UNPKG

@grpc/grpc-js/src/http_proxy.ts

Version:

8.83 kBPlain TextView Raw

1/*
* Copyright 2019 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
17
18import { log } from './logging';
19import { LogVerbosity } from './constants';
20import { getDefaultAuthority } from './resolver';
21import { Socket } from 'net';
22import * as http from 'http';
23import * as tls from 'tls';
24import * as logging from './logging';
25import {
SubchannelAddress,
isTcpSubchannelAddress,
subchannelAddressToString,
29} from './subchannel-address';
30import { ChannelOptions } from './channel-options';
31import { GrpcUri, parseUri, splitHostPort, uriToString } from './uri-parser';
32import { URL } from 'url';
33
34const TRACER_NAME = 'proxy';
35
36function trace(text: string): void {
logging.trace(LogVerbosity.DEBUG, TRACER_NAME, text);
38}
39
40interface ProxyInfo {
address?: string;
creds?: string;
43}
44
45function getProxyInfo(): ProxyInfo {
let proxyEnv = '';
let envVar = '';
/* Prefer using 'grpc_proxy'. Fallback on 'http_proxy' if it is not set.
 * Also prefer using 'https_proxy' with fallback on 'http_proxy'. The
 * fallback behavior can be removed if there's a demand for it.
 */
if (process.env.grpc_proxy) {
  envVar = 'grpc_proxy';
  proxyEnv = process.env.grpc_proxy;
} else if (process.env.https_proxy) {
  envVar = 'https_proxy';
  proxyEnv = process.env.https_proxy;
} else if (process.env.http_proxy) {
  envVar = 'http_proxy';
  proxyEnv = process.env.http_proxy;
} else {
  return {};
}
let proxyUrl: URL;
try {
  proxyUrl = new URL(proxyEnv);
} catch (e) {
  log(LogVerbosity.ERROR, `cannot parse value of "${envVar}" env var`);
  return {};
}
if (proxyUrl.protocol !== 'http:') {
  log(
    LogVerbosity.ERROR,
    `"${proxyUrl.protocol}" scheme not supported in proxy URI`
  );
  return {};
}
let userCred: string | null = null;
if (proxyUrl.username) {
  if (proxyUrl.password) {
    log(LogVerbosity.INFO, 'userinfo found in proxy URI');
    userCred = `${proxyUrl.username}:${proxyUrl.password}`;
  } else {
    userCred = proxyUrl.username;
  }
}
const hostname = proxyUrl.hostname;
let port = proxyUrl.port;
/* The proxy URL uses the scheme "http:", which has a default port number of
 * 80. We need to set that explicitly here if it is omitted because otherwise
 * it will use gRPC's default port 443. */
if (port === '') {
  port = '80';
}
const result: ProxyInfo = {
  address: `${hostname}:${port}`,
};
if (userCred) {
  result.creds = userCred;
}
trace(
  'Proxy server ' + result.address + ' set by environment variable ' + envVar
);
return result;
105}
106
107function getNoProxyHostList(): string[] {
/* Prefer using 'no_grpc_proxy'. Fallback on 'no_proxy' if it is not set. */
let noProxyStr: string | undefined = process.env.no_grpc_proxy;
let envVar = 'no_grpc_proxy';
if (!noProxyStr) {
  noProxyStr = process.env.no_proxy;
  envVar = 'no_proxy';
}
if (noProxyStr) {
  trace('No proxy server list set by environment variable ' + envVar);
  return noProxyStr.split(',');
} else {
