Add the ability to set a proxy for outgoing requests - Closes #252

2025-01-23 14:48:36 +01:00 · 2023-12-13 16:49:35 +01:00 · 2023-12-13 16:49:35 +01:00 · e503826012
commit e503826012
parent 15c31c3341
9 changed files with 41 additions and 15 deletions
--- a/.env.example
+++ b/.env.example
@ -236,6 +236,8 @@ WEBAUTHN_USER_VERIFICATION=preferred
 # GITHUB_CLIENT_SECRET=


+#### Proxy settings ####
+
 # Use this setting to declare trusted proxied.
 # Supported:
 #   '*': to trust any proxy
@ -244,6 +246,13 @@ WEBAUTHN_USER_VERIFICATION=preferred
 TRUSTED_PROXIES=null


+# Proxy for outgoing requests like new releases detection or logo fetching.
+# You can provide a proxy URL that contains a scheme, username, and password.
+# For example, "http://username:password@192.168.16.1:10".
+
+PROXY_FOR_OUTGOING_REQUESTS=null
+
+
 # Leave the following configuration vars as is.
 # Unless you like to tinker and know what you're doing.

--- a/4
+++ b/4
@ -223,6 +223,10 @@ ENV \
    #   '*': to trust any proxy
    #   A comma separated IP list: The list of proxies IP to trust
    TRUSTED_PROXIES=null \
+    # Proxy for outgoing requests like new releases detection or logo fetching.
+    # You can provide a proxy URL that contains a scheme, username, and password.
+    # For example, "http://username:password@192.168.16.1:10".
+    PROXY_FOR_OUTGOING_REQUESTS=null \
    # Leave the following configuration vars as is.
    # Unless you like to tinker and know what you're doing.
    BROADCAST_DRIVER=log \
--- a/app/Models/TwoFAccount.php
+++ b/app/Models/TwoFAccount.php
@ -691,7 +691,9 @@ private function storeRemoteImageAsIcon(string $url) : string|null
            $newFilename = self::getUniqueFilename($path_parts['extension']);

            try {
-                $response = Http::retry(3, 100)->get($url);
+                $response = Http::withOptions([
+                    'proxy' => config('2fauth.config.outgoingProxy'),
+                ])->retry(3, 100)->get($url);

                if ($response->successful()) {
                    Storage::disk('imagesLink')->put($newFilename, $response->body());
--- a/app/Services/LogoService.php
+++ b/app/Services/LogoService.php
@ -92,7 +92,9 @@ protected function setTfaCollection() : void
    protected function cacheTfaDirectorySource() : void
    {
        try {
-            $response = Http::retry(3, 100)->get(self::TFA_URL);
+            $response = Http::withOptions([
+                'proxy' => config('2fauth.config.outgoingProxy'),
+            ])->retry(3, 100)->get(self::TFA_URL);

            $coll = collect(json_decode(htmlspecialchars_decode($response->body()), true)) /* @phpstan-ignore-line */
                ->mapWithKeys(function ($item, $key) {
@ -117,8 +119,9 @@ protected function cacheTfaDirectorySource() : void
    protected function fetchLogo(string $logoFile) : void
    {
        try {
-            $response = Http::retry(3, 100)
-                ->get('https://raw.githubusercontent.com/2factorauth/twofactorauth/master/img/' . $logoFile[0] . '/' . $logoFile);
+            $response = Http::withOptions([
+                'proxy' => config('2fauth.config.outgoingProxy'),
+            ])->retry(3, 100)->get('https://raw.githubusercontent.com/2factorauth/twofactorauth/master/img/' . $logoFile[0] . '/' . $logoFile);

