[pull] main from hoppscotch:main

devenv.nix

@@ -39,6 +39,7 @@ in {
     nodePackages.prisma
     prisma-engines
     cargo-edit
+    cargo-tauri
   ] ++ lib.optionals pkgs.stdenv.isDarwin darwinPackages
     ++ lib.optionals pkgs.stdenv.isLinux linuxPackages;
 

package.json

@@ -53,7 +53,9 @@
       "@babel/runtime@<7.26.10": "7.26.10",
       "apiconnect-wsdl": "2.0.36",
       "@xmldom/xmldom": "0.8.10",
-      "[email protected]": "2.0.0"
+      "[email protected]": "2.0.1",
+      "[email protected]": "2.0.2",
+      "[email protected]": "1.1.12"
     },
     "packageExtensions": {
       "@hoppscotch/httpsnippet": {

packages/codemirror-lang-graphql/package.json

@@ -26,6 +26,6 @@
     "mocha": "9.2.2",
     "rollup": "3.29.4",
     "@rollup/plugin-typescript": "12.1.1",
-    "typescript": "5.2.2"
+    "typescript": "5.8.3"
   }
 }

packages/hoppscotch-agent/package.json

@@ -28,7 +28,7 @@
     "autoprefixer": "^10.4.20",
     "postcss": "^8.4.47",
     "tailwindcss": "^3.4.13",
-    "typescript": "^5.6.3",
+    "typescript": "^5.8.3",
     "unplugin-icons": "^0.19.3",
     "unplugin-vue-components": "28.4.1",
     "vite": "^5.4.8",

packages/hoppscotch-backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hoppscotch-backend",
-  "version": "2025.5.4",
+  "version": "2025.6.0",
   "description": "",
   "author": "",
   "private": true,

packages/hoppscotch-backend/src/auth/strategies/github.strategy.ts

@@ -1,11 +1,13 @@
-import { Strategy } from 'passport-github2';
+import { Strategy, Profile } from 'passport-github2';
 import { PassportStrategy } from '@nestjs/passport';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { AuthService } from '../auth.service';
 import { UserService } from 'src/user/user.service';
 import * as O from 'fp-ts/Option';
 import * as E from 'fp-ts/Either';
 import { ConfigService } from '@nestjs/config';
+import { validateEmail } from 'src/utils';
+import { AUTH_EMAIL_NOT_PROVIDED_BY_OAUTH } from 'src/errors';
 
 @Injectable()
 export class GithubStrategy extends PassportStrategy(Strategy) {
@@ -15,18 +17,26 @@ export class GithubStrategy extends PassportStrategy(Strategy) {
     private configService: ConfigService,
   ) {
     super({
-      clientID: configService.get('INFRA.GITHUB_CLIENT_ID'),
-      clientSecret: configService.get('INFRA.GITHUB_CLIENT_SECRET'),
-      callbackURL: configService.get('INFRA.GITHUB_CALLBACK_URL'),
-      scope: [configService.get('INFRA.GITHUB_SCOPE')],
+      clientID: configService.get<string>('INFRA.GITHUB_CLIENT_ID'),
+      clientSecret: configService.get<string>('INFRA.GITHUB_CLIENT_SECRET'),
+      callbackURL: configService.get<string>('INFRA.GITHUB_CALLBACK_URL'),
+      scope: [configService.get<string>('INFRA.GITHUB_SCOPE')],
       store: true,
     });
   }
 
-  async validate(accessToken, refreshToken, profile, done) {
-    const user = await this.usersService.findUserByEmail(
-      profile.emails[0].value,
-    );
+  async validate(
+    accessToken: string,
+    refreshToken: string,
+    profile: Profile,
+    done,
+  ) {
+    const email = profile.emails?.[0].value;
+
+    if (!validateEmail(email))
+      throw new UnauthorizedException(AUTH_EMAIL_NOT_PROVIDED_BY_OAUTH);
+
+    const user = await this.usersService.findUserByEmail(email);
 
     if (O.isNone(user)) {
       const createdUser = await this.usersService.createUserSSO(
@@ -38,7 +48,7 @@ export class GithubStrategy extends PassportStrategy(Strategy) {
     }
 
     /**
-     * * displayName and photoURL maybe null if user logged-in via magic-link before SSO
+     * displayName and photoURL maybe null if user logged-in via magic-link before SSO
      */
     if (!user.value.displayName || !user.value.photoURL) {
       const updatedUser = await this.usersService.updateUserDetails(
@@ -51,8 +61,8 @@ export class GithubStrategy extends PassportStrategy(Strategy) {
     }
 