  return [];
}
121}
122
123export interface ProxyMapResult {
target: GrpcUri;
extraOptions: ChannelOptions;
126}
127
128export function mapProxyName(
target: GrpcUri,
options: ChannelOptions
131): ProxyMapResult {
const noProxyResult: ProxyMapResult = {
  target: target,
  extraOptions: {},
};
if ((options['grpc.enable_http_proxy'] ?? 1) === 0) {
  return noProxyResult;
}
if (target.scheme === 'unix') {
  return noProxyResult;
}
const proxyInfo = getProxyInfo();
if (!proxyInfo.address) {
  return noProxyResult;
}
const hostPort = splitHostPort(target.path);
if (!hostPort) {
  return noProxyResult;
}
const serverHost = hostPort.host;
for (const host of getNoProxyHostList()) {
  if (host === serverHost) {
    trace(
      'Not using proxy for target in no_proxy list: ' + uriToString(target)
    );
    return noProxyResult;
  }
}
const extraOptions: ChannelOptions = {
  'grpc.http_connect_target': uriToString(target),
};
if (proxyInfo.creds) {
  extraOptions['grpc.http_connect_creds'] = proxyInfo.creds;
}
return {
  target: {
    scheme: 'dns',
    path: proxyInfo.address,
  },
  extraOptions: extraOptions,
};
172}
173
174export interface ProxyConnectionResult {
socket?: Socket;
realTarget?: GrpcUri;
177}
178
179export function getProxiedConnection(
address: SubchannelAddress,
channelOptions: ChannelOptions,
connectionOptions: tls.ConnectionOptions
183): Promise<ProxyConnectionResult> {
if (!('grpc.http_connect_target' in channelOptions)) {
  return Promise.resolve<ProxyConnectionResult>({});
}
const realTarget = channelOptions['grpc.http_connect_target'] as string;
const parsedTarget = parseUri(realTarget);
if (parsedTarget === null) {
  return Promise.resolve<ProxyConnectionResult>({});
}
const options: http.RequestOptions = {
  method: 'CONNECT',
  path: parsedTarget.path,
};
const headers: http.OutgoingHttpHeaders = {
  Host: parsedTarget.path,
};
// Connect to the subchannel address as a proxy
if (isTcpSubchannelAddress(address)) {
  options.host = address.host;
  options.port = address.port;
} else {
  options.socketPath = address.path;
}
if ('grpc.http_connect_creds' in channelOptions) {
  headers['Proxy-Authorization'] =
    'Basic ' +
    Buffer.from(
      channelOptions['grpc.http_connect_creds'] as string
    ).toString('base64');
}
options.headers = headers
const proxyAddressString = subchannelAddressToString(address);
trace('Using proxy ' + proxyAddressString + ' to connect to ' + options.path);
return new Promise<ProxyConnectionResult>((resolve, reject) => {
  const request = http.request(options);
  request.once('connect', (res, socket, head) => {
    request.removeAllListeners();
    socket.removeAllListeners();
    if (res.statusCode === 200) {
      trace(
        'Successfully connected to ' +
          options.path +
          ' through proxy ' +
          proxyAddressString
      );
      if ('secureContext' in connectionOptions) {
        /* The proxy is connecting to a TLS server, so upgrade this socket
         * connection to a TLS connection.
