feat: http proxy support for oidc (#2024) (#2044)

* feat: http proxy support for oidc Resolves: #911 Signed-off-by: manuelraa <[email protected]> * chore: reduce code duplication for agent configuration Signed-off-by: Manuelraa <[email protected]> --------- Signed-off-by: manuelraa <[email protected]> Signed-off-by: Manuelraa <[email protected]> (cherry picked from commit fe847af) Co-authored-by: Manuelraa <[email protected]>
opensearch-project · Jul 18, 2024 · afa09a3 · afa09a3
1 parent 455950c
commit afa09a3
Show file tree

Hide file tree

Showing 3 changed files with 208 additions and 14 deletions.
diff --git a/package.json b/package.json
@@ -44,6 +44,7 @@
     "@hapi/cryptiles": "5.0.0",
     "@hapi/wreck": "^17.1.0",
     "html-entities": "1.3.1",
+    "proxy-agent": "^6.4.0",
     "zxcvbn": "^4.4.2"
   },
   "resolutions": {

diff --git a/server/auth/types/openid/openid_auth.ts b/server/auth/types/openid/openid_auth.ts
@@ -27,10 +27,9 @@ import {
   IOpenSearchDashboardsResponse,
   AuthResult,
 } from 'opensearch-dashboards/server';
-import HTTP from 'http';
-import HTTPS from 'https';
 import { PeerCertificate } from 'tls';
 import { Server, ServerStateCookieOptions } from '@hapi/hapi';
+import { ProxyAgent } from 'proxy-agent';
 import { SecurityPluginConfigType } from '../../..';
 import {
   SecuritySessionCookie,
@@ -175,19 +174,23 @@ export class OpenIdAuthentication extends AuthenticationType {
       };
     }
     this.logger.info(getObjectProperties(this.wreckHttpsOption, 'WreckHttpsOptions'));
+
+    // Use proxy agent to allow usage of e.g. http_proxy environment variable
+    const httpAgent = new ProxyAgent();
+    const httpsAllowUnauthorizedAgent = new ProxyAgent({
+      rejectUnauthorized: false,
+    });
+    let httpsAgent = new ProxyAgent();
     if (Object.keys(this.wreckHttpsOption).length > 0) {
-      return wreck.defaults({
-        agents: {
-          http: new HTTP.Agent(),
-          https: new HTTPS.Agent(this.wreckHttpsOption),
-          httpsAllowUnauthorized: new HTTPS.Agent({
-            rejectUnauthorized: false,
-          }),
-        },
-      });
-    } else {
-      return wreck;
+      httpsAgent = new ProxyAgent(this.wreckHttpsOption);
     }
+    return wreck.defaults({
+      agents: {
+        http: httpAgent,
+        https: httpsAgent,
+        httpsAllowUnauthorized: httpsAllowUnauthorizedAgent,
+      },
+    });
   }
 
   getWreckHttpsOptions(): WreckHttpsOptions {