diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..12b4b9a3 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,37 @@ +root = true + +[*] +indent_style = tab +indent_size = 4 +tab_width = 4 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[{*.json,*.json.example,*.gyp,*.yml,*.yaml,*.workflow}] +indent_style = space +indent_size = 2 + +[{*.py,*.asm}] +indent_style = space + +[*.py] +indent_size = 4 + +[*.asm] +indent_size = 8 + +[*.md] +trim_trailing_whitespace = false + +# Ideal settings - some plugins might support these. +[*.js] +quote_type = single + +[{*.c,*.cc,*.h,*.hh,*.cpp,*.hpp,*.m,*.mm,*.mpp,*.js,*.java,*.go,*.rs,*.php,*.ng,*.jsx,*.ts,*.d,*.cs,*.swift}] +curly_bracket_next_line = false +spaces_around_operators = true +spaces_around_brackets = outside +# close enough to 1TB +indent_brace_style = K&R diff --git a/.eslintrc.js b/.eslintrc.js new file mode 100644 index 00000000..62743f2c --- /dev/null +++ b/.eslintrc.js @@ -0,0 +1,86 @@ +module.exports = { + 'extends': [ + 'airbnb', + 'prettier' + ], + 'parser': '@typescript-eslint/parser', + 'parserOptions': { + 'ecmaVersion': 2018, + 'sourceType': 'module', + 'modules': true + }, + 'plugins': [ + '@typescript-eslint' + ], + 'settings': { + 'import/resolver': { + 'typescript': { + } + } + }, + 'rules': { + 'quotes': [ + 2, + 'single', + { + 'allowTemplateLiterals': true + } + ], + 'class-methods-use-this': 0, + 'consistent-return': 0, + 'func-names': 0, + 'global-require': 0, + 'guard-for-in': 0, + 'import/no-duplicates': 0, + 'import/no-dynamic-require': 0, + 'import/no-extraneous-dependencies': 0, + 'import/prefer-default-export': 0, + 'lines-between-class-members': 0, + 'no-await-in-loop': 0, + 'no-bitwise': 0, + 'no-console': 0, + 'no-continue': 0, + 'no-control-regex': 0, + 'no-empty': 0, + 'no-loop-func': 0, + 'no-nested-ternary': 0, + 'no-param-reassign': 0, + 'no-plusplus': 0, + 'no-restricted-globals': 0, + 'no-restricted-syntax': 0, + 'no-shadow': 0, + 'no-underscore-dangle': 0, + 'no-use-before-define': 0, + 'prefer-const': 0, + 'prefer-destructuring': 0, + 'camelcase': 0, + 'no-unused-vars': 0, // in favor of '@typescript-eslint/no-unused-vars' + // 'indent': 0 // in favor of '@typescript-eslint/indent' + '@typescript-eslint/no-unused-vars': 'warn', + // '@typescript-eslint/indent': ['error', 2] // this might conflict with a lot ongoing changes + '@typescript-eslint/no-array-constructor': 'error', + '@typescript-eslint/adjacent-overload-signatures': 'error', + '@typescript-eslint/class-name-casing': 'error', + '@typescript-eslint/interface-name-prefix': 'error', + '@typescript-eslint/no-empty-interface': 'error', + '@typescript-eslint/no-inferrable-types': 'error', + '@typescript-eslint/no-misused-new': 'error', + '@typescript-eslint/no-namespace': 'error', + '@typescript-eslint/no-non-null-assertion': 'error', + '@typescript-eslint/no-parameter-properties': 'error', + '@typescript-eslint/no-triple-slash-reference': 'error', + '@typescript-eslint/prefer-namespace-keyword': 'error', + '@typescript-eslint/type-annotation-spacing': 'error', + // '@typescript-eslint/array-type': 'error', + // '@typescript-eslint/ban-types': 'error', + // '@typescript-eslint/explicit-function-return-type': 'warn', + // '@typescript-eslint/explicit-member-accessibility': 'error', + // '@typescript-eslint/member-delimiter-style': 'error', + // '@typescript-eslint/no-angle-bracket-type-assertion': 'error', + // '@typescript-eslint/no-explicit-any': 'warn', + // '@typescript-eslint/no-object-literal-type-assertion': 'error', + // '@typescript-eslint/no-use-before-define': 'error', + // '@typescript-eslint/no-var-requires': 'error', + // '@typescript-eslint/prefer-interface': 'error' + } +} diff --git a/.gitignore b/.gitignore index c12f3a80..c650246c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /node_modules +/yarn.lock /?.js diff --git a/.npmignore b/.npmignore new file mode 100644 