0"'; + +// Make authenticated request +final response = await http.get( Uri.parse('https://api.example.com/data'), headers: { - 'Authorization': 'Digest generated_digest_token', + 'Authorization': authHeader, + 'Content-Type': 'application/json', }, ); ``` -## 6. OAuth 1.0 -OAuth 1.0 uses a consumer key and secret to obtain a request token. +#### 7. OAuth 2.0 + +OAuth 2.0 implementation will support multiple grant types and proper token management: ``` -Future fetchDataWithOAuth1(String url, String consumerKey, String consumerSecret) async { - String authHeader = generateOAuth1Signature(url, consumerKey, consumerSecret); - - final response = await http.get( - Uri.parse(url), - headers: { - 'Authorization': authHeader, - }, - ); - return response; -} -``` -Generated Code (Dart) -``` -http.get( - Uri.parse('https://api.example.com/data'), - headers: { - 'Authorization': 'OAuth oauth_signature', - }, -); -``` - -## 7. OAuth 2.0 -OAuth 2.0 allows for token-based authentication. - -``` -Future fetchOAuth2Token(String tokenUrl, String clientId, String clientSecret) async { - final response = await http.post( - Uri.parse(tokenUrl), - body: { +// Client Credentials Grant +Future> getOAuth2TokenClientCredentials( + String tokenUrl, + String clientId, + String clientSecret, + {Map? additionalParams} +) async { + final client = http.Client(); + try { + // Prepare request body + final Map body = { + 'grant_type': 'client_credentials', 'client_id': clientId, 'client_secret': clientSecret, - 'grant_type': 'client_credentials', - }, - ); - return jsonDecode(response.body)['access_token']; + }; + + // Add any additional parameters + if (additionalParams != null) { + body.addAll(additionalParams); + } + + // Request access token + final response = await client.post( + Uri.parse(tokenUrl), + headers: { + 'Content-Type': 'application/x-www-form-urlencoded', + }, + body: body, + ); + + if (response.statusCode != 200) { + throw Exception('Failed to get OAuth2 token: ${response.body}'); + } + + // Parse token response + final Map tokenData = jsonDecode(response.body); + if (!tokenData.containsKey('access_token')) { + throw Exception('Invalid OAuth2 response: access_token missing'); + } + + return tokenData; + } catch (e) { + throw Exception('OAuth2 authentication failed: $e'); + } finally { + client.close(); + } +} + +// Authorization Code Grant +Future> getOAuth2TokenAuthCode( + String tokenUrl, + String code, + String redirectUri, + String clientId, + String clientSecret, + {String? codeVerifier} +) async { + final client = http.Client(); + try { + // Prepare request body + final Map body = { + 'grant_type': 'authorization_code', + 'code': code, + 'redirect_uri': redirectUri, + 'client_id': clientId, + 'client_secret': clientSecret, + }; + + // Add PKCE code verifier if available (for public clients) + if (codeVerifier != null) { + body['code_verifier'] = codeVerifier; + } + + // Request access token + final response = await client.post( + Uri.parse(tokenUrl), + headers: { + 'Content-Type': 'application/x-www-form-urlencoded', + }, + body: body, + ); + + if (response.statusCode != 200) { + throw Exception('Failed to get OAuth2 token: ${response.body}'); + } + + // Parse token response + final Map tokenData = jsonDecode(response.body); + if (!tokenData.containsKey('access_token')) { + throw Exception('Invalid OAuth2 response: access_token missing'); + } + + return tokenData; + } catch (e) { + throw Exception('OAuth2 authentication failed: $e'); + } finally { + client.close(); + } +} + +// Use OAuth2 token to make a request +Future fetchDataWithOAuth2(String url, String accessToken) async { + final client = http.Client(); + try { + final response = await client.get( + Uri.parse(url), + headers: { + 'Authorization': 'Bearer $accessToken', + 'Content-Type': 'application/json', + }, + ); + + return response; + } catch (e) { + throw Exception('OAuth2 request failed: $e'); + } finally { + client.close(); + } } ``` -Generated Code (Dart) -``` -http.get( - Uri.parse('https://api.example.com/data'), - headers: { - 'Authorization': 'Bearer your_access_token', - }, -); -``` + + + + +### 1. **Languages to be Added (Codegen feature)** + + - **Elixir** (Using HTTPoison) + - **TypeScript** (Axios & Fetch APIs) + - **Haskell** (http-client) + - **Perl** (LWP::UserAgent) + - **Scala** (sttp & Akka HTTP) + - **R** (httr) + - **Lua** (LuaSocket) + - **Erlang** (httpc) + - **Shell** (Wget) + +The generated code will strictly follow best practices for each language while maintaining a consistent structure across implementations. API requests in each language/package will go thorough manual tests. --- -#### Languages in Codegen +## Generated API Request Code -Elixir - Using HTTPoison +## Elixir (Using HTTPoison) +``` +HTTPoison.get!