            if ($response->successful()) {
                Storage::disk('logos')->put($logoFile, $response->body())
--- a/app/Services/ReleaseRadarService.php
+++ b/app/Services/ReleaseRadarService.php
@ -22,9 +22,9 @@ public static function scheduledScan() : void
    /**
     * Run a manual release scan
     *
-     * @return false|string False if no new release, the new release number otherwise
+     * @return string|null|false False if no new release, null if check failed, the new release number otherwise
     */
-    public static function manualScan() : false|string
+    public static function manualScan() : string|null|false
    {
        return self::newRelease();
    }
@ -32,13 +32,15 @@ public static function manualScan() : false|string
    /**
     * Run a release scan
     *
-     * @return false|string False if no new release, the new release number otherwise
+     * @return string|null|false False if no new release, null if check failed, the new release number otherwise
     */
-    protected static function newRelease() : false|string
+    protected static function newRelease() : string|null|false
    {
        Log::info('Release scan started');
+        $latestRelease = self::getLatestReleaseData();

-        if ($latestReleaseData = json_decode(self::getLatestReleaseData())) {
+        if ($latestRelease) {
+            $latestReleaseData = json_decode($latestRelease);
            $githubVersion    = Helpers::cleanVersionNumber($latestReleaseData->tag_name);
            $installedVersion = Helpers::cleanVersionNumber(config('2fauth.version'));

@ -55,7 +57,7 @@ protected static function newRelease() : false|string
            }
        }

-        return false;
+        return $latestRelease ? false : null;
    }

    /**
@ -66,8 +68,9 @@ protected static function getLatestReleaseData() : string|null
        $url = config('2fauth.latestReleaseUrl');

        try {
-            $response = Http::retry(3, 100)
-                ->get($url);
+            $response = Http::withOptions([
+                'proxy' => config('2fauth.config.outgoingProxy'),
+            ])->retry(3, 100)->get($url);

            if ($response->successful()) {
                Settings::set('lastRadarScan', time());
--- a/config/2fauth.php
+++ b/config/2fauth.php
@ -25,6 +25,7 @@
        'isDemoApp' => env('IS_DEMO_APP', false),
        'isTestingApp' => env('IS_TESTING_APP', false),
        'trustedProxies' => env('TRUSTED_PROXIES', null),
+        'outgoingProxy' => env('PROXY_FOR_OUTGOING_REQUESTS', ''),
        'proxyLogoutUrl' => env('PROXY_LOGOUT_URL', null),
        'appSubdirectory' => env('APP_SUBDIRECTORY', ''),
    ],
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -121,6 +121,10 @@ services:
      #   '*': to trust any proxy
      #   A comma separated IP list: The list of proxies IP to trust
      - TRUSTED_PROXIES=null
+      # Proxy for outgoing requests like new releases detection or logo fetching.
+      # You can provide a proxy URL that contains a scheme, username, and password.
+      # For example, "http://username:password@192.168.16.1:10".
+      - PROXY_FOR_OUTGOING_REQUESTS=null
      # Leave the following configuration vars as is.
      # Unless you like to tinker and know what you're doing.
      - BROADCAST_DRIVER=log
--- a/resources/js/components/VersionChecker.vue
+++ b/resources/js/components/VersionChecker.vue
@ -13,7 +13,7 @@
        await systemService.getLastRelease({returnError: true})
        .then(response => {
            appSettings.latestRelease = response.data.newRelease
-            isUpToDate.value = response.data.newRelease === false
+            isUpToDate.value = response.data.newRelease === null ? null : response.data.newRelease === false
        })
        .catch(() => {
            isUpToDate.value = null
--- a/tests/Feature/Services/ReleaseRadarServiceTest.php
+++ b/tests/Feature/Services/ReleaseRadarServiceTest.php
@ -71,7 +71,7 @@ public function test_manualScan_complete_when_http_call_fails()
        // We do not fake the http request so an exception will be thrown
        Http::preventStrayRequests();

-        $this->assertFalse(ReleaseRadarService::manualScan());
+        $this->assertNull(ReleaseRadarService::manualScan());
    }

    /**
@ -86,7 +86,7 @@ public function test_manualScan_succeed_when_github_is_unreachable()
            $url => Http::response(null, 400),
        ]);

-        $this->assertFalse(ReleaseRadarService::manualScan());
+        $this->assertNull(ReleaseRadarService::manualScan());
    }

    /**