index 00000000..4d6db5e6 --- /dev/null +++ b/.npmignore @@ -0,0 +1,3 @@ +History.md +test +.travis.yml diff --git a/.travis.yml b/.travis.yml index 805d3d50..bb8ff352 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,16 +1,18 @@ -sudo: false - language: node_js node_js: - - "4" - - "5" - "6" - - "7" - "8" + - "10" + - "12" + +os: + - linux + - osx + - windows install: - - PATH="`npm bin`:`npm bin -g`:$PATH" + # - PATH="`npm bin`:`npm bin -g`:$PATH" # Install dependencies and build - npm install diff --git a/History.md b/History.md index c0b5cef8..f7238123 100644 --- a/History.md +++ b/History.md @@ -1,4 +1,15 @@ +2.2.0 / 2018-03-03 +================== + + * Add "engines" to package.json - requires Node.js >= 4.5.0 + * Use `Buffer.from()` + +2.1.1 / 2017-11-28 +================== + + * Update `debug` - Security Problems with Previous Version (#38) + 2.1.0 / 2017-08-08 ================== diff --git a/README.md b/README.md index 5e0419cf..20fda1e2 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,7 @@ The `options` argument may either be a string URI of the proxy server to use, or * `host` - String - Proxy host to connect to (may use `hostname` as well). Required. * `port` - Number - Proxy port to connect to. Required. - * `secureProxy` - Boolean - If `true`, then use TLS to connect to the proxy. Defaults to `false`. + * `protocol` - String - If `https:`, then use TLS to connect to the proxy. * `headers` - Object - Additional HTTP headers to be sent on the HTTP CONNECT method. * Any other options given are passed to the `net.connect()`/`tls.connect()` functions. diff --git a/index.d.ts b/index.d.ts new file mode 100644 index 00000000..cec35d85 --- /dev/null +++ b/index.d.ts @@ -0,0 +1,22 @@ +declare module 'https-proxy-agent' { + import * as https from 'https'; + + namespace HttpsProxyAgent { + interface HttpsProxyAgentOptions { + host: string; + port: number | string; + secureProxy?: boolean; + headers?: { + [key: string]: string; + }; + [key: string]: any; + } + } + + // HttpsProxyAgent doesnt *actually* extend https.Agent, but for my purposes I want it to pretend that it does + class HttpsProxyAgent extends https.Agent { + constructor(opts: HttpsProxyAgent.HttpsProxyAgentOptions | string); + } + + export = HttpsProxyAgent; +} diff --git a/index.js b/index.js index 69985780..817a0a92 100644 --- a/index.js +++ b/index.js @@ -5,6 +5,7 @@ var net = require('net'); var tls = require('tls'); var url = require('url'); +var assert = require('assert'); var Agent = require('agent-base'); var inherits = require('util').inherits; var debug = require('debug')('https-proxy-agent'); @@ -23,39 +24,42 @@ module.exports = HttpsProxyAgent; */ function HttpsProxyAgent(opts) { - if (!(this instanceof HttpsProxyAgent)) return new HttpsProxyAgent(opts); - if ('string' == typeof opts) opts = url.parse(opts); - if (!opts) - throw new Error( - 'an HTTP(S) proxy server `host` and `port` must be specified!' - ); - debug('creating new HttpsProxyAgent instance: %o', opts); - Agent.call(this, opts); - - var proxy = Object.assign({}, opts); - - // if `true`, then connect to the proxy server over TLS. defaults to `false`. - this.secureProxy = proxy.protocol ? /^https:?$/i.test(proxy.protocol) : false; - - // prefer `hostname` over `host`, and set the `port` if needed - proxy.host = proxy.hostname || proxy.host; - proxy.port = +proxy.port || (this.secureProxy ? 443 : 80); - - // ALPN is supported by Node.js >= v5. - // attempt to negotiate http/1.1 for proxy servers that support http/2 - if (this.secureProxy && !('ALPNProtocols' in proxy)) { - proxy.ALPNProtocols = ['http 1.1'] - } - - if (proxy.host && proxy.path) { - // if both a `host` and `path` are specified then it's most likely the - // result of a `url.parse()` call... we need to remove the `path` portion so - // that `net.connect()` doesn't attempt to open that as a unix socket file. - delete proxy.path; - delete proxy.pathname; - } - - this.proxy = proxy; + if (!