         * This is a workaround for https://github.com/nodejs/node/issues/32922
         * See https://github.com/grpc/grpc-node/pull/1369 for more info. */
        const targetPath = getDefaultAuthority(parsedTarget);
        const hostPort = splitHostPort(targetPath);
        const remoteHost = hostPort?.host ?? targetPath;
236
        const cts = tls.connect(
          {
            host: remoteHost,
            servername: remoteHost,
            socket: socket,
            ...connectionOptions,
          },
          () => {
            trace(
              'Successfully established a TLS connection to ' +
                options.path +
                ' through proxy ' +
                proxyAddressString
            );
            resolve({ socket: cts, realTarget: parsedTarget });
          }
        );
        cts.on('error', (error: Error) => {
          trace('Failed to establish a TLS connection to ' +
                  options.path +
                  ' through proxy ' +
                  proxyAddressString +
                  ' with error ' +
                  error.message);
          reject();
        });
      } else {
        trace(
          'Successfully established a plaintext connection to ' +
            options.path +
            ' through proxy ' +
            proxyAddressString
        );
        resolve({
          socket,
          realTarget: parsedTarget,
        });
      }
    } else {
      log(
        LogVerbosity.ERROR,
        'Failed to connect to ' +
          options.path +
          ' through proxy ' +
          proxyAddressString +
          ' with status ' +
          res.statusCode
      );
      reject();
    }
  });
  request.once('error', (err) => {
    request.removeAllListeners();
    log(
      LogVerbosity.ERROR,
      'Failed to connect to proxy ' +
        proxyAddressString +
        ' with error ' +
        err.message
    );
    reject();
  });
  request.end();
});
301}
302
\No newline at end of file

1	`/*`
2	`* Copyright 2019 gRPC authors.`
3	`*`
4	`* Licensed under the Apache License, Version 2.0 (the "License");`
5	`* you may not use this file except in compliance with the License.`
6	`* You may obtain a copy of the License at`
7	`*`
8	`* http://www.apache.org/licenses/LICENSE-2.0`
9	`*`
10	`* Unless required by applicable law or agreed to in writing, software`
11	`* distributed under the License is distributed on an "AS IS" BASIS,`
12	`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
13	`* See the License for the specific language governing permissions and`
14	`* limitations under the License.`
15	`*`
16	`*/`
17
18	`import { log } from './logging';`
19	`import { LogVerbosity } from './constants';`
20	`import { getDefaultAuthority } from './resolver';`
21	`import { Socket } from 'net';`
22	`import * as http from 'http';`
23	`import * as tls from 'tls';`
24	`import * as logging from './logging';`
25	`import {`
26	`SubchannelAddress,`
27	`isTcpSubchannelAddress,`
28	`subchannelAddressToString,`
29	`} from './subchannel-address';`
30	`import { ChannelOptions } from './channel-options';`
31	`import { GrpcUri, parseUri, splitHostPort, uriToString } from './uri-parser';`
32	`import { URL } from 'url';`
33
34	`const TRACER_NAME = 'proxy';`
35
36	`function trace(text: string): void {`
37	`logging.trace(LogVerbosity.DEBUG, TRACER_NAME, text);`
38	`}`
39
40	`interface ProxyInfo {`
41	`address?: string;`
42	`creds?: string;`
43	`}`
44
45	`function getProxyInfo(): ProxyInfo {`
46	`let proxyEnv = '';`
47	`let envVar = '';`
48	`/* Prefer using 'grpc_proxy'. Fallback on 'http_proxy' if it is not set.`
49	`* Also prefer using 'https_proxy' with fallback on 'http_proxy'. The`