     /**
-     * * Check to see if entry for Github is present in the Account table for user
-     * * If user was created with another provider findUserByEmail may return true
+     * Check to see if entry for Github is present in the Account table for user
+     * If user was created with another provider findUserByEmail may return true
      */
     const providerAccountExists =
       await this.authService.checkIfProviderAccountExists(user.value, profile);

packages/hoppscotch-backend/src/auth/strategies/google.strategy.ts

@@ -1,11 +1,14 @@
-import { Strategy, VerifyCallback } from 'passport-google-oauth20';
+import { Strategy, VerifyCallback, Profile } from 'passport-google-oauth20';
 import { PassportStrategy } from '@nestjs/passport';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { UserService } from 'src/user/user.service';
 import * as O from 'fp-ts/Option';
 import { AuthService } from '../auth.service';
 import * as E from 'fp-ts/Either';
 import { ConfigService } from '@nestjs/config';
+import { Request } from 'express';
+import { validateEmail } from 'src/utils';
+import { AUTH_EMAIL_NOT_PROVIDED_BY_OAUTH } from 'src/errors';
 
 @Injectable()
 export class GoogleStrategy extends PassportStrategy(Strategy) {
@@ -15,25 +18,28 @@ export class GoogleStrategy extends PassportStrategy(Strategy) {
     private configService: ConfigService,
   ) {
     super({
-      clientID: configService.get('INFRA.GOOGLE_CLIENT_ID'),
-      clientSecret: configService.get('INFRA.GOOGLE_CLIENT_SECRET'),
-      callbackURL: configService.get('INFRA.GOOGLE_CALLBACK_URL'),
-      scope: configService.get('INFRA.GOOGLE_SCOPE').split(','),
+      clientID: configService.get<string>('INFRA.GOOGLE_CLIENT_ID'),
+      clientSecret: configService.get<string>('INFRA.GOOGLE_CLIENT_SECRET'),
+      callbackURL: configService.get<string>('INFRA.GOOGLE_CALLBACK_URL'),
+      scope: configService.get<string>('INFRA.GOOGLE_SCOPE').split(','),
       passReqToCallback: true,
       store: true,
     });
   }
 
   async validate(
     req: Request,
-    accessToken,
-    refreshToken,
-    profile,
+    accessToken: string,
+    refreshToken: string,
+    profile: Profile,
     done: VerifyCallback,
   ) {
-    const user = await this.usersService.findUserByEmail(
-      profile.emails[0].value,
-    );
+    const email = profile.emails?.[0].value;
+
+    if (!validateEmail(email))
+      throw new UnauthorizedException(AUTH_EMAIL_NOT_PROVIDED_BY_OAUTH);
+
+    const user = await this.usersService.findUserByEmail(email);
 
     if (O.isNone(user)) {
       const createdUser = await this.usersService.createUserSSO(
@@ -45,7 +51,7 @@ export class GoogleStrategy extends PassportStrategy(Strategy) {
     }
 
     /**
-     * * displayName and photoURL maybe null if user logged-in via magic-link before SSO
+     * displayName and photoURL maybe null if user logged-in via magic-link before SSO
      */
     if (!user.value.displayName || !user.value.photoURL) {
       const updatedUser = await this.usersService.updateUserDetails(
@@ -58,8 +64,8 @@ export class GoogleStrategy extends PassportStrategy(Strategy) {
     }
 
     /**
-     * * Check to see if entry for Google is present in the Account table for user
-     * * If user was created with another provider findUserByEmail may return true
+     * Check to see if entry for Google is present in the Account table for user
+     * If user was created with another provider findUserByEmail may return true
      */
     const providerAccountExists =
       await this.authService.checkIfProviderAccountExists(user.value, profile);

packages/hoppscotch-backend/src/auth/strategies/jwt.strategy.ts

@@ -93,7 +93,7 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
             ),
           ),
       ]),
-      secretOrKey: configService.get('JWT_SECRET'),
+      secretOrKey: configService.get<string>('JWT_SECRET'),
     });
   }
 

packages/hoppscotch-backend/src/auth/strategies/microsoft.strategy.ts

@@ -6,6 +6,8 @@ import { UserService } from 'src/user/user.service';
 import * as O from 'fp-ts/Option';
 import * as E from 'fp-ts/Either';
 import { ConfigService } from '@nestjs/config';
+import { validateEmail } from 'src/utils';
+import { AUTH_EMAIL_NOT_PROVIDED_BY_OAUTH } from 'src/errors';
 