(this instanceof HttpsProxyAgent)) return new HttpsProxyAgent(opts); + if ('string' == typeof opts) opts = url.parse(opts); + if (!opts) + throw new Error( + 'an HTTP(S) proxy server `host` and `port` must be specified!' + ); + debug('creating new HttpsProxyAgent instance: %o', opts); + Agent.call(this, opts); + + var proxy = Object.assign({}, opts); + + // if `true`, then connect to the proxy server over TLS. defaults to `false`. + this.secureProxy = proxy.protocol + ? /^https:?$/i.test(proxy.protocol) + : false; + + // prefer `hostname` over `host`, and set the `port` if needed + proxy.host = proxy.hostname || proxy.host; + proxy.port = +proxy.port || (this.secureProxy ? 443 : 80); + + // ALPN is supported by Node.js >= v5. + // attempt to negotiate http/1.1 for proxy servers that support http/2 + if (this.secureProxy && !('ALPNProtocols' in proxy)) { + proxy.ALPNProtocols = ['http 1.1']; + } + + if (proxy.host && proxy.path) { + // if both a `host` and `path` are specified then it's most likely the + // result of a `url.parse()` call... we need to remove the `path` portion so + // that `net.connect()` doesn't attempt to open that as a unix socket file. + delete proxy.path; + delete proxy.pathname; + } + + this.proxy = proxy; + this.defaultPort = 443; } inherits(HttpsProxyAgent, Agent); @@ -66,163 +70,172 @@ inherits(HttpsProxyAgent, Agent); */ HttpsProxyAgent.prototype.callback = function connect(req, opts, fn) { - var proxy = this.proxy; - - // create a socket connection to the proxy server - var socket; - if (this.secureProxy) { - socket = tls.connect(proxy); - } else { - socket = net.connect(proxy); - } - - // we need to buffer any HTTP traffic that happens with the proxy before we get - // the CONNECT response, so that if the response is anything other than an "200" - // response code, then we can re-play the "data" events on the socket once the - // HTTP parser is hooked up... - var buffers = []; - var buffersLength = 0; - - function read() { - var b = socket.read(); - if (b) ondata(b); - else socket.once('readable', read); - } - - function cleanup() { - socket.removeListener('data', ondata); - socket.removeListener('end', onend); - socket.removeListener('error', onerror); - socket.removeListener('close', onclose); - socket.removeListener('readable', read); - } - - function onclose(err) { - debug('onclose had error %o', err); - } - - function onend() { - debug('onend'); - } - - function onerror(err) { - cleanup(); - fn(err); - } - - function ondata(b) { - buffers.push(b); - buffersLength += b.length; - var buffered = Buffer.concat(buffers, buffersLength); - var str = buffered.toString('ascii'); - - if (!~str.indexOf('\r\n\r\n')) { - // keep buffering - debug('have not received end of HTTP headers yet...'); - if (socket.read) { - read(); - } else { - socket.once('data', ondata); - } - return; - } - - var firstLine = str.substring(0, str.indexOf('\r\n')); - var statusCode = +firstLine.split(' ')[1]; - debug('got proxy server response: %o', firstLine); - - if (200 == statusCode) { - // 200 Connected status code! - var sock = socket; - - // nullify the buffered data since we won't be needing it - buffers = buffered = null; - - if (opts.secureEndpoint) { - // since the proxy is connecting to an SSL server, we have - // to upgrade this socket connection to an SSL connection - debug( - 'upgrading proxy-connected socket to TLS connection: %o', - opts.host - ); - opts.socket = socket; - opts.servername = opts.servername || opts.host; - opts.host = null; - opts.hostname = null; - opts.port = null; - sock = tls.connect(opts); - } - - cleanup(); - fn(null, sock); - } else { - // some other status code that's not 200... need to re-play the HTTP header - // "data" events onto the socket once the HTTP machinery is attached so that - // the user can parse and handle the error status code - cleanup(); - - // save a reference to the concat'd Buffer for the `onsocket` callback - buffers = buffered; - - // need to wait for the "socket" event to re-play the "data" events - req.once('socket', onsocket); - fn(null, socket); - } - } - - function onsocket(socket) { - // replay the "buffers" Buffer onto the `socket`, since at this point - // the HTTP module machinery has been hooked up for the user - if ('function' == typeof socket.ondata) { - // node <= v0.11.3, the `ondata` function is set on the socket - socket.ondata(buffers, 0, buffers.length); - } else if (socket.listeners('data').length > 0) { - // node > v0.11.3, the "data" event is listened for directly - socket.emit('data', buffers); - } else { - // never? - throw new Error('should not happen...'); - } - - // nullify the cached Buffer instance - buffers = null; - } - - socket.on('error', onerror); - socket.on('close', onclose); - socket.on('end', onend); - - if (socket.read) { - read(); - } else { - socket.once('data', ondata); - } - - var hostname = opts.host + ':' + opts.port; - var msg = 'CONNECT ' + hostname + ' HTTP/1.1\r\n'; - - var headers = Object.assign({}, proxy.headers); - if (proxy.auth) { - headers['Proxy-Authorization'] = - 'Basic ' + new Buffer(proxy.auth).toString('base64'); - } - - // the Host header should only include the port - // number when it is a non-standard port - var host = opts.host; - if (!isDefaultPort(opts.port, opts.secureEndpoint)) { - host += ':' + opts.port; - } - headers['Host'] = host; - - headers['Connection'] = 'close'; - Object.keys(headers).forEach(function(name) { - msg += name + ': ' + headers[name] + '\r\n'; - }); - - socket.write(msg + '\r\n'); + var proxy = this.proxy; + + // create a socket connection to the proxy server + var socket; + if (this.secureProxy) { + socket = tls.connect(proxy); + } else { + socket = net.connect(proxy); + } + + // we need to buffer any HTTP traffic that happens with the proxy before we get + // the CONNECT response, so that if the response is anything other than an "200" + // response code, then we can re-play the "data" events on the socket once the + // HTTP parser is hooked up... + var buffers = []; + var buffersLength = 0; + + function read() { + var b = socket.read(); + if (b) ondata(b); + else socket.once('readable', read); + } + + function cleanup() { + socket.removeListener('end', onend); + socket.removeListener('error', onerror); + socket.removeListener('close', onclose); + socket.removeListener('readable', read); + } + + function onclose(err) { + debug('onclose had error %o', err); + } + + function onend() { + debug('onend'); + } + + function onerror(err) { + cleanup(); + fn(err); + } + + function ondata(b) { + buffers.push(b); + buffersLength += b.length; + var buffered = Buffer.concat(buffers, buffersLength); + var str = buffered.toString('ascii'); + + if (!~str.indexOf('\r\n\r\n')) { + // keep buffering + debug('have not received end of HTTP headers yet...'); + read(); + return; + } + + var firstLine = str.substring(0, str.indexOf('\r\n')); + var statusCode = +firstLine.split(' ')[1]; + debug('got proxy server response: %o', firstLine); + + if (200 == statusCode) { + // 200 Connected status code! + var sock = socket; + + // nullify the buffered data since we won't be needing it + buffers = buffered = null; + + if (opts.secureEndpoint) { + // since the proxy is connecting to an SSL server, we have + // to upgrade this socket connection to an SSL connection + debug( + 'upgrading proxy-connected socket to TLS connection: %o', + opts.host + ); + opts.socket = socket; + opts.servername = opts.servername || opts.host; + opts.host = null; + opts.hostname = null; + opts.port = null; + sock = tls.connect(opts); + } + + cleanup(); + req.once('socket', resume); + fn(null, sock); + } else { + // some other status code that's not 200... need to re-play the HTTP header + // "data" events onto the socket