("https://api.example.com/data") +``` -TypeScript - Separate from JavaScript, using Axios and fetch +## TypeScript (Axios) +``` +import axios from "axios"; +axios.get("https://api.example.com/data"); +``` -Haskell - Using http-client +## TypeScript (fetch) +``` +fetch("https://api.example.com/data"); +``` -Perl - Using LWP::UserAgent +## Haskell (http-client) +``` +import Network.HTTP.Client +import Network.HTTP.Client.TLS -Scala - Using sttp and Akka HTTP +main :: IO () +main = do + manager <- newManager tlsManagerSettings + request <- parseRequest "https://api.example.com/data" + response <- httpLbs request manager + print $ responseBody response +``` -R - Using httr +## Perl (LWP::UserAgent) +``` +use LWP::UserAgent; +my $ua = LWP::UserAgent->new; +my $res = $ua->get("https://api.example.com/data"); +print $res->decoded_content; +``` -Lua - Using LuaSocket +## Scala (sttp) +``` +import sttp.client3._ +val request = basicRequest.get(uri"https://api.example.com/data") +val backend = HttpURLConnectionBackend() +val response = request.send(backend) +``` -Erlang - Using httpc +## Scala (Akka HTTP) +``` +import akka.http.scaladsl.Http +import akka.http.scaladsl.model._ +Http().singleRequest(HttpRequest(uri = "https://api.example.com/data")) +``` -Shell (Wget) - Alternative to cURL for CLI-based requests +## R (httr) +``` +library(httr) +res <- GET("https://api.example.com/data") +content(res, "text") +``` +## Lua (LuaSocket) +``` +local http = require("socket.http") +local response = http.request("https://api.example.com/data") +print(response) +``` + +## Erlang (httpc) +``` +httpc:request(get, {"https://api.example.com/data", []}, [], []). +``` + +## Shell (Wget) +``` +wget "https://api.example.com/data" +``` ---- ## Conclusion -This document provides a detailed breakdown of implementing authentication in APIDash. Each method has been explained with API client implementation and corresponding code generation snippets. Further enhancements will be made by updating Code generation to handle authentication requests. + +This provides a brief breakdown of implementing authentication in APIDash. Each method has been explained with corresponding code generation snippet. Further enhancements will be made by updating Code generation to handle authentication requests for all other lanugages and adding relevant tests. +This contribution will significantly expand the APIDash's capabilities by enabling support for multiple programming languages, making the CodeGen feature more robust and widely usable. By following a structured development, testing, and validation approach, the enhancements will ensure reliable and maintainable code generation. ## Final Thoughts From 489eaf9b5eedcd500db9fd6d729435b9b4a58dde Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 21:45:57 +0530 Subject: [PATCH 07/15] Update application_nikhil_apiauth_and_features.md --- .../application_nikhil_apiauth_and_features.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index f77a3f18..be4c542b 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -50,20 +50,25 @@ --- ## Motivation & Experience +Short answers to the following questions (Add relevant links wherever you can): -**FOSS Contributions:** +1. Have you worked on or contributed to a FOSS project before? Can you attach repo links or relevant PRs? I’ve been actively contributing to APIDash, submitting multiple PRs and raising issues. I have studied the codebase in depth and will begin implementation immediately after the initial discussions with mentors. -**Proudest Achievement:** + +2. What is your one project/achievement that you are most proud of? Why? Leading a college hackathon team to build an API client under a strict deadline. This experience strengthened my problem-solving skills and ability to work efficiently under pressure. -**Interest in APIDash:** - +3. What interests you the most about API Dash? APIDash is fascinating because of its fully Flutter-based architecture, which ensures a seamless and consistent cross-platform experience. Its efficient approach to request management and response visualization makes it a powerful yet lightweight tool. The way it streamlines code generation further enhances its usability for developers working with APIs. -**Time Commitment:** + +4. Will you be working on GSoC full-time? In case not, what will you be studying or working on while working on the project? I will be working on GSoC full-time, dedicating 7+ hours per day, especially in the early stages, to ensure smooth progress. My vacations align perfectly with GSoC Timeline and my institute is very supportive for such opportunitites (if needed leave will be granted but i am sure it won't be necessary). +5. Do you mind regularly syncing up with the project mentors? +Not at all! Regular sync-ups with the mentors will help me stay on track, get valuable feedback, and ensure the project progresses smoothly. + --- ## Project Proposal From a72d64c7dd8ad5ea9fbf787315a89c6f143681e1 Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 21:46:39 +0530 Subject: [PATCH 08/15] Update gsoc_application_template.md --- .../2025/gsoc/templates/gsoc_application_template.