implement uuid in query param matcher

The old logic with the uuid in a custom header didn't work for CORS requests, but adding the uuid as a query param should work. Downside is that the uuid will look different in the web inspector.

So we restructure the RequestUuidMatcher into an abstract class, with two implementations RequestUuidInHeaderMatcher.kt (with the previous logic) and RequestUuidInQueryParamMatcher.kt with the new logic.

Then the user of the library can decide which one to use.

Author: maxeoneo

README.md

@@ -52,6 +52,28 @@ To manually process requests:
     }
 ```
 
+For both cases you can choose between different strategies for how the recorded requests (including 
+the body) and the intercepted requests are matched together. By default, only the url is used. If 
+you want to use a different strategy, for example if you have parallel requests to the same url with
+different bodies (e.g. GraphQL queries), you can pass a custom `RequestMatcher` to the constructor 
+of `RequestInspectorWebViewClient`:
+
+```kotlin
+    val webView = WebView(this)
+    webView.webViewClient = RequestInspectorWebViewClient(
+        webView,
+        matcher = RequestGeneratedUuidInHeaderMatcher()
+    )
+```
+
+Currently available matchers are `RequestGeneratedUuidInHeaderMatcher` and 
+`RequestGeneratedUuidInUrlMatcher`, which both create an UUID and add it to the request before it's 
+recorded and sent. They only differ by how they attach the UUID to the request, as an additional 
+header or as an additional query param. But both clean up the request before it's been sent. 
+
+If you want to implement your own matching strategy, you can implement the `RequestMatcher` 
+interface and pass an instance of it to the constructor of `RequestInspectorWebViewClient`.
+
 Known limitations
 ===
 

app/src/main/java/com/acsbendi/requestinspectorwebview/RequestInspectorJavaScriptInterface.kt

@@ -122,7 +122,12 @@ class RequestInspectorJavaScriptInterface(webView: WebView, val matcher: Request
 
     @JavascriptInterface
     fun getAdditionalHeaders(url: String): String {
-        return matcher.additionalHeaders(url).toString()
+        return matcher.getAdditionalHeaders(url).toString()
+    }
+
+    @JavascriptInterface
+    fun getAdditionalQueryParam(): String {
+        return matcher.getAdditionalQueryParams()
     }
 
     private fun addRecordedRequest(recordedRequest: RecordedRequest) {
@@ -251,6 +256,31 @@ function getFullUrl(url) {
     }
 }
 
+function setAdditionalHeaders(url, callback) {
+    try {
+        var extraHeaders = JSON.parse($INTERFACE_NAME.getAdditionalHeaders(url));
+        callback(extraHeaders);
+    } catch (e) {
+        console.warn('Failed to inject headers from Kotlin:', e);
+    }
+}
+
+function appendAdditionalQueryParams(url) {
+    try {
+        var extraQueryParam = $INTERFACE_NAME.getAdditionalQueryParam();
+        if (extraQueryParam) {
+            if (url.indexOf('?') === -1) {
+                url += '?' + extraQueryParam;
+            } else {
+                url += '&' + extraQueryParam;
+            }
+        }
+    } catch (e) { 
+        console.warn('Failed to inject query param from Kotlin:', e); 
+    }
+    return url;
+}
+
 function recordFormSubmission(form) {
     var jsonArr = [];
     for (i = 0; i < form.elements.length; i++) {
@@ -271,7 +301,7 @@ function recordFormSubmission(form) {
 
     const path = form.attributes['action'] === undefined ? "/" : form.attributes['action'].nodeValue;
     const method = form.attributes['method'] === undefined ? "GET" : form.attributes['method'].nodeValue;
-    const url = getFullUrl(path);
+    const url = appendAdditionalQueryParams(getFullUrl(path));
     const encType = form.attributes['enctype'] === undefined ? "application/x-www-form-urlencoded" : form.attributes['enctype'].nodeValue;
     const err = new Error();
     $INTERFACE_NAME.recordFormSubmission(
@@ -303,9 +333,9 @@ let xmlhttpRequestUrl = null;
 XMLHttpRequest.prototype._open = XMLHttpRequest.prototype.open;
 XMLHttpRequest.prototype.open = function (method, url, async, user, password) {
     lastXmlhttpRequestPrototypeMethod = method;
-    xmlhttpRequestUrl = url;
+    xmlhttpRequestUrl = appendAdditionalQueryParams(url);