once the HTTP machinery is attached so + // that the node core `http` can parse and handle the error status code + cleanup(); + + // the original socket is closed, and a new closed socket is + // returned instead, so that the proxy doesn't get the HTTP request + // written to it (which may contain `Authorization` headers or other + // sensitive data). + // + // See: https://hackerone.com/reports/541502 + socket.destroy(); + socket = new net.Socket(); + socket.readable = true; + + + // save a reference to the concat'd Buffer for the `onsocket` callback + buffers = buffered; + + // need to wait for the "socket" event to re-play the "data" events + req.once('socket', onsocket); + + fn(null, socket); + } + } + + function onsocket(socket) { + debug('replaying proxy buffer for failed request'); + assert(socket.listenerCount('data') > 0); + + // replay the "buffers" Buffer onto the `socket`, since at this point + // the HTTP module machinery has been hooked up for the user + socket.push(buffers); + + // nullify the cached Buffer instance + buffers = null; + } + + socket.on('error', onerror); + socket.on('close', onclose); + socket.on('end', onend); + + read(); + + var hostname = opts.host + ':' + opts.port; + var msg = 'CONNECT ' + hostname + ' HTTP/1.1\r\n'; + + var headers = Object.assign({}, proxy.headers); + if (proxy.auth) { + headers['Proxy-Authorization'] = + 'Basic ' + Buffer.from(proxy.auth).toString('base64'); + } + + // the Host header should only include the port + // number when it is a non-standard port + var host = opts.host; + if (!isDefaultPort(opts.port, opts.secureEndpoint)) { + host += ':' + opts.port; + } + headers['Host'] = host; + + headers['Connection'] = 'close'; + Object.keys(headers).forEach(function(name) { + msg += name + ': ' + headers[name] + '\r\n'; + }); + + socket.write(msg + '\r\n'); }; +/** + * Resumes a socket. + * + * @param {(net.Socket|tls.Socket)} socket The socket to resume + * @api public + */ + +function resume(socket) { + socket.resume(); +} + function isDefaultPort(port, secure) { - return Boolean((!secure && port === 80) || (secure && port === 443)); + return Boolean((!secure && port === 80) || (secure && port === 443)); } diff --git a/package.json b/package.json index b29f630d..2ff1870a 100644 --- a/package.json +++ b/package.json @@ -1,8 +1,9 @@ { "name": "https-proxy-agent", - "version": "2.1.0", + "version": "2.2.4", "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", "main": "./index.js", + "types": "./index.d.ts", "scripts": { "test": "mocha --reporter spec" }, @@ -22,11 +23,14 @@ "url": "https://github.com/TooTallNate/node-https-proxy-agent/issues" }, "dependencies": { - "agent-base": "^4.1.0", - "debug": "^2.4.1" + "agent-base": "^4.3.0", + "debug": "^3.1.0" }, "devDependencies": { - "mocha": "^3.4.2", - "proxy": "^0.2.4" + "mocha": "^6.2.0", + "proxy": "1" + }, + "engines": { + "node": ">= 4.5.0" } } diff --git a/test/test.js b/test/test.js index 9017701f..61a02320 100644 --- a/test/test.js +++ b/test/test.js @@ -1,4 +1,3 @@ - /** * Module dependencies. */ @@ -11,298 +10,381 @@ var assert = require('assert'); var Proxy = require('proxy'); var HttpsProxyAgent = require('../'); -describe('HttpsProxyAgent', function () { - - var server; - var serverPort; - - var sslServer; - var sslServerPort; - - var proxy; - var proxyPort; - - var sslProxy; - var sslProxyPort; - - before(function (done) { - // setup target HTTP server - server = http.createServer(); - server.listen(function () { - serverPort = server.address().port; - done(); - }); - }); - - before(function (done) { - // setup HTTP proxy server - proxy = Proxy(); - proxy.listen(function () { - proxyPort = proxy.address().port; - done(); - }); - }); - - before(function (done) { - // setup target HTTPS server - var options = { - key: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.key'), - cert: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.pem') - }; - sslServer = https.createServer(options); - sslServer.listen(function () { - sslServerPort = sslServer.address().port; - done(); - }); - }); - - before(function (done) { - // setup SSL HTTP proxy server - var options = { - key: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.key'), - cert: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.pem') - }; - sslProxy = Proxy(https.createServer(options)); - sslProxy.listen(function () { - sslProxyPort = sslProxy.address().port; - done(); - }); - }); - - // shut down test HTTP server - after(function (done) { - server.once('close', function () { done(); }); - server.close(); - }); - - after(function (done) { - proxy.once('close', function () { done(); }); - proxy.close(); - }); - - after(function (done) { - sslServer.once('close', function () { done(); }); - sslServer.close(); - }); - - after(function (done) { - sslProxy.once('close', function () { done(); }); - sslProxy.close(); - }); - - describe('constructor', function () { - it('should throw an Error if no "proxy" argument is given', function () { - assert.throws(function () { - new HttpsProxyAgent(); - }); - }); - it('should accept a "string" proxy argument', function () { - var agent = new HttpsProxyAgent('http://127.0.0.1:' + proxyPort); - assert.equal('127.0.0.1', agent.proxy.host); - assert.equal(proxyPort, agent.proxy.port); - }); - it('should accept a `url.parse()` result object argument', function () { - var opts = url.parse('http://127.0.0.1:' + proxyPort); - var agent = new HttpsProxyAgent(opts); - assert.equal('127.0.0.1', agent.proxy.host); - assert.equal(proxyPort, agent.proxy.port); - }); - describe('secureProxy', function () { - it('should default to `false`', function () { - var agent = new HttpsProxyAgent({ port: proxyPort }); - assert.equal(false, agent.secureProxy); - }); - it('should be `false` when "http:" protocol is used', function () { - var agent = new HttpsProxyAgent({ port: proxyPort, protocol: 'http:' }); - assert.equal(false, agent.secureProxy); - }); - it('should be `true` when "https:" protocol is used', function () { - var agent = new HttpsProxyAgent({ port: proxyPort, protocol: 'https:' }); - assert.equal(true, agent.secureProxy); - }); - it('should be `true` when "https" protocol is used', function () { - var agent = new HttpsProxyAgent({ port: proxyPort, protocol: 'https' }); - assert.equal(true, agent.secureProxy); - }); - }); - }); - - describe('"http" module', function () { - - beforeEach(function () { - delete proxy.authenticate; - }); - - it('should work over an HTTP proxy', function (done) { - server.once('request', function (req, res) { - res.end(JSON.stringify(req.headers)); - }); - - var proxy = process.env.HTTP_PROXY || process.env.http_proxy || 'http://127.0.0.1:' + proxyPort; - var agent = new HttpsProxyAgent(proxy); - - var opts = url.parse('http://127.0.0.1:' + serverPort); - opts.agent = agent; - - var req = http.get(opts, function (res) { - var data = ''; - res.setEncoding('utf8'); - res.on('data', function (b) { - data += b; - }); - res.on('end', function () { - data = JSON.parse(data); - assert.equal('127.0.0.1:' + serverPort, data.host); - done(); - }); - }); - req.once('error', done); - }); - it('should work over an HTTPS proxy', function (done) { - server.once('request', function (req, res) { - res.end(JSON.stringify(req.headers)); - }); - - var proxy = process.env.HTTPS_PROXY || process.env.https_proxy || 'https://127.0.0.1:' + sslProxyPort; - proxy = url.parse(proxy); - proxy.rejectUnauthorized = false; - var agent = new HttpsProxyAgent(proxy); - - var opts = url.parse('http://127.0.0.1:' + serverPort); - opts.agent = agent; - - http.get(opts, function (res) { - var data = ''; - res.setEncoding('utf8'); - res.on('data', function (b) { - data += b; - }); - res.on('end', function () { - data = JSON.parse(data); - assert.equal('127.0.0.1:' + serverPort, data.host); - done(); - }); - }); - }); - it('should