Merge #10871

10871: Respect `http.proxyStrictSSL` r=lnicola a=lnicola Closes #10866 Currently untested. Co-authored-by: Laurențiu Nicola <lnicola@dend.ro>
2021-11-29 18:02:41 +00:00 · 2021-11-29 18:02:41 +00:00 · a1648208b2
commit a1648208b2
parent 393cbd0982 7d815b862f
3 changed files with 48 additions and 22 deletions
--- a/editors/code/src/config.ts
+++ b/editors/code/src/config.ts
@ -8,6 +8,11 @@ const NIGHTLY_TAG = "nightly";

 export type RunnableEnvCfg = undefined | Record<string, string> | { mask?: string; env: Record<string, string> }[];

+export class ProxySettings {
+    proxy?: string = undefined;
+    strictSSL: boolean = true;
+}
+
 export class Config {
    readonly extensionId = "matklad.rust-analyzer";

@ -99,13 +104,17 @@ export class Config {
    get channel() { return this.get<UpdatesChannel>("updates.channel"); }
    get askBeforeDownload() { return this.get<boolean>("updates.askBeforeDownload"); }
    get traceExtension() { return this.get<boolean>("trace.extension"); }
-    get httpProxy() {
-        const httpProxy = vscode
+    get proxySettings(): ProxySettings {
+        const proxy = vscode
            .workspace
            .getConfiguration('http')
-            .get<null | string>("proxy")!;
+            .get<null | string>("proxy")! || process.env["https_proxy"] || process.env["HTTPS_PROXY"];
+        const strictSSL = vscode.workspace.getConfiguration("http").get<boolean>("proxyStrictSSL") || true;

-        return httpProxy || process.env["https_proxy"] || process.env["HTTPS_PROXY"];
+        return {
+            proxy: proxy,
+            strictSSL: strictSSL,
+        };
    }

    get inlayHints() {
--- a/editors/code/src/main.ts
+++ b/editors/code/src/main.ts
@ -198,7 +198,7 @@ async function bootstrapExtension(config: Config, state: PersistentState): Promi
    }

    const latestNightlyRelease = await downloadWithRetryDialog(state, async () => {
-        return await fetchRelease("nightly", state.githubToken, config.httpProxy);
+        return await fetchRelease("nightly", state.githubToken, config.proxySettings);
    }).catch(async (e) => {
        log.error(e);
        if (isInitialNightlyDownload) {
@ -230,7 +230,7 @@ async function bootstrapExtension(config: Config, state: PersistentState): Promi
            url: artifact.browser_download_url,
            dest,
            progressTitle: "Downloading rust-analyzer extension",
-            httpProxy: config.httpProxy,
+            proxySettings: config.proxySettings,
        });
    });

@ -361,7 +361,7 @@ async function getServer(config: Config, state: PersistentState): Promise<string

    const releaseTag = config.package.releaseTag;
    const release = await downloadWithRetryDialog(state, async () => {
-        return await fetchRelease(releaseTag, state.githubToken, config.httpProxy);
+        return await fetchRelease(releaseTag, state.githubToken, config.proxySettings);
    });
    const artifact = release.assets.find(artifact => artifact.name === `rust-analyzer-${platform}.gz`);
    assert(!!artifact, `Bad release: ${JSON.stringify(release)}`);
@ -373,7 +373,7 @@ async function getServer(config: Config, state: PersistentState): Promise<string
            progressTitle: "Downloading rust-analyzer server",
            gunzip: true,
            mode: 0o755,
-            httpProxy: config.httpProxy,
+            proxySettings: config.proxySettings,
        });
    });

--- a/editors/code/src/net.ts
+++ b/editors/code/src/net.ts
@ -9,6 +9,9 @@ import * as zlib from "zlib";
 import * as util from "util";
 import * as path from "path";
 import { log, assert } from "./util";
+import * as url from "url";
+import * as https from "https";
+import { ProxySettings } from "./config";

 const pipeline = util.promisify(stream.pipeline);

@ -16,10 +19,18 @@ const GITHUB_API_ENDPOINT_URL = "https://api.github.com";
 const OWNER = "rust-analyzer";
 const REPO = "rust-analyzer";

+function makeHttpAgent(proxy: string | null | undefined, options?: https.AgentOptions) {
+    if (proxy) {
+        return new HttpsProxyAgent(proxy, { ...options, ...url.parse(proxy) });
+    } else {
+        return new https.Agent(options);
+    }
+}
+
 export async function fetchRelease(
    releaseTag: string,
    githubToken: string | null | undefined,
-    httpProxy: string | null | undefined,
+    proxySettings: ProxySettings,
 ): Promise<GithubRelease> {

    const apiEndpointPath = `/repos/${OWNER}/${REPO}/releases/tags/${releaseTag}`;
@ -34,12 +45,15 @@ export async function fetchRelease(
    }

    const response = await (() => {
-        if (httpProxy) {
-            log.debug(`Fetching release metadata via proxy: ${httpProxy}`);
-            return fetch(requestUrl, { headers: headers, agent: new HttpsProxyAgent(httpProxy) });
+        if (proxySettings.proxy) {
+            log.debug(`Fetching release metadata via proxy: ${proxySettings.proxy}`);
        }
-
-        return fetch(requestUrl, { headers: headers });
+        const options: any = {};
+        if (proxySettings.strictSSL) {
+            options["rejectUnauthorized"] = false;
+        }
+        const agent = makeHttpAgent(proxySettings.proxy, options);
+        return fetch(requestUrl, { headers: headers, agent: agent });
    })();

    if (!response.ok) {
@ -83,7 +97,7 @@ interface DownloadOpts {
    dest: vscode.Uri;
    mode?: number;
    gunzip?: boolean;
-    httpProxy?: string;
+    proxySettings: ProxySettings;
 }

 export async function download(opts: DownloadOpts) {
@ -103,7 +117,7 @@ export async function download(opts: DownloadOpts) {
        },
        async (progress, _cancellationToken) => {
            let lastPercentage = 0;
-            await downloadFile(opts.url, tempFilePath, opts.mode, !!opts.gunzip, opts.httpProxy, (readBytes, totalBytes) => {
+            await downloadFile(opts.url, tempFilePath, opts.mode, !!opts.gunzip, opts.proxySettings, (readBytes, totalBytes) => {
                const newPercentage = Math.round((readBytes / totalBytes) * 100);
                if (newPercentage !== lastPercentage) {
                    progress.report({
@ -167,18 +181,21 @@ async function downloadFile(
    destFilePath: vscode.Uri,
    mode: number | undefined,
    gunzip: boolean,
-    httpProxy: string | null | undefined,
+    proxySettings: ProxySettings,
    onProgress: (readBytes: number, totalBytes: number) => void
 ): Promise<void> {
    const urlString = url.toString();

    const res = await (() => {
-        if (httpProxy) {
-            log.debug(`Downloading ${urlString} via proxy: ${httpProxy}`);
-            return fetch(urlString, { agent: new HttpsProxyAgent(httpProxy) });
+        if (proxySettings.proxy) {
+            log.debug(`Downloading ${urlString} via proxy: ${proxySettings.proxy}`);
        }
-
-        return fetch(urlString);
+        const options: any = {};
+        if (proxySettings.strictSSL) {
+            options["rejectUnauthorized"] = false;
+        }
+        const agent = makeHttpAgent(proxySettings.proxy, options);
+        return fetch(urlString, { agent: agent });
    })();

    if (!res.ok) {