     const asyncWithDefault = async === undefined ? true : async;
-    this._open(method, url, asyncWithDefault, user, password);
+    this._open(method, xmlhttpRequestUrl, asyncWithDefault, user, password);
 };
 XMLHttpRequest.prototype._setRequestHeader = XMLHttpRequest.prototype.setRequestHeader;
 XMLHttpRequest.prototype.setRequestHeader = function (header, value) {
@@ -315,18 +345,14 @@ XMLHttpRequest.prototype.setRequestHeader = function (header, value) {
 XMLHttpRequest.prototype._send = XMLHttpRequest.prototype.send;
 XMLHttpRequest.prototype.send = function (body) {
     const err = new Error();
-    const url = getFullUrl(xmlhttpRequestUrl);
-    // Inject headers from Kotlin if any
-    try {
-        var extraHeaders = JSON.parse($INTERFACE_NAME.getAdditionalHeaders(url));
+    let url = getFullUrl(xmlhttpRequestUrl);
+    setAdditionalHeaders(url, function(extraHeaders) {
         for (var h in extraHeaders) {
             if (extraHeaders.hasOwnProperty(h)) {
                 this.setRequestHeader(h, extraHeaders[h]);
             }
         }
-    } catch (e) { 
-        console.warn('Failed to inject headers from Kotlin (XHR):', e); 
-    }
+    }.bind(this));
     $INTERFACE_NAME.recordXhr(
         url,
         lastXmlhttpRequestPrototypeMethod,
@@ -345,33 +371,27 @@ window.fetch = function () {
     const firstArgument = arguments[0];
     let url, method, body, headers;
     if (typeof firstArgument === 'string') {
-        url = firstArgument;
+        url = appendAdditionalQueryParams(firstArgument);
         if (!arguments[1]) arguments[1] = {};
-        method = arguments[1] && 'method' in arguments[1] ? arguments[1]['method'] : "GET";
-        body = arguments[1] && 'body' in arguments[1] ? arguments[1]['body'] : "";
-        headers = arguments[1] && 'headers' in arguments[1] ? arguments[1]['headers'] : {};
-        // Inject headers from Kotlin if any
-        try {
-            var extraHeaders = JSON.parse($INTERFACE_NAME.getAdditionalHeaders(url));
-            arguments[1].headers = Object.assign({}, extraHeaders, headers || {});
-        } catch (e) { 
-            console.warn('Failed to inject headers from Kotlin (fetch):', e); 
-        }
+        method = 'method' in arguments[1] ? arguments[1]['method'] : "GET";
+        body = 'body' in arguments[1] ? arguments[1]['body'] : "";
+        headers = 'headers' in arguments[1] ? arguments[1]['headers'] : {};
+        setAdditionalHeaders(url, function(extraHeaders) {
+            arguments[1].headers = { ...extraHeaders, ...headers };
+        });
+        arguments[0] = url;
     } else {
         // Request object
-        url = firstArgument.url;
+        url = appendAdditionalQueryParams(firstArgument.url);
         method = firstArgument.method;
         body = firstArgument.body;
         headers = Object.fromEntries(firstArgument.headers.entries());
-        // Inject headers from Kotlin if any
-        try {
-            var extraHeaders = JSON.parse($INTERFACE_NAME.getAdditionalHeaders(url));
+        setAdditionalHeaders(url, function(extraHeaders) {
             for (var h in extraHeaders) {
                 firstArgument.headers.set ? firstArgument.headers.set(h, extraHeaders[h]) : firstArgument.headers[h] = extraHeaders[h];
             }
-        } catch (e) { 
-            console.warn('Failed to inject headers from Kotlin (fetch):', e); 
-        }
+        });
+        firstArgument.url = url;
     }
     
     const fullUrl = getFullUrl(url);

app/src/main/java/com/acsbendi/requestinspectorwebview/RequestInspectorWebViewClient.kt

@@ -7,13 +7,13 @@ import android.webkit.WebResourceRequest
 import android.webkit.WebResourceResponse
 import android.webkit.WebView
 import android.webkit.WebViewClient
-import androidx.core.net.toUri
 import com.acsbendi.requestinspectorwebview.matcher.RequestMatcher
 import com.acsbendi.requestinspectorwebview.matcher.RequestUrlMatcher
 
 @SuppressLint("SetJavaScriptEnabled")
 open class RequestInspectorWebViewClient @JvmOverloads constructor(
-    webView: WebView, val matcher: RequestMatcher = RequestUrlMatcher(),
+    webView: WebView,
+    val matcher: RequestMatcher = RequestUrlMatcher(),
     private val options: RequestInspectorOptions = RequestInspectorOptions()
 ) : WebViewClient() {
 
