From 0ab055e946dbbf605bbf428c7a24eddc16767cb9 Mon Sep 17 00:00:00 2001 From: Mike Cardwell <32682246+mikehardenize@users.noreply.github.com> Date: Thu, 3 Dec 2020 06:36:14 +0000 Subject: [PATCH] Allow server plugin to talk to https services. Option for skipping tls verification (#2103) * Allow server plugin to talk to https services. Option for skipping tls verification * Rename TlsVerify to TLSVerify * Server plugin should use default http transport when scheme is not https --- doc/server_plugin.md | 7 ++++--- pkg/config/server_common.go | 13 +++++++++---- pkg/plugin/server/http.go | 30 ++++++++++++++++++++++++------ 3 files changed, 37 insertions(+), 13 deletions(-) diff --git a/doc/server_plugin.md b/doc/server_plugin.md index 0ba75d7b..9087307c 100644 --- a/doc/server_plugin.md +++ b/doc/server_plugin.md @@ -209,9 +209,10 @@ path = /handler ops = NewProxy ``` -addr: the address where the external RPC service listens on. -path: http request url path for the POST request. -ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...). +- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`. +- path: http request url path for the POST request. +- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...). +- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification. ### Metadata diff --git a/pkg/config/server_common.go b/pkg/config/server_common.go index 6eb25c2b..e9be2081 100644 --- a/pkg/config/server_common.go +++ b/pkg/config/server_common.go @@ -458,11 +458,16 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) { for name, section := range sections { if strings.HasPrefix(name, "plugin.") { name = strings.TrimSpace(strings.TrimPrefix(name, "plugin.")) + var tls_verify, err = strconv.ParseBool(section["tls_verify"]) + if err != nil { + tls_verify = true + } options := plugin.HTTPPluginOptions{ - Name: name, - Addr: section["addr"], - Path: section["path"], - Ops: strings.Split(section["ops"], ","), + Name: name, + Addr: section["addr"], + Path: section["path"], + Ops: strings.Split(section["ops"], ","), + TLSVerify: tls_verify, } for i := range options.Ops { options.Ops[i] = strings.TrimSpace(options.Ops[i]) diff --git a/pkg/plugin/server/http.go b/pkg/plugin/server/http.go index 81c54ec2..696f8617 100644 --- a/pkg/plugin/server/http.go +++ b/pkg/plugin/server/http.go @@ -17,19 +17,22 @@ package plugin import ( "bytes" "context" + "crypto/tls" "encoding/json" "fmt" "io/ioutil" "net/http" "net/url" "reflect" + "strings" ) type HTTPPluginOptions struct { - Name string - Addr string - Path string - Ops []string + Name string + Addr string + Path string + Ops []string + TLSVerify bool } type httpPlugin struct { @@ -40,10 +43,25 @@ type httpPlugin struct { } func NewHTTPPluginOptions(options HTTPPluginOptions) Plugin { + var url = fmt.Sprintf("%s%s", options.Addr, options.Path) + + var client *http.Client + if strings.HasPrefix(url, "https://") { + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: options.TLSVerify == false}, + } + client = &http.Client{Transport: tr} + } else { + client = &http.Client{} + } + + if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") { + url = "http://" + url + } return &httpPlugin{ options: options, - url: fmt.Sprintf("http://%s%s", options.Addr, options.Path), - client: &http.Client{}, + url: url, + client: client, } }