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/proposals/2025/gsoc/templates/gsoc_application_template.md b/doc/proposals/2025/gsoc/templates/gsoc_application_template.md index 3018cd60..a84b67f2 100644 --- a/doc/proposals/2025/gsoc/templates/gsoc_application_template.md +++ b/doc/proposals/2025/gsoc/templates/gsoc_application_template.md @@ -32,9 +32,9 @@ Short answers to the following questions (Add relevant links wherever you can): 2. What is your one project/achievement that you are most proud of? Why? 3. What kind of problems or challenges motivate you the most to solve them? 4. Will you be working on GSoC full-time? In case not, what will you be studying or working on while working on the project? -6. Do you mind regularly syncing up with the project mentors? -7. What interests you the most about API Dash? -8. Can you mention some areas where the project can be improved? +5. Do you mind regularly syncing up with the project mentors? +6. What interests you the most about API Dash? +7. Can you mention some areas where the project can be improved? ### Project Proposal Information From d79fc4b46e9ff00766865c7cea68e398a1af2f8f Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 22:35:28 +0530 Subject: [PATCH 10/15] Update application_nikhil_apiauth_and_features.md --- ...application_nikhil_apiauth_and_features.md | 23 ++++++++----------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index be4c542b..8ccd8b08 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -33,40 +33,35 @@ ## University Information -- **University:** Indian Institute of Technology (IIT) Madras -- **Program:** BS in Data Science -- **Year:** 2024 -- **Expected Graduation Date:** 2028 - ---- - -## Second Institution Information - - **University:** KIET Group of Institutions, Ghaziabad - **Program:** B.Tech in Computer Science with AI/ML - **Year:** 2024 - **Expected Graduation Date:** 2028 +--- + + --- ## Motivation & Experience Short answers to the following questions (Add relevant links wherever you can): -1. Have you worked on or contributed to a FOSS project before? Can you attach repo links or relevant PRs? +**1. Have you worked on or contributed to a FOSS project before? Can you attach repo links or relevant PRs?** + I’ve been actively contributing to APIDash, submitting multiple PRs and raising issues. I have studied the codebase in depth and will begin implementation immediately after the initial discussions with mentors. -2. What is your one project/achievement that you are most proud of? Why? +**2. What is your one project/achievement that you are most proud of? Why?** Leading a college hackathon team to build an API client under a strict deadline. This experience strengthened my problem-solving skills and ability to work efficiently under pressure. -3. What interests you the most about API Dash? +**3. What interests you the most about API Dash?** APIDash is fascinating because of its fully Flutter-based architecture, which ensures a seamless and consistent cross-platform experience. Its efficient approach to request management and response visualization makes it a powerful yet lightweight tool. The way it streamlines code generation further enhances its usability for developers working with APIs. -4. Will you be working on GSoC full-time? In case not, what will you be studying or working on while working on the project? +**4. Will you be working on GSoC full-time? In case not, what will you be studying or working on while working on the project?** I will be working on GSoC full-time, dedicating 7+ hours per day, especially in the early stages, to ensure smooth progress. My vacations align perfectly with GSoC Timeline and my institute is very supportive for such opportunitites (if needed leave will be granted but i am sure it won't be necessary). -5. Do you mind regularly syncing up with the project mentors? +**5. Do you mind regularly syncing up with the project mentors?** Not at all! Regular sync-ups with the mentors will help me stay on track, get valuable feedback, and ensure the project progresses smoothly. --- From e2c0e5977cd52a43912a1cff49ef3dbf43acd88b Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 22:35:56 +0530 Subject: [PATCH 11/15] Update application_nikhil_apiauth_and_features.md --- .../2025/gsoc/application_nikhil_apiauth_and_features.