Skip to content

enhance: automatically use the generic credential tool for OpenAPI #488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 14, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 50 additions & 16 deletions pkg/engine/openapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/gptscript-ai/gptscript/pkg/env"
"github.com/gptscript-ai/gptscript/pkg/types"
"github.com/tidwall/gjson"
"golang.org/x/exp/maps"
)

var (
Expand All @@ -35,6 +36,45 @@ type SecurityInfo struct {
In string `json:"in"` // header, query, or cookie, for type==apiKey
}

func (i SecurityInfo) GetCredentialToolStrings(hostname string) []string {
vars := i.getCredentialNamesAndEnvVars(hostname)
var tools []string

for cred, v := range vars {
field := "value"
switch i.Type {
case "apiKey":
field = i.APIKeyName
case "http":
if i.Scheme == "bearer" {
field = "bearer token"
} else {
if strings.Contains(v, "PASSWORD") {
field = "password"
} else {
field = "username"
}
}
}

tools = append(tools, fmt.Sprintf("github.com/gptscript-ai/credential as %s with %s as env and %q as message and %q as field",
cred, v, "Please provide a value for the "+v+" environment variable", field))
}
return tools
}

func (i SecurityInfo) getCredentialNamesAndEnvVars(hostname string) map[string]string {
if i.Type == "http" && i.Scheme == "basic" {
return map[string]string{
hostname + i.Name + "Username": "GPTSCRIPT_" + env.ToEnvLike(hostname) + "_" + env.ToEnvLike(i.Name) + "_USERNAME",
hostname + i.Name + "Password": "GPTSCRIPT_" + env.ToEnvLike(hostname) + "_" + env.ToEnvLike(i.Name) + "_PASSWORD",
}
}
return map[string]string{
hostname + i.Name: "GPTSCRIPT_" + env.ToEnvLike(hostname) + "_" + env.ToEnvLike(i.Name),
}
}

type OpenAPIInstructions struct {
Server string `json:"server"`
Path string `json:"path"`
Expand Down Expand Up @@ -83,8 +123,8 @@ func (e *Engine) runOpenAPI(tool types.Tool, input string) (*Return, error) {
return nil, fmt.Errorf("failed to create request: %w", err)
}

// Check for authentication (only if using HTTPS)
if u.Scheme == "https" {
// Check for authentication (only if using HTTPS or localhost)
if u.Scheme == "https" || u.Hostname() == "localhost" || u.Hostname() == "127.0.0.1" {
if len(instructions.SecurityInfos) > 0 {
if err := handleAuths(req, envMap, instructions.SecurityInfos); err != nil {
return nil, fmt.Errorf("error setting up authentication: %w", err)
Expand Down Expand Up @@ -181,15 +221,9 @@ func handleAuths(req *http.Request, envMap map[string]string, infoSets [][]Secur
for _, infoSet := range infoSets {
var missing []string // Keep track of any missing environment variables
for _, info := range infoSet {
envNames := []string{"GPTSCRIPT_" + env.ToEnvLike(req.URL.Hostname()) + "_" + env.ToEnvLike(info.Name)}
if info.Type == "http" && info.Scheme == "basic" {
envNames = []string{
"GPTSCRIPT_" + env.ToEnvLike(req.URL.Hostname()) + "_" + env.ToEnvLike(info.Name) + "_USERNAME",
"GPTSCRIPT_" + env.ToEnvLike(req.URL.Hostname()) + "_" + env.ToEnvLike(info.Name) + "_PASSWORD",
}
}
vars := info.getCredentialNamesAndEnvVars(req.URL.Hostname())

for _, envName := range envNames {
for _, envName := range vars {
if _, ok := envMap[envName]; !ok {
missing = append(missing, envName)
}
Expand All @@ -203,28 +237,28 @@ func handleAuths(req *http.Request, envMap map[string]string, infoSets [][]Secur
// We're using this info set, because no environment variables were missing.
// Set up the request as needed.
for _, info := range infoSet {
envName := "GPTSCRIPT_" + env.ToEnvLike(req.URL.Hostname()) + "_" + env.ToEnvLike(info.Name)
envNames := maps.Values(info.getCredentialNamesAndEnvVars(req.URL.Hostname()))
switch info.Type {
case "apiKey":
switch info.In {
case "header":
req.Header.Set(info.APIKeyName, envMap[envName])
req.Header.Set(info.APIKeyName, envMap[envNames[0]])
case "query":
v := url.Values{}
v.Add(info.APIKeyName, envMap[envName])
v.Add(info.APIKeyName, envMap[envNames[0]])
req.URL.RawQuery = v.Encode()
case "cookie":
req.AddCookie(&http.Cookie{
Name: info.APIKeyName,
Value: envMap[envName],
Value: envMap[envNames[0]],
})
}
case "http":
switch info.Scheme {
case "bearer":
req.Header.Set("Authorization", "Bearer "+envMap[envName])
req.Header.Set("Authorization", "Bearer "+envMap[envNames[0]])
case "basic":
req.SetBasicAuth(envMap[envName+"_USERNAME"], envMap[envName+"_PASSWORD"])
req.SetBasicAuth(envMap[envNames[0]], envMap[envNames[1]])
}
}
}
Expand Down
11 changes: 11 additions & 0 deletions pkg/loader/openapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,17 @@ func getOpenAPITools(t *openapi3.T, defaultHost string) ([]types.Tool, error) {
return nil, err
}

if len(infos) > 0 {
// Set up credential tools for the first set of infos.
for _, info := range infos[0] {
operationServerURL, err := url.Parse(operationServer)
if err != nil {
return nil, fmt.Errorf("failed to parse operation server URL: %w", err)
}
tool.Credentials = info.GetCredentialToolStrings(operationServerURL.Hostname())
}
}

// Register
toolNames = append(toolNames, tool.Parameters.Name)
tools = append(tools, tool)
Expand Down
4 changes: 3 additions & 1 deletion pkg/types/tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,9 @@ func (t ToolDef) String() string {
_, _ = fmt.Fprintf(buf, "Internal Prompt: %v\n", *t.Parameters.InternalPrompt)
}
if len(t.Parameters.Credentials) > 0 {
_, _ = fmt.Fprintf(buf, "Credentials: %s\n", strings.Join(t.Parameters.Credentials, ", "))
for _, cred := range t.Parameters.Credentials {
_, _ = fmt.Fprintf(buf, "Credential: %s\n", cred)
}
Comment on lines +414 to +416
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We were previously printing the credential tools all on one line, which is no longer supported. This change makes it print each on its own line, which is supported.

}
if t.Parameters.Chat {
_, _ = fmt.Fprintf(buf, "Chat: true\n")
Expand Down
Loading