 @Injectable()
 export class MicrosoftStrategy extends PassportStrategy(Strategy) {
@@ -15,19 +17,27 @@ export class MicrosoftStrategy extends PassportStrategy(Strategy) {
     private configService: ConfigService,
   ) {
     super({
-      clientID: configService.get('INFRA.MICROSOFT_CLIENT_ID'),
-      clientSecret: configService.get('INFRA.MICROSOFT_CLIENT_SECRET'),
-      callbackURL: configService.get('INFRA.MICROSOFT_CALLBACK_URL'),
-      scope: configService.get('INFRA.MICROSOFT_SCOPE').split(','),
-      tenant: configService.get('INFRA.MICROSOFT_TENANT'),
+      clientID: configService.get<string>('INFRA.MICROSOFT_CLIENT_ID'),
+      clientSecret: configService.get<string>('INFRA.MICROSOFT_CLIENT_SECRET'),
+      callbackURL: configService.get<string>('INFRA.MICROSOFT_CALLBACK_URL'),
+      scope: configService.get<string>('INFRA.MICROSOFT_SCOPE').split(','),
+      tenant: configService.get<string>('INFRA.MICROSOFT_TENANT'),
       store: true,
     });
   }
 
-  async validate(accessToken: string, refreshToken: string, profile, done) {
-    const user = await this.usersService.findUserByEmail(
-      profile.emails[0].value,
-    );
+  async validate(
+    accessToken: string,
+    refreshToken: string,
+    profile,
+    done,
+  ) {
+    const email = profile?.emails?.[0]?.value;
+
+    if (!validateEmail(email))
+      throw new UnauthorizedException(AUTH_EMAIL_NOT_PROVIDED_BY_OAUTH);
+
+    const user = await this.usersService.findUserByEmail(email);
 
     if (O.isNone(user)) {
       const createdUser = await this.usersService.createUserSSO(
@@ -39,7 +49,7 @@ export class MicrosoftStrategy extends PassportStrategy(Strategy) {
     }
 
     /**
-     * * displayName and photoURL maybe null if user logged-in via magic-link before SSO
+     * displayName and photoURL maybe null if user logged-in via magic-link before SSO
      */
     if (!user.value.displayName || !user.value.photoURL) {
       const updatedUser = await this.usersService.updateUserDetails(
@@ -52,8 +62,8 @@ export class MicrosoftStrategy extends PassportStrategy(Strategy) {
     }
 
     /**
-     * * Check to see if entry for Microsoft is present in the Account table for user
-     * * If user was created with another provider findUserByEmail may return true
+     * Check to see if entry for Microsoft is present in the Account table for user
+     * If user was created with another provider findUserByEmail may return true
      */
     const providerAccountExists =
       await this.authService.checkIfProviderAccountExists(user.value, profile);

packages/hoppscotch-backend/src/auth/strategies/rt-jwt.strategy.ts

@@ -25,15 +25,15 @@ export class RTJwtStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
     super({
       jwtFromRequest: ExtractJwt.fromExtractors([
         (request: Request) => {
-          const RTCookie = request.cookies['refresh_token'];
+          const RTCookie = request.cookies?.['refresh_token'];
           if (!RTCookie) {
             console.error('`refresh_token` not found');
             throw new ForbiddenException(COOKIES_NOT_FOUND);
           }
           return RTCookie;
         },
       ]),
-      secretOrKey: configService.get('JWT_SECRET'),
+      secretOrKey: configService.get<string>('JWT_SECRET'),
     });
   }
 

packages/hoppscotch-backend/src/errors.ts

@@ -43,6 +43,13 @@ export const AUTH_PROVIDER_NOT_SPECIFIED = 'auth/provider_not_specified';
 export const AUTH_PROVIDER_NOT_CONFIGURED =
   'auth/provider_not_configured_correctly';
 
+/**
+ * Email not provided by OAuth provider
+ * (SSO Strategies)
+ */
+export const AUTH_EMAIL_NOT_PROVIDED_BY_OAUTH =
+  'auth/email_not_provided_by_oauth';
+
 /**
  * Environment variable "VITE_ALLOWED_AUTH_PROVIDERS" is not present in .env file
  */

packages/hoppscotch-common/assets/scss/styles.scss

@@ -158,7 +158,6 @@ a {
     @apply shadow-none #{!important};
     @apply fixed;
     @apply inline-flex;
-    @apply -mt-7;
   }
 }
 
@@ -169,7 +168,7 @@ a {
   @apply shadow;
 
   .tippy-content {
-    @apply flex;
+    @apply flex flex-col;
     @apply text-tiny text-primary;
     @apply font-semibold;
     @apply px-2 py-1;