50	`* fallback behavior can be removed if there's a demand for it.`
51	`*/`
52	`if (process.env.grpc_proxy) {`
53	`envVar = 'grpc_proxy';`
54	`proxyEnv = process.env.grpc_proxy;`
55	`} else if (process.env.https_proxy) {`
56	`envVar = 'https_proxy';`
57	`proxyEnv = process.env.https_proxy;`
58	`} else if (process.env.http_proxy) {`
59	`envVar = 'http_proxy';`
60	`proxyEnv = process.env.http_proxy;`
61	`} else {`
62	`return {};`
63	`}`
64	`let proxyUrl: URL;`
65	`try {`
66	`proxyUrl = new URL(proxyEnv);`
67	`} catch (e) {`
68	log(LogVerbosity.ERROR, `cannot parse value of "${envVar}" env var`);
69	`return {};`
70	`}`
71	`if (proxyUrl.protocol !== 'http:') {`
72	`log(`
73	`LogVerbosity.ERROR,`
74	`"${proxyUrl.protocol}" scheme not supported in proxy URI`
75	`);`
76	`return {};`
77	`}`
78	`let userCred: string \| null = null;`
79	`if (proxyUrl.username) {`
80	`if (proxyUrl.password) {`
81	`log(LogVerbosity.INFO, 'userinfo found in proxy URI');`
82	userCred = `${proxyUrl.username}:${proxyUrl.password}`;
83	`} else {`
84	`userCred = proxyUrl.username;`
85	`}`
86	`}`
87	`const hostname = proxyUrl.hostname;`
88	`let port = proxyUrl.port;`
89	`/* The proxy URL uses the scheme "http:", which has a default port number of`
90	`* 80. We need to set that explicitly here if it is omitted because otherwise`
91	`* it will use gRPC's default port 443. */`
92	`if (port === '') {`
93	`port = '80';`
94	`}`
95	`const result: ProxyInfo = {`
96	address: `${hostname}:${port}`,
97	`};`
98	`if (userCred) {`
99	`result.creds = userCred;`
100	`}`
101	`trace(`
102	`'Proxy server ' + result.address + ' set by environment variable ' + envVar`
103	`);`
104	`return result;`
105	`}`
106
107	`function getNoProxyHostList(): string[] {`
108	`/* Prefer using 'no_grpc_proxy'. Fallback on 'no_proxy' if it is not set. */`
109	`let noProxyStr: string \| undefined = process.env.no_grpc_proxy;`
110	`let envVar = 'no_grpc_proxy';`
111	`if (!noProxyStr) {`
112	`noProxyStr = process.env.no_proxy;`
113	`envVar = 'no_proxy';`
114	`}`
115	`if (noProxyStr) {`
116	`trace('No proxy server list set by environment variable ' + envVar);`
117	`return noProxyStr.split(',');`
118	`} else {`
119	`return [];`
120	`}`
121	`}`
122
123	`export interface ProxyMapResult {`
124	`target: GrpcUri;`
125	`extraOptions: ChannelOptions;`
126	`}`
127
128	`export function mapProxyName(`
129	`target: GrpcUri,`
130	`options: ChannelOptions`
131	`): ProxyMapResult {`
132	`const noProxyResult: ProxyMapResult = {`
133	`target: target,`
134	`extraOptions: {},`
135	`};`
136	`if ((options['grpc.enable_http_proxy'] ?? 1) === 0) {`
137	`return noProxyResult;`
138	`}`
139	`if (target.scheme === 'unix') {`
140	`return noProxyResult;`
141	`}`
142	`const proxyInfo = getProxyInfo();`
143	`if (!proxyInfo.address) {`
144	`return noProxyResult;`
145	`}`
146	`const hostPort = splitHostPort(target.path);`
147	`if (!hostPort) {`
148	`return noProxyResult;`
149	`}`
150	`const serverHost = hostPort.host;`
151	`for (const host of getNoProxyHostList()) {`
152	`if (host === serverHost) {`
153	`trace(`
154	`'Not using proxy for target in no_proxy list: ' + uriToString(target)`
155	`);`
156	`return noProxyResult;`
157	`}`
158	`}`
159	`const extraOptions: ChannelOptions = {`
160	`'grpc.http_connect_target': uriToString(target),`
161	`};`
162	`if (proxyInfo.creds) {`
163	`extraOptions['grpc.http_connect_creds'] = proxyInfo.creds;`
164	`}`
165	`return {`
166	`target: {`
167	`scheme: 'dns',`
168	`path: proxyInfo.address,`
169	`},`
170	`extraOptions: extraOptions,`
171	`};`
172	`}`
173
174	`export interface ProxyConnectionResult {`
175	`socket?: Socket;`
176	`realTarget?: GrpcUri;`
177	`}`
178
179	`export function getProxiedConnection(`
