fix: respect rejectUnauthorized and ca opts when proxying https

2024-11-22 07:53:34 +01:00 · 2023-10-22 11:02:35 -04:00 · 2023-10-22 11:02:35 -04:00 · 1d58bdab59
commit 1d58bdab59
parent bbb904437f
4 changed files with 44 additions and 8 deletions
--- a/packages/bruno-cli/src/runner/run-single-request.js
+++ b/packages/bruno-cli/src/runner/run-single-request.js
@ -12,11 +12,10 @@ const { ScriptRuntime, TestRuntime, VarsRuntime, AssertRuntime } = require('@use
 const { stripExtension } = require('../utils/filesystem');
 const { getOptions } = require('../utils/bru');
 const https = require('https');
-const { HttpsProxyAgent } = require('https-proxy-agent');
 const { HttpProxyAgent } = require('http-proxy-agent');
 const { SocksProxyAgent } = require('socks-proxy-agent');
 const { makeAxiosInstance } = require('../utils/axios-instance');
-const { shouldUseProxy } = require('../utils/proxy-util');
+const { shouldUseProxy, PatchedHttpsProxyAgent } = require('../utils/proxy-util');

 const runSingleRequest = async function (
  filename,
@ -152,7 +151,7 @@ const runSingleRequest = async function (
        request.httpsAgent = socksProxyAgent;
        request.httpAgent = socksProxyAgent;
      } else {
-        request.httpsAgent = new HttpsProxyAgent(
+        request.httpsAgent = new PatchedHttpsProxyAgent(
          proxyUri,
          Object.keys(httpsAgentRequestFields).length > 0 ? { ...httpsAgentRequestFields } : undefined
        );
--- a/packages/bruno-cli/src/utils/proxy-util.js
+++ b/packages/bruno-cli/src/utils/proxy-util.js
@ -1,5 +1,6 @@
 const parseUrl = require('url').parse;
 const { isEmpty } = require('lodash');
+const { HttpsProxyAgent } = require('https-proxy-agent');

 const DEFAULT_PORTS = {
  ftp: 21,
@ -61,6 +62,24 @@ const shouldUseProxy = (url, proxyBypass) => {
  });
 };

+/**
+ * Patched version of HttpsProxyAgent to get around a bug that ignores
+ * options like ca and rejectUnauthorized when upgrading the socket to TLS:
+ * https://github.com/TooTallNate/proxy-agents/issues/194
+ */
+class PatchedHttpsProxyAgent extends HttpsProxyAgent {
+  constructor(proxy, opts) {
+    super(proxy, opts);
+    this.constructorOpts = opts;
+  }
+
+  async connect(req, opts) {
+    const combinedOpts = { ...this.constructorOpts, ...opts };
+    return super.connect(req, combinedOpts);
+  }
+}
+
 module.exports = {
-  shouldUseProxy
+  shouldUseProxy,
+  PatchedHttpsProxyAgent
 };
--- a/packages/bruno-electron/src/ipc/network/index.js
+++ b/packages/bruno-electron/src/ipc/network/index.js
@ -19,12 +19,11 @@ const { sortFolder, getAllRequestsInFolderRecursively } = require('./helper');
 const { preferencesUtil } = require('../../store/preferences');
 const { getProcessEnvVars } = require('../../store/process-env');
 const { getBrunoConfig } = require('../../store/bruno-config');
-const { HttpsProxyAgent } = require('https-proxy-agent');
 const { HttpProxyAgent } = require('http-proxy-agent');
 const { SocksProxyAgent } = require('socks-proxy-agent');
 const { makeAxiosInstance } = require('./axios-instance');
 const { addAwsV4Interceptor, resolveAwsV4Credentials } = require('./awsv4auth-helper');
-const { shouldUseProxy } = require('../../utils/proxy-util');
+const { shouldUseProxy, PatchedHttpsProxyAgent } = require('../../utils/proxy-util');

 // override the default escape function to prevent escaping
 Mustache.escape = function (value) {
@ -149,7 +148,7 @@ const configureRequest = async (collectionUid, request, envVars, collectionVaria
      request.httpsAgent = socksProxyAgent;
      request.httpAgent = socksProxyAgent;
    } else {
-      request.httpsAgent = new HttpsProxyAgent(
+      request.httpsAgent = new PatchedHttpsProxyAgent(
        proxyUri,
        Object.keys(httpsAgentRequestFields).length > 0 ? { ...httpsAgentRequestFields } : undefined
      );
--- a/packages/bruno-electron/src/utils/proxy-util.js
+++ b/packages/bruno-electron/src/utils/proxy-util.js
@ -1,5 +1,6 @@
 const parseUrl = require('url').parse;
 const { isEmpty } = require('lodash');
+const { HttpsProxyAgent } = require('https-proxy-agent');

 const DEFAULT_PORTS = {
  ftp: 21,
@ -61,6 +62,24 @@ const shouldUseProxy = (url, proxyBypass) => {
  });
 };

+/**
+ * Patched version of HttpsProxyAgent to get around a bug that ignores options
+ * such as ca and rejectUnauthorized when upgrading the proxied socket to TLS:
+ * https://github.com/TooTallNate/proxy-agents/issues/194
+ */
+class PatchedHttpsProxyAgent extends HttpsProxyAgent {
+  constructor(proxy, opts) {
+    super(proxy, opts);
+    this.constructorOpts = opts;
+  }
+
+  async connect(req, opts) {
+    const combinedOpts = { ...this.constructorOpts, ...opts };
+    return super.connect(req, combinedOpts);
+  }
+}
+
 module.exports = {
-  shouldUseProxy
+  shouldUseProxy,
+  PatchedHttpsProxyAgent
 };