receive the 407 authorization code on the `http.ClientResponse`', function (done) { - // set a proxy authentication function for this test - proxy.authenticate = function (req, fn) { - // reject all requests - fn(null, false); - }; - - var proxyUri = process.env.HTTP_PROXY || process.env.http_proxy || 'http://127.0.0.1:' + proxyPort; - var agent = new HttpsProxyAgent(proxyUri); - - var opts = {}; - // `host` and `port` don't really matter since the proxy will reject anyways - opts.host = '127.0.0.1'; - opts.port = 80; - opts.agent = agent; - - var req = http.get(opts, function (res) { - assert.equal(407, res.statusCode); - assert('proxy-authenticate' in res.headers); - done(); - }); - }); - it('should emit an "error" event on the `http.ClientRequest` if the proxy does not exist', function (done) { - // port 4 is a reserved, but "unassigned" port - var proxyUri = 'http://127.0.0.1:4'; - var agent = new HttpsProxyAgent(proxyUri); - - var opts = url.parse('http://nodejs.org'); - opts.agent = agent; - - var req = http.get(opts); - req.once('error', function (err) { - assert.equal('ECONNREFUSED', err.code); - req.abort(); - done(); - }); - }); - - it('should allow custom proxy "headers"', function (done) { - server.once('connect', function (req, socket, head) { - assert.equal('CONNECT', req.method); - assert.equal('bar', req.headers.foo); - socket.destroy(); - done(); - }); - - var uri = 'http://127.0.0.1:' + serverPort; - var proxyOpts = url.parse(uri); - proxyOpts.headers = { - 'Foo': 'bar' - }; - var agent = new HttpsProxyAgent(proxyOpts); - - var opts = {}; - // `host` and `port` don't really matter since the proxy will reject anyways - opts.host = '127.0.0.1'; - opts.port = 80; - opts.agent = agent; - - http.get(opts); - }); - - }); - - describe('"https" module', function () { - it('should work over an HTTP proxy', function (done) { - sslServer.once('request', function (req, res) { - res.end(JSON.stringify(req.headers)); - }); - - var proxy = process.env.HTTP_PROXY || process.env.http_proxy || 'http://127.0.0.1:' + proxyPort; - var agent = new HttpsProxyAgent(proxy); - - var opts = url.parse('https://127.0.0.1:' + sslServerPort); - opts.rejectUnauthorized = false; - opts.agent = agent; - - https.get(opts, function (res) { - var data = ''; - res.setEncoding('utf8'); - res.on('data', function (b) { - data += b; - }); - res.on('end', function () { - data = JSON.parse(data); - assert.equal('127.0.0.1:' + sslServerPort, data.host); - done(); - }); - }); - }); - - it('should work over an HTTPS proxy', function (done) { - sslServer.once('request', function (req, res) { - res.end(JSON.stringify(req.headers)); - }); - - var proxy = process.env.HTTPS_PROXY || process.env.https_proxy || 'https://127.0.0.1:' + sslProxyPort; - proxy = url.parse(proxy); - proxy.rejectUnauthorized = false; - var agent = new HttpsProxyAgent(proxy); - - var opts = url.parse('https://127.0.0.1:' + sslServerPort); - opts.agent = agent; - opts.rejectUnauthorized = false; - - https.get(opts, function (res) { - var data = ''; - res.setEncoding('utf8'); - res.on('data', function (b) { - data += b; - }); - res.on('end', function () { - data = JSON.parse(data); - assert.equal('127.0.0.1:' + sslServerPort, data.host); - done(); - }); - }); - }); - - }); - +describe('HttpsProxyAgent', function() { + var server; + var serverPort; + + var sslServer; + var sslServerPort; + + var proxy; + var proxyPort; + + var sslProxy; + var sslProxyPort; + + before(function(done) { + // setup target HTTP server + server = http.createServer(); + server.listen(function() { + serverPort = server.address().port; + done(); + }); + }); + + before(function(done) { + // setup HTTP proxy server + proxy = Proxy(); + proxy.listen(function() { + proxyPort = proxy.address().port; + done(); + }); + }); + + before(function(done) { + // setup target HTTPS server + var