180	`address: SubchannelAddress,`
181	`channelOptions: ChannelOptions,`
182	`connectionOptions: tls.ConnectionOptions`
183	`): Promise<ProxyConnectionResult> {`
184	`if (!('grpc.http_connect_target' in channelOptions)) {`
185	`return Promise.resolve<ProxyConnectionResult>({});`
186	`}`
187	`const realTarget = channelOptions['grpc.http_connect_target'] as string;`
188	`const parsedTarget = parseUri(realTarget);`
189	`if (parsedTarget === null) {`
190	`return Promise.resolve<ProxyConnectionResult>({});`
191	`}`
192	`const options: http.RequestOptions = {`
193	`method: 'CONNECT',`
194	`path: parsedTarget.path,`
195	`};`
196	`const headers: http.OutgoingHttpHeaders = {`
197	`Host: parsedTarget.path,`
198	`};`
199	`// Connect to the subchannel address as a proxy`
200	`if (isTcpSubchannelAddress(address)) {`
201	`options.host = address.host;`
202	`options.port = address.port;`
203	`} else {`
204	`options.socketPath = address.path;`
205	`}`
206	`if ('grpc.http_connect_creds' in channelOptions) {`
207	`headers['Proxy-Authorization'] =`
208	`'Basic ' +`
209	`Buffer.from(`
210	`channelOptions['grpc.http_connect_creds'] as string`
211	`).toString('base64');`
212	`}`
213	`options.headers = headers`
214	`const proxyAddressString = subchannelAddressToString(address);`
215	`trace('Using proxy ' + proxyAddressString + ' to connect to ' + options.path);`
216	`return new Promise<ProxyConnectionResult>((resolve, reject) => {`
217	`const request = http.request(options);`
218	`request.once('connect', (res, socket, head) => {`
219	`request.removeAllListeners();`
220	`socket.removeAllListeners();`
221	`if (res.statusCode === 200) {`
222	`trace(`
223	`'Successfully connected to ' +`
224	`options.path +`
225	`' through proxy ' +`
226	`proxyAddressString`
227	`);`
228	`if ('secureContext' in connectionOptions) {`
229	`/* The proxy is connecting to a TLS server, so upgrade this socket`
230	`* connection to a TLS connection.`
231	`* This is a workaround for https://github.com/nodejs/node/issues/32922`
232	`* See https://github.com/grpc/grpc-node/pull/1369 for more info. */`
233	`const targetPath = getDefaultAuthority(parsedTarget);`
234	`const hostPort = splitHostPort(targetPath);`
235	`const remoteHost = hostPort?.host ?? targetPath;`
236
237	`const cts = tls.connect(`
238	`{`
239	`host: remoteHost,`
240	`servername: remoteHost,`
241	`socket: socket,`
242	`...connectionOptions,`
243	`},`
244	`() => {`
245	`trace(`
246	`'Successfully established a TLS connection to ' +`
247	`options.path +`
248	`' through proxy ' +`
249	`proxyAddressString`
250	`);`
251	`resolve({ socket: cts, realTarget: parsedTarget });`
252	`}`
253	`);`
254	`cts.on('error', (error: Error) => {`
255	`trace('Failed to establish a TLS connection to ' +`
256	`options.path +`
257	`' through proxy ' +`
258	`proxyAddressString +`
259	`' with error ' +`
260	`error.message);`
261	`reject();`
262	`});`
263	`} else {`
264	`trace(`
265	`'Successfully established a plaintext connection to ' +`
266	`options.path +`
267	`' through proxy ' +`
268	`proxyAddressString`
269	`);`
270	`resolve({`
271	`socket,`
272	`realTarget: parsedTarget,`
273	`});`
274	`}`
275	`} else {`
276	`log(`
277	`LogVerbosity.ERROR,`
278	`'Failed to connect to ' +`
279	`options.path +`
280	`' through proxy ' +`
281	`proxyAddressString +`
282	`' with status ' +`
283	`res.statusCode`
284	`);`
285	`reject();`
286	`}`
287	`});`
288	`request.once('error', (err) => {`
289	`request.removeAllListeners();`
290	`log(`
291	`LogVerbosity.ERROR,`
292	`'Failed to connect to proxy ' +`
293	`proxyAddressString +`
294	`' with error ' +`
295	`err.message`
296	`);`
297	`reject();`
298	`});`
299	`request.end();`
300	`});`
301	`}`
302
\	No newline at end of file