@@ -48,7 +48,7 @@ open class RequestInspectorWebViewClient @JvmOverloads constructor(
 
     override fun onPageStarted(view: WebView, url: String, favicon: Bitmap?) {
         Log.i(LOG_TAG, "Page started loading, enabling request inspection. URL: $url")
-        matcher.setOrigin(url)
+        matcher.onPageStarted(url)
         RequestInspectorJavaScriptInterface.enabledRequestInspection(
             view,
             options.extraJavaScriptToInject

app/src/main/java/com/acsbendi/requestinspectorwebview/matcher/RequestGeneratedUuidInHeaderMatcher.kt

@@ -0,0 +1,61 @@
+package com.acsbendi.requestinspectorwebview.matcher
+
+import android.util.Log
+import android.webkit.WebResourceRequest
+import androidx.core.net.toUri
+import com.acsbendi.requestinspectorwebview.RequestInspectorJavaScriptInterface.RecordedRequest
+import org.json.JSONObject
+import java.util.UUID
+
+/**
+ * This matcher only works for NON CORS requests. It adds a unique UUID header to each request
+ * originating from the WebView, and matches recorded requests based on that header.
+ *
+ * It doesn't work for CORS requests, because it changes the headers of the request, which influences the preflight
+ * request checking for allowed headers. Even when cleaning up the headers after the request is matched with it's body,
+ * the CORS request will fail because the browser engine only knows about the adapted header and doesn't execute the
+ * CORS request, because the preflight check doesn't return the custom header as allowed.
+ */
+class RequestGeneratedUuidInHeaderMatcher() : RequestGeneratedUuidMatcher() {
+
+    private var origin: String = ""
+
+    override fun getUuidFromRequest(recordedRequest: RecordedRequest): String? =
+        recordedRequest.headers[REQUEST_INSPECTOR_ID]
+
+    override fun getUuidFromRequest(webResourceRequest: WebResourceRequest): String? =
+        webResourceRequest.requestHeaders[REQUEST_INSPECTOR_ID]
+
+    override fun removeUuidFromRequests(request: WebResourceRequest, recordedRequest: RecordedRequest?): Pair<WebResourceRequest, RecordedRequest?> {
+        // Clean up headers by removing REQUEST_ID_HEADER from both requests
+        val cleanedRequest = object : WebResourceRequest by request {
+            override fun getRequestHeaders(): Map<String, String> =
+                request.requestHeaders.filter { (key, _) -> key != REQUEST_INSPECTOR_ID }
+        }
+        val cleanedRecordedRequest = recordedRequest?.copy(
+            headers = recordedRequest.headers.filter { (key, _) -> key != REQUEST_INSPECTOR_ID }
+        )
+        return cleanedRequest to cleanedRecordedRequest
+    }
+
+    override fun getAdditionalHeaders(url: String): JSONObject {
+        val headersJson = JSONObject()
+        if (getOrigin(url) == origin) {
+            val uuid = UUID.randomUUID().toString()
+            headersJson.put(REQUEST_INSPECTOR_ID, uuid)
+        } else {
+            Log.i(LOG_TAG, "Recorded CORS to $url, not adding $REQUEST_INSPECTOR_ID")
+        }
+        return headersJson
+    }
+
+    override fun onPageStarted(url: String) {
+        origin = getOrigin(url)
+    }
+
+    private fun getOrigin(url: String): String {
+        val uri = url.toUri()
+        val port = if (uri.port != -1) ":${uri.port}" else ""
+        return "${uri.scheme}://${uri.host}$port"
+    }
+}

app/src/main/java/com/acsbendi/requestinspectorwebview/matcher/RequestGeneratedUuidInQueryParamMatcher.kt

@@ -0,0 +1,39 @@
+package com.acsbendi.requestinspectorwebview.matcher
+
+import android.webkit.WebResourceRequest
+import com.acsbendi.requestinspectorwebview.RequestInspectorJavaScriptInterface
+import java.util.UUID
+
+class RequestGeneratedUuidInQueryParamMatcher : RequestGeneratedUuidMatcher() {
+
+    override fun getUuidFromRequest(recordedRequest: RequestInspectorJavaScriptInterface.RecordedRequest): String? =
+        recordedRequest.url.getQueryParameter(REQUEST_INSPECTOR_ID)
+
+    override fun getUuidFromRequest(webResourceRequest: WebResourceRequest): String? =
+        webResourceRequest.url.getQueryParameter(REQUEST_INSPECTOR_ID)
+
+    override fun removeUuidFromRequests(
+        request: WebResourceRequest,
+        recordedRequest: RequestInspectorJavaScriptInterface.RecordedRequest?
