Need your feedback on a new key-value piston input type in webCoRE


#6

I don’t have any additional use cases to add, but this would be very helpful for me!


#7

I believe this would help me in getting information on a specific call where there are numerous Request Headers and Body. At the moment, i can use Postman to get it but don’t have much luck using WC. This is the cURL code:

curl -X POST
https://api.onegov.nsw.gov.au/FuelPriceCheck/v1/fuel/prices/nearby
-H ‘Authorization: Bearer myAccessToken’
-H ‘Cache-Control: no-cache’
-H ‘Content-Type: application/x-www-form-urlencoded’
-H ‘Postman-Token: 3b1e4b26-0957-4519-9db9-75f50879ecf6’
-H ‘apikey: myAPIkey’
-H ‘requesttimestamp: 05/11/2018 3:30 PM’
-H ‘transactionid: 0001’
-d ‘fueltype=E10&latitude=-33.879605&longitude=151.155464&radius=2&sortby=price’

This is for a fuel price check.


#8

I would definitely like to add custom headers. I am currently unable to utilize a external API because of this.

Thank you.


#9

Just adding my voice to others in support of custom headers for http requests. In my current use case, I need to set a specific custom header to authenticate against a BOND home remote transmitter to use its local API.


#10

I don’t think I’ll be able to work on this but if anyone else wants to take a stab at this or something similar for headers… contributions are welcome =)


#11

Just thought I’d add another voice to the rest in regards to custom headers. Would be nice to be able to make requests directly to my AC unit rather than going through tasker.


#12

Another hand in the air for customer headers. Specifically looking for ‘x-api-key’ to use with AWS Gateway which does not support ‘Authorization’ header. I assume with the popularity of AWS this would be on others radar/wishlists.

curl -X POST -H "x-api-key: theKey" -H "Content-Type: application/json" -d '{"key":"val"}' https://[api-id].execute-api.[region].amazonaws.com

#13

I made a hack to allow for adding a custom header tag if you in a ‘:’ in the string. Update the ‘webCoRE Piston’ application at line 3282 to the following:

headers: (auth ? (auth.contains(':') ? [(auth.split(':')[0]): (auth.split(':')[1])] : [Authorization : auth]) : [:]),

Works fine with AWS API Gateway with API key enabled. Screen shot of my POST function below.


webCoRE Update v0.3.10f.20190822 - Custom headers on web requests by @Bloodtick_Jones, capability selection fix
API header in web reqest
#14

Sorry for multiple ‘to me’ replies, but after my initial headers hack determined that having more than one header entry addition would be beneficial in the future. This change will look for the colon ‘:’ and will then parse on a JSON object which requires double quotes to be used around keys and values to build a header map.

Change again is only at line 3282 in the ‘webCoRE Piston’ and is backward compatible:

headers: (auth ? (auth.contains(':') ? ( new groovy.json.JsonSlurper().parseText("{"+auth+"}") ) : [Authorization : auth]) : [:]),

Here is a reasonably complicated header solution tested:

"x-api-key" : "{apikey}", "authorization" : "{apikey}", "Public-Key-Pins": "max-age=2592000; pin-sha256=\\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\\";"

Webcore screenshot:

Which results in the following posted properly as shown:

POST / HTTP/1.1
Host: testit.requestcatcher.com
Accept: */*
Accept-Encoding: gzip,deflate
Authorization: abcefH9rjkl67854rhP082zxcvbS1zbcdewjjNLY
Connection: Keep-Alive
Content-Length: 161
Content-Type: application/json
Public-Key-Pins: max-age=2592000; pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
User-Agent: Apache-HttpClient/4.5.2 (Java/1.7.0_201)
X-Api-Key: abcefH9rjkl67854rhP082zxcvbS1zbcdewjjNLY

{"lastSpokenToTime":"1564146881965","lastSpeakCmd":"Test this function ran at 8:27:27 AM","lastVoiceActivity":"stop","volume":"25","device":"My Test Echo"}

#15

Hello @Bloodtick_Jones
Just wanted to check if this hack will affect existing/working Webcore web-requests that already have an authorization header or would I need to re-write those pistons?
Thanks
Tim


#16

It should work as-is without re-write unless the existing authorization header has a colon “:” which I do not believe is possible since the authorization syntax uses base64 encoding for the (username:password) combination and the “:” is not available.

I check for the colon with “auth.contains(’:’)” statement and then look for the JSON object in the user field; otherwise it will use the original logic that just copies the information from the user field as “Authorization: {your input copied here}”; or if empty does nothing.


#17

@Bloodtick_Jones
Thanks very much for this. Hack works for me. I finally have control of my ac unit directly from webcore so no need to go through tasker anymore. I can also confirm that this had no affect on existing webcore requests.
I’m new to hacking the changes in the webcore code so when it comes to updating webcore to a new version in the future how will I know which line of code to change?
Thanks again
Tim


#18

If you look at the SmartApps you will see now a magnifier has appeared. Click that and scan down and you will see the diff between the GitHub master branch and your change. I doubt if ady624 is in any hurry to refactor his code so the area should not change much. You can just left push this change and then overwrite the local version, save and then go back and publish.

51%20AM

I will create a branch and submit a pull request to the master and see if ady264 will accept it; so this would be part of the solution and a hack isn’t required. Great to hear it worked with your original authorization header pistons.


#19

@Bloodtick_Jones
Yep all still working great. Thanks for the reply. The update seems like it will be straight forward enough.


#20

I thought I replied to your pull request last week but I don’t see the reply on GitHub. Just a few tweaks then this can be pulled into webCoRE so that manual patching is not necessary.


#21

Working with @ipaterson to get this into the master. The discussion is around making the value a true JSON string which would require brackets to complete. The colon check could be a problem if not base64 encoded. The code update hack would be again at 3282 as the following looking for the brackets as follows:

Line 3282:

headers: (auth ? ((auth.startsWith('{') && auth.endsWith('}')) ? ( new groovy.json.JsonSlurper().parseText( auth ) ) : [Authorization : auth]) : [:]),

Your piston input value will need to change to have escaped { } as shown here:

\{ "x-api-key" : "{apikey}", "authorization" : "{apikey}", "Public-Key-Pins": "max-age=2592000; pin-sha256=\\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\\";" \}

or simple x-api-key only would be:

\{ "x-api-key" : "{apikey}" \}

It would be great to get a second check on this and the okay your side.


Getting 403 with custom http header X-Api-Key
Getting 403 with custom http header X-Api-Key
#22

Hello @Bloodtick_Jones & @ipaterson . I have re-amended the code at line 3282 and updated my Authoization header Value as per your instructions and can confirm that, for me at least, all is still functioning as intended. I again checked all existing pistons (unnecessarily I’m sure) to confirm that they were unaffected by the update which I can also confirm.
Thanks very much for all of the work you guys are putting in.


#23

I tested local and remote requests and this seems solid. I like the Expression input for json since you can split it into multiple lines:

'\{
    "Header-A": "anteater",
    "Header-B": "bumblebee"
\}'

To properly encode values that may contain a double quote character I’m using the following. The json function is also useful for safely encoding data from a variable. In the Expression input:

'\{
    "x-foo": {json('a"b')}
\}'

#24

I believe I will have time to release this tomorrow morning. The update also includes a fix for some people who were having trouble selecting devices in the app.


#25

Hi!

I must confess that I have an OCD: need to optimize code, otherwise it stays bugging me forever.

The implementation of key-value variable would be a blessing to solve some challenges that I’m facing with my pistons.

I read part of this thread and I’m bit confused … has it been implemented? Seems that it hasn’t. Am I wrong?

Thanks!