feat: add ability to pass certs (#519)

NigelGreenway · Nigel Greenway · boltlessengineer · web-flow · commit fc34f46906c4 · 2025-02-14T00:35:39.000+09:00
feat: add ability to pass certs

A key feature that is missing from what I can tell is the ability to
pass a cert/key. This change request is to add a cert/key via
configuration based on the host. If it matches that host, then the
file path for the certs/keys will be added to the request.

Changes:
 - Add `--cert` and `--key` flag with file path to docs
 - Add a configuration setup so the keys are only sent with the
   corresponding request
 - Add test case for applying certifications

Co-authored-by: Nigel Greenway &lt;github@futurepixels.co.uk&gt;
Co-authored-by: Seongmin Lee &lt;boltlessengineer@gmail.com&gt;
diff --git a/doc/rest-nvim.txt b/doc/rest-nvim.txt
@@ -185,8 +185,11 @@ rest.Opts.Clients.Curl                                  *rest.Opts.Clients.Curl*
 rest.Opts.Clients.Curl.Opts                        *rest.Opts.Clients.Curl.Opts*
 
     Fields: ~
-        {set_compressed?}  (boolean)   Add `--compressed` argument when `Accept-Encoding` header includes `gzip`
-                                       (Default: `false`)
+        {set_compressed?}  (boolean)         Add `--compressed` argument when `Accept-Encoding` header includes `gzip`
+                                             (Default: `false`)
+        {certificates?}    (Certificates[])  Add `--cert` or `--key`  to the `curl` command when required with
+                                             specific domains
+                                             (default: nil)
 
 
 RestStatisticsStyle                                        *RestStatisticsStyle*
diff --git a/lua/rest-nvim/client/curl/cli.lua b/lua/rest-nvim/client/curl/cli.lua
@@ -184,6 +184,20 @@ function builder.extras(req)
             vim.list_extend(args, { "--compressed" })
         end
     end
+    --
+    for domain, _ in pairs(config.clients.curl.opts.certificates) do
+        local target = req.url
+
+        -- TODO(boltless): this is temporary solution. use same logic from cookie_jar instead
+        local s, _ = string.find(target, domain, 1, true)
+
+        if s ~= nil then
+            vim.list_extend(args, { "--cert", config.clients.curl.opts.certificates[domain].set_certificate_crt })
+            vim.list_extend(args, { "--key", config.clients.curl.opts.certificates[domain].set_certificate_key })
+            break
+        end
+    end
+
     return args
 end
 
diff --git a/lua/rest-nvim/config/default.lua b/lua/rest-nvim/config/default.lua
@@ -49,6 +49,8 @@ local default_config = {
                 ---@type boolean Add `--compressed` argument when `Accept-Encoding` header includes
                 ---`gzip`
                 set_compressed = false,
+                ---@type table<string, Certificate> Table containing certificates for each domains
+                certificates = {},
             },
         },
     },
diff --git a/lua/rest-nvim/config/init.lua b/lua/rest-nvim/config/init.lua
@@ -69,6 +69,13 @@ local config
 --- Add `--compressed` argument when `Accept-Encoding` header includes `gzip`
 --- (Default: `false`)
 ---@field set_compressed? boolean
+--- Add `--cert`, `--key` or `--pem` to the `curl` command when required with specific domains
+--- (default: `nil`)
+---@field certificates? table<string, Certificate>
+
+---@class Certificate
+---@field set_certificate_crt string
+---@field set_certificate_key string
 
 ---@class RestStatisticsStyle
 --- Identifier used used in curl's `--write-out` option
diff --git a/spec/client/curl/cli_spec.lua b/spec/client/curl/cli_spec.lua
@@ -7,6 +7,7 @@ vim.g.rest_nvim = vim.tbl_deep_extend("force", {
         curl = {
             opts = {
                 set_compressed = true,
+                certificates = {},
             },
         },
     },
diff --git a/spec/client/curl/cli_with_certs_spec.lua b/spec/client/curl/cli_with_certs_spec.lua
@@ -0,0 +1,50 @@
+---@diagnostic disable: invisible
+---@module 'luassert'
+
+require("spec.minimal_init")
+vim.g.rest_nvim = vim.tbl_deep_extend("force", {
+    clients = {
+        curl = {
+            opts = {
+                certificates = {
+                    ["localhost"] = {
+                        set_certificate_crt = "./my.cert",
+                        set_certificate_key = "./my.key",
+                    },
+                },
+            },
+        },
+    },
+}, vim.g.rest_nvim)
+
+local Context = require("rest-nvim.context").Context
+local curl = require("rest-nvim.client.curl.cli")
+local builder = curl.builder
+
+local STAT_FORMAT = builder.STAT_ARGS[2]
+
+require("rest-nvim.client.curl.cli").config = vim.g.rest_nvim
+
+describe("Curl cli builder", function()
+    it("with opts.certificates", function()
+        local args = builder.build({
+            context = Context:new(),
+            method = "POST",
+            url = "http://localhost:8000",
+            headers = {},
+            cookies = {},
+            handlers = {},
+        })
+        assert.same({
+            "http://localhost:8000",
+            "--cert",
+            "./my.cert",
+            "--key",
+            "./my.key",
+            "-X",
+            "POST",
+            "-w",
+            STAT_FORMAT,
+        }, args)
+    end)
+end)