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index 8ccd8b08..aa1bc81c 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -52,16 +52,20 @@ I’ve been actively contributing to APIDash, submitting multiple PRs and raisin **2. What is your one project/achievement that you are most proud of? Why?** + Leading a college hackathon team to build an API client under a strict deadline. This experience strengthened my problem-solving skills and ability to work efficiently under pressure. **3. What interests you the most about API Dash?** + APIDash is fascinating because of its fully Flutter-based architecture, which ensures a seamless and consistent cross-platform experience. Its efficient approach to request management and response visualization makes it a powerful yet lightweight tool. The way it streamlines code generation further enhances its usability for developers working with APIs. **4. Will you be working on GSoC full-time? In case not, what will you be studying or working on while working on the project?** + I will be working on GSoC full-time, dedicating 7+ hours per day, especially in the early stages, to ensure smooth progress. My vacations align perfectly with GSoC Timeline and my institute is very supportive for such opportunitites (if needed leave will be granted but i am sure it won't be necessary). **5. Do you mind regularly syncing up with the project mentors?** + Not at all! Regular sync-ups with the mentors will help me stay on track, get valuable feedback, and ensure the project progresses smoothly. --- From b0206a402af6ce74abfbb2fb84979628d73d25c2 Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Sun, 30 Mar 2025 23:27:23 +0530 Subject: [PATCH 12/15] Update application_nikhil_apiauth_and_features.md --- .../2025/gsoc/application_nikhil_apiauth_and_features.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index aa1bc81c..e55cc337 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -6,9 +6,11 @@ **Contact Info:** - **Email:** [nikhilljatt@gmail.com](mailto:nikhilljatt@gmail.com) +- **Contact No.** - +918708200907 - **Discord Handle:** @badnikhil - **GitHub:** [badnikhil](https://github.com/badnikhil) - **LINKEDIN:** [NIKHIL LUDDER](www.linkedin.com/in/nikhil-ludder-ba631216b) +- **INSTA:** [INSTA](https://www.instagram.com/bad.nikhill/) - **Time Zone:** UTC+5:30 (IST) --- From 56f27a5fdb8e031e7dd98d806fce3a6c4171b3cd Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:12:04 +0530 Subject: [PATCH 13/15] adding frontend idea --- .../2025/gsoc/application_nikhil_apiauth_and_features.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index e55cc337..96b95478 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -99,6 +99,10 @@ This project aims to expand APIDash by implementing multiple authentication meth --- # Authentication Integration +## Frontend Images +![image](https://github.com/user-attachments/assets/7e1471a0-86ca-469a-a765-41799246d720) +![image](https://github.com/user-attachments/assets/538a4b3a-7bf2-4f9c-8396-17f5a4ddb87d) + ## Authentication Methods to be Implemented 1. **Basic Authentication** - Username & Password From c5279cb2c2b7a6bc0face0ad9dff53a1b94761e2 Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:21:09 +0530 Subject: [PATCH 14/15] Update application_nikhil_apiauth_and_features.md --- .../2025/gsoc/application_nikhil_apiauth_and_features.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index 96b95478..1bc1840e 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -104,6 +104,9 @@ This project aims to expand APIDash by implementing multiple authentication meth ![image](https://github.com/user-attachments/assets/538a4b3a-7bf2-4f9c-8396-17f5a4ddb87d) + +**A dropdown to select the authentication type, along with an icon to open a dialog box where users can enter their credentials for seamless integration into their workflow. I will ensure minimal changes to the existing codebase(only a line or two ).* + ## Authentication Methods to be Implemented 1. **Basic Authentication** - Username & Password 2. **API Key Authentication** - Key-Value pair in headers or query From 08a6b333e91cccdd7e090445076853ea76d26053 Mon Sep 17 00:00:00 2001 From: Nikhil <72620320+badnikhil@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:26:07 +0530 Subject: [PATCH 15/15] Update application_nikhil_apiauth_and_features.md --- .../2025/gsoc/application_nikhil_apiauth_and_features.md | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md index 1bc1840e..f854b5bc 100644 --- a/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md +++ b/doc/proposals/2025/gsoc/application_nikhil_apiauth_and_features.md @@ -10,7 +10,6 @@ - **Discord Handle:** @badnikhil - **GitHub:** [badnikhil](https://github.com/badnikhil) - **LINKEDIN:** [NIKHIL LUDDER](www.linkedin.com/in/nikhil-ludder-ba631216b) -- **INSTA:** [INSTA](https://www.instagram.com/bad.nikhill/) - **Time Zone:** UTC+5:30 (IST) ---