Skip to content

Commit

Permalink
feat: http proxy support for oidc (opensearch-project#2024)
Browse files Browse the repository at this point in the history
* feat: http proxy support for oidc

Resolves: opensearch-project#911
Signed-off-by: manuelraa <[email protected]>

* chore: reduce code duplication for agent configuration

Signed-off-by: Manuelraa <[email protected]>

---------

Signed-off-by: manuelraa <[email protected]>
Signed-off-by: Manuelraa <[email protected]>
  • Loading branch information
Manuelraa authored Jul 18, 2024
1 parent c523578 commit fe847af
Show file tree
Hide file tree
Showing 3 changed files with 208 additions and 14 deletions.
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
"@hapi/cryptiles": "5.0.0",
"@hapi/wreck": "^17.1.0",
"html-entities": "1.3.1",
"proxy-agent": "^6.4.0",
"zxcvbn": "^4.4.2"
},
"resolutions": {
Expand Down
29 changes: 16 additions & 13 deletions server/auth/types/openid/openid_auth.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,9 @@ import {
IOpenSearchDashboardsResponse,
AuthResult,
} from 'opensearch-dashboards/server';
import HTTP from 'http';
import HTTPS from 'https';
import { PeerCertificate } from 'tls';
import { Server, ServerStateCookieOptions } from '@hapi/hapi';
import { ProxyAgent } from 'proxy-agent';
import { SecurityPluginConfigType } from '../../..';
import {
SecuritySessionCookie,
Expand Down Expand Up @@ -175,19 +174,23 @@ export class OpenIdAuthentication extends AuthenticationType {
};
}
this.logger.info(getObjectProperties(this.wreckHttpsOption, 'WreckHttpsOptions'));

// Use proxy agent to allow usage of e.g. http_proxy environment variable
const httpAgent = new ProxyAgent();
const httpsAllowUnauthorizedAgent = new ProxyAgent({
rejectUnauthorized: false,
});
let httpsAgent = new ProxyAgent();
if (Object.keys(this.wreckHttpsOption).length > 0) {
return wreck.defaults({
agents: {
http: new HTTP.Agent(),
https: new HTTPS.Agent(this.wreckHttpsOption),
httpsAllowUnauthorized: new HTTPS.Agent({
rejectUnauthorized: false,
}),
},
});
} else {
return wreck;
httpsAgent = new ProxyAgent(this.wreckHttpsOption);
}
return wreck.defaults({
agents: {
http: httpAgent,
https: httpsAgent,
httpsAllowUnauthorized: httpsAllowUnauthorizedAgent,
},
});
}

getWreckHttpsOptions(): WreckHttpsOptions {
Expand Down
Loading

0 comments on commit fe847af

Please sign in to comment.