Merge pull request #2010 from jairajmahadev/Adding-insecure-option-to…

…-disable-client-certificate-verification Adding insecure option to disable client certificate verification
openzim · Apr 8, 2024 · 55b9134 · 55b9134
2 parents b44e49a + 3a18048
commit 55b9134
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/src/Downloader.ts b/src/Downloader.ts
@@ -58,6 +58,7 @@ interface DownloaderOpts {
   webp: boolean
   backoffOptions?: BackoffOptions
   mwWikiPath?: string
+  insecure?: boolean
 }
 
 interface BackoffOptions {
@@ -105,8 +106,9 @@ class Downloader {
 
   private articleUrlDirector: URLDirector
   private mainPageUrlDirector: URLDirector
+  private readonly insecure: boolean = false
 
-  constructor({ uaString, speed, reqTimeout, optimisationCacheUrl, s3, webp, backoffOptions }: DownloaderOpts) {
+  constructor({ uaString, speed, reqTimeout, optimisationCacheUrl, s3, webp, backoffOptions, insecure }: DownloaderOpts) {
     this.uaString = uaString
     this.speed = speed
     this.maxActiveRequests = speed * 10
@@ -116,6 +118,7 @@ class Downloader {
     this.webp = webp
     this.s3 = s3
     this.apiUrlDirector = new ApiURLDirector(MediaWiki.actionApiUrl.href)
+    this.insecure = insecure
 
     this.backoffOptions = {
       strategy: new backoff.ExponentialStrategy(),
@@ -130,7 +133,7 @@ class Downloader {
     this.arrayBufferRequestOptions = {
       // HTTP agent pools with 'keepAlive' to reuse TCP connections, so it's faster
       httpAgent: new http.Agent({ keepAlive: true }),
-      httpsAgent: new https.Agent({ keepAlive: true }),
+      httpsAgent: new https.Agent({ keepAlive: true, rejectUnauthorized: !this.insecure }), // rejectUnauthorized: false disables TLS
 
       headers: {
         'cache-control': 'public, max-stale=86400',
@@ -148,7 +151,7 @@ class Downloader {
     this.jsonRequestOptions = {
       // HTTP agent pools with 'keepAlive' to reuse TCP connections, so it's faster
       httpAgent: new http.Agent({ keepAlive: true }),
-      httpsAgent: new https.Agent({ keepAlive: true }),
+      httpsAgent: new https.Agent({ keepAlive: true, rejectUnauthorized: !this.insecure }),
 
       headers: {
         accept: 'application/json',
@@ -166,7 +169,7 @@ class Downloader {
       // HTTP agent pools with 'keepAlive' to reuse TCP connections, so it's faster
       ...defaultStreamRequestOptions,
       httpAgent: new http.Agent({ keepAlive: true }),
-      httpsAgent: new https.Agent({ keepAlive: true }),
+      httpsAgent: new https.Agent({ keepAlive: true, rejectUnauthorized: !this.insecure }),
 
       headers: {
         ...defaultStreamRequestOptions.headers,

diff --git a/src/mwoffliner.lib.ts b/src/mwoffliner.lib.ts
@@ -174,6 +174,7 @@ async function execute(argv: any) {
     optimisationCacheUrl,
     s3,
     webp,
+    insecure: argv.insecure,
   })
 
   /* perform login */

diff --git a/src/parameterList.ts b/src/parameterList.ts
@@ -39,6 +39,7 @@ export const parameterDescriptions = {
   optimisationCacheUrl: 'Object Storage URL (including credentials and bucket name) to cache optimised media files',
   forceRender:
     'Force the usage of a specific API end-point/render, automatically chosen otherwise. Accepted values: [ VisualEditor, WikimediaDesktop. WikimediaMobile ]. More details at https://github.com/openzim/mwoffliner/wiki/API-end-points',
+  insecure: 'Skip HTTPS server authenticity verification step',
 }
 
 // TODO: Add an interface based on the object above