+    ): Pair<WebResourceRequest, RequestInspectorJavaScriptInterface.RecordedRequest?> {
+        val originalUrl = request.url
+        val cleanedUrlBuilder = originalUrl.buildUpon().clearQuery()
+        for (key in originalUrl.queryParameterNames.filter { it != REQUEST_INSPECTOR_ID }) {
+            originalUrl.getQueryParameters(key).forEach { paramValue ->
+                cleanedUrlBuilder.appendQueryParameter(key, paramValue)
+            }
+        }
+        val cleanedUrl = cleanedUrlBuilder.build()
+
+        val cleanedWebResourceRequest = object : WebResourceRequest by request {
+            override fun getUrl() = cleanedUrl
+        }
+        val cleanedRecordedRequest = recordedRequest?.copy(url = cleanedUrl)
+        return cleanedWebResourceRequest to cleanedRecordedRequest
+    }
+
+    override fun getAdditionalQueryParams(): String {
+        val uuid = UUID.randomUUID().toString()
+        return "$REQUEST_INSPECTOR_ID=$uuid"
+    }
+}

app/src/main/java/com/acsbendi/requestinspectorwebview/matcher/RequestGeneratedUuidMatcher.kt

@@ -0,0 +1,47 @@
+package com.acsbendi.requestinspectorwebview.matcher
+
+import android.webkit.WebResourceRequest
+import com.acsbendi.requestinspectorwebview.RequestInspectorJavaScriptInterface.RecordedRequest
+import com.acsbendi.requestinspectorwebview.WebViewRequest
+
+abstract class RequestGeneratedUuidMatcher : RequestMatcher {
+
+    private val recordedRequests = mutableMapOf<String, RecordedRequest>()
+
+    abstract fun getUuidFromRequest(recordedRequest: RecordedRequest): String?
+    abstract fun getUuidFromRequest(webResourceRequest: WebResourceRequest): String?
+    abstract fun removeUuidFromRequests(
+        request: WebResourceRequest,
+        recordedRequest: RecordedRequest?
+    ): Pair<WebResourceRequest, RecordedRequest?>
+
+    final override fun addRecordedRequest(recordedRequest: RecordedRequest) {
+        val id = getUuidFromRequest(recordedRequest) ?: return
+
+        synchronized(recordedRequests) {
+            recordedRequests[id] = recordedRequest
+        }
+    }
+
+    override fun createWebViewRequest(request: WebResourceRequest): WebViewRequest {
+        val recordedRequest = findRecordedRequest(request)
+        val (cleanedRequest, cleanedRecordedRequest) = removeUuidFromRequests(request, recordedRequest)
+        return WebViewRequest.create(cleanedRequest, cleanedRecordedRequest)
+    }
+
+
+    private  fun findRecordedRequest(request: WebResourceRequest): RecordedRequest? {
+        val id = getUuidFromRequest(request) ?: return null
+        val recordedRequest = synchronized(recordedRequests) {
+            recordedRequests.remove(id)
+        }
+        return recordedRequest
+    }
+
+    override fun onPageStarted(url: String) {}
+
+    companion object {
+        const val REQUEST_INSPECTOR_ID = "x-request-inspector-id"
+        const val LOG_TAG = "RequestGeneratedUuidMatcher"
+    }
+}

app/src/main/java/com/acsbendi/requestinspectorwebview/matcher/RequestMatcher.kt

@@ -8,7 +8,8 @@ import org.json.JSONObject
 interface RequestMatcher {
     fun addRecordedRequest(recordedRequest: RecordedRequest)
     fun createWebViewRequest(request: WebResourceRequest): WebViewRequest
-    fun additionalHeaders(url: String): JSONObject = JSONObject()
-    fun setOrigin(url: String) {}
+    fun getAdditionalHeaders(url: String): JSONObject = JSONObject()
+    fun getAdditionalQueryParams(): String = ""
+    fun onPageStarted(url: String) {}
 }