A couple minor fixes

Author: imolorhe

packages/altair-api/src/ai/prompt.ts

@@ -27,6 +27,7 @@ You are an expert in GraphQL and Altair GraphQL Client (https://altairgraphql.de
 * If the user asks for troubleshooting help, use the provided SDL, query, variables, and response to diagnose the issue and suggest solutions.
 * Keep your answers as concise as possible while still providing enough detail to be helpful. Avoid unnecessary jargon or overly complex explanations.
 * When appropriate, provide examples to illustrate your points. This can help clarify complex concepts or demonstrate how to use Altair effectively.
+* When appropriate, suggest recommendations for improving the security, performance, or usability of the GraphQL queries.
 * Maintain a professional tone in all responses. Avoid slang or overly casual language.
 * Write your responses in markdown format.
 * Always wrap GraphQL queries in \`\`\`graphql\`\`\` code blocks.

packages/altair-app/src/app/modules/altair/effects/query.effect.ts

@@ -206,19 +206,14 @@ export class QueryEffects {
                 );
               }
 
-              // Store the current query into the history if it does not already exist in the history
-              if (
-                !response.data.history.list.filter(
-                  (item) => item.query && item.query.trim() === query.trim()
-                ).length
-              ) {
-                this.store.dispatch(
-                  new historyActions.AddHistoryAction(response.windowId, {
-                    query,
-                    limit: response.state.settings.historyDepth,
-                  })
-                );
-              }
+              // Try to store the current query into the history if it does not already exist in the history
+              this.store.dispatch(
+                new historyActions.TryAddHistoryAction({
+                  windowId: response.windowId,
+                  query,
+                  limit: response.state.settings.historyDepth,
+                })
+              );
 
               // perform some cleanup of previous state
               this.store.dispatch(
@@ -1434,6 +1429,51 @@ export class QueryEffects {
     { dispatch: false }
   );
 
+  tryAddHistory$ = createEffect(
+    () => {
+      return this.actions$.pipe(
+        ofType(historyActions.TRY_ADD_HISTORY),
+        withLatestFrom(
+          this.store,
+          (action: historyActions.TryAddHistoryAction, state: RootState) => {
+            return {
+              data: state.windows[action.payload.windowId],
+              windowId: action.payload.windowId,
+              action,
+            };
+          }
+        ),
+        switchMap((res) => {
+          if (!res.data) {
+            return EMPTY;
+          }
+
+          const matchesPromise = res.data.history.list.map(async (item) => {
+            return (
+              (await this.gqlService.compress(item.query)) ===
+              (await this.gqlService.compress(res.action.payload.query))
+            );
+          });
+
+          return from(Promise.all(matchesPromise)).pipe(
+            map((matches) => {
+              if (!matches.includes(true)) {
+                // If the query is not in history, add it
+                this.store.dispatch(
+                  new historyActions.AddHistoryAction(res.windowId, {
+                    query: res.action.payload.query,
+                    limit: res.action.payload.limit,
+                  })
+                );
+              }
+            })
+          );
+        })
+      );
+    },
+    { dispatch: false }
+  );
+
   // Get the introspection after setting the URL
   constructor(
     private actions$: Actions,

packages/altair-app/src/app/modules/altair/store/history/history.action.ts

@@ -2,6 +2,7 @@ import { Action as NGRXAction } from '@ngrx/store';
 
 export const ADD_HISTORY = 'ADD_HISTORY';
 export const CLEAR_HISTORY = 'CLEAR_HISTORY';
+export const TRY_ADD_HISTORY = 'TRY_ADD_HISTORY';
 
 export class AddHistoryAction implements NGRXAction {
   readonly type = ADD_HISTORY;
@@ -18,4 +19,10 @@ export class ClearHistoryAction implements NGRXAction {
   constructor(public windowId: string) {}
 }
 
-export type Action = AddHistoryAction | ClearHistoryAction;
+export class TryAddHistoryAction implements NGRXAction {
+  readonly type = TRY_ADD_HISTORY;
+
+  constructor(public payload: { windowId: string; query: string; limit?: number }) {}
+}
+
+export type Action = AddHistoryAction | ClearHistoryAction | TryAddHistoryAction;

packages/altair-electron/src/app/window.ts

@@ -41,6 +41,8 @@ import {
   getPersisedSettingsFromFile,
   updateAltairSettingsOnFile,
 } from '../settings/main/store';
+import { cspAsString } from '../utils/csp';
+import { SENTRY_CSP_REPORT_URI } from '../constants';
 
 export class WindowManager {
   private instance?: BrowserWindow;
@@ -306,19 +308,37 @@ export class WindowManager {
           `'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc='`,
           `'${createSha256CspHash(renderInitSnippet(this.getRenderOptions()))}'`,
           `https://cdn.jsdelivr.net`,
-          `https://apis.google.com`,
           `localhost:*`,
           `file:`,
         ];
 
+        const additionalHeaders = {
+          // TODO: Figure out why an error from this breaks devtools
+          'Content-Security-Policy': [
+            cspAsString({
+              'script-src': scriptSrc,
+              'object-src': ["'self'"],
+              'report-uri': [SENTRY_CSP_REPORT_URI],
+              'report-to': ['csp-endpoint'],
+            }),
+          ],
+          'Report-To': JSON.stringify({
+            group: 'csp-endpoint',
+            max_age: 10886400, // 3 months
+            endpoints: [
+              {
+                url: SENTRY_CSP_REPORT_URI,
+              },
+            ],
+            include_subdomains: true,
+          }),
+          'Reporting-Endpoints': `csp-endpoint="${SENTRY_CSP_REPORT_URI}"`,
+        };
+
         return callback({
           responseHeaders: {
-            ...details.responseHeaders, // Setting CSP
-            // TODO: Figure out why an error from this breaks devtools
-            'Content-Security-Policy': [
-              `script-src ${scriptSrc.join(' ')}; object-src 'self';`,
-              // `script-src 'self' 'sha256-1Sj1x3xsk3UVwnakQHbO0yQ3Xm904avQIfGThrdrjcc=' '${createSha256CspHash(renderInitSnippet())}' https://cdn.jsdelivr.net localhost:*; object-src 'self';`
-            ],
+            ...details.responseHeaders,
+            ...additionalHeaders, // Additional headers
           },
         });
       }

packages/altair-electron/src/constants.ts

@@ -0,0 +1,3 @@
+export const SENTRY_DSN =
+  'https://1b08762f991476e3115e1ab7d12e6682@o4506180788879360.ingest.sentry.io/4506198594813952';
+export const SENTRY_CSP_REPORT_URI = `https://o4506180788879360.ingest.us.sentry.io/api/4506198594813952/security/?sentry_key=1b08762f991476e3115e1ab7d12e6682`;

packages/altair-electron/src/index.ts

@@ -3,9 +3,10 @@ import * as Sentry from '@sentry/electron';
 import { ElectronApp } from './app';
 import { app } from 'electron';
 import { configureAppOnStartup } from './utils/startup';
+import { SENTRY_DSN } from './constants';
 
 Sentry.init({
-  dsn: 'https://1b08762f991476e3115e1ab7d12e6682@o4506180788879360.ingest.sentry.io/4506198594813952',
+  dsn: SENTRY_DSN,
   release: app.getVersion(),
 });
 configureAppOnStartup(app);

packages/altair-electron/src/utils/csp.spec.ts

@@ -0,0 +1,22 @@
+import { cspAsString } from './csp';
+
+describe('cspAsString', () => {
+  it('should return a valid CSP string', () => {
+    const csp = {
+      'default-src': ["'self'", "'unsafe-inline'"],
+      'script-src': [
+        "'self'",
+        'sha256-abc123',
+        'https://example.com',
+        "'nonce-xyz789'",
+        'unsafe-eval',
+      ],
+      'style-src': ["'self'", "'nonce-xyz789'"],
+    };
+
+    const result = cspAsString(csp);
+    expect(result).toBe(
+      "default-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-abc123' https://example.com 'nonce-xyz789' 'unsafe-eval'; style-src 'self' 'nonce-xyz789'"
+    );
+  });
+});

packages/altair-electron/src/utils/csp.ts

@@ -0,0 +1,26 @@
+const QUOTED_VALUES = [
+  'self',
+  'unsafe-inline',
+  'unsafe-eval',
+  'none',
+  'strict-dynamic',
+  'report-sample',
+  'wasm-unsafe-eval',
+];
+const QUOTED_PREFIXES = ['sha256-', 'sha384-', 'sha512-', 'nonce-'];
+export const cspAsString = (csp: Record<string, string[]>): string => {
+  return Object.entries(csp)
+    .map(([key, values]) => {
+      const mappedValues = values.map((value) => {
+        if (QUOTED_VALUES.includes(value)) {
+          return `'${value}'`;
+        }
+        if (QUOTED_PREFIXES.some((prefix) => value.startsWith(prefix))) {
+          return `'${value}'`;
+        }
+        return value;
+      });
+      return `${key} ${mappedValues.join(' ')}`;
+    })
+    .join('; ');
+};