options = { + key: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.key'), + cert: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.pem') + }; + sslServer = https.createServer(options); + sslServer.listen(function() { + sslServerPort = sslServer.address().port; + done(); + }); + }); + + before(function(done) { + // setup SSL HTTP proxy server + var options = { + key: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.key'), + cert: fs.readFileSync(__dirname + '/ssl-cert-snakeoil.pem') + }; + sslProxy = Proxy(https.createServer(options)); + sslProxy.listen(function() { + sslProxyPort = sslProxy.address().port; + done(); + }); + }); + + // shut down test HTTP server + after(function(done) { + server.once('close', function() { + done(); + }); + server.close(); + }); + + after(function(done) { + proxy.once('close', function() { + done(); + }); + proxy.close(); + }); + + after(function(done) { + sslServer.once('close', function() { + done(); + }); + sslServer.close(); + }); + + after(function(done) { + sslProxy.once('close', function() { + done(); + }); + sslProxy.close(); + }); + + describe('constructor', function() { + it('should throw an Error if no "proxy" argument is given', function() { + assert.throws(function() { + new HttpsProxyAgent(); + }); + }); + it('should accept a "string" proxy argument', function() { + var agent = new HttpsProxyAgent('http://127.0.0.1:' + proxyPort); + assert.equal('127.0.0.1', agent.proxy.host); + assert.equal(proxyPort, agent.proxy.port); + }); + it('should accept a `url.parse()` result object argument', function() { + var opts = url.parse('http://127.0.0.1:' + proxyPort); + var agent = new HttpsProxyAgent(opts); + assert.equal('127.0.0.1', agent.proxy.host); + assert.equal(proxyPort, agent.proxy.port); + }); + it('should set a `defaultPort` property', function() { + var opts = url.parse('http://127.0.0.1:' + proxyPort); + var agent = new HttpsProxyAgent(opts); + assert.equal(443, agent.defaultPort); + }); + describe('secureProxy', function() { + it('should default to `false`', function() { + var agent = new HttpsProxyAgent({ port: proxyPort }); + assert.equal(false, agent.secureProxy); + }); + it('should be `false` when "http:" protocol is used', function() { + var agent = new HttpsProxyAgent({ + port: proxyPort, + protocol: 'http:' + }); + assert.equal(false, agent.secureProxy); + }); + it('should be `true` when "https:" protocol is used', function() { + var agent = new HttpsProxyAgent({ + port: proxyPort, + protocol: 'https:' + }); + assert.equal(true, agent.secureProxy); + }); + it('should be `true` when "https" protocol is used', function() { + var agent = new HttpsProxyAgent({ + port: proxyPort, + protocol: 'https' + }); + assert.equal(true, agent.secureProxy); + }); + }); + }); + + describe('"http" module', function() { + beforeEach(function() { + delete proxy.authenticate; + }); + + it('should work over an HTTP proxy', function(done) { + server.once('request', function(req, res) { + res.end(JSON.stringify(req.headers)); + }); + + var proxy = + process.env.HTTP_PROXY || + process.env.http_proxy || + 'http://127.0.0.1:' + proxyPort; + var agent = new HttpsProxyAgent(proxy); + + var opts = url.parse('http://127.0.0.1:' + serverPort); + opts.agent = agent; + + var req = http.get(opts, function(res) { + var data = ''; + res.setEncoding('utf8'); + res.on('data', function(b) { + data += b; + }); + res.on('end', function() { + data = JSON.parse(data); + assert.equal('127.0.0.1:' + serverPort, data.host); + done(); + }); + }); + req.once('error', done); + }); + it('should work over an HTTPS proxy', function(done) { + server.once('request', function(req, res) { + res.end(JSON.stringify(req.headers)); + }); + + var proxy = + process.env.HTTPS_PROXY || + process.env.https_proxy || + 'https://127.0.0.1:' + sslProxyPort; + proxy = url.parse(proxy); + proxy.rejectUnauthorized = false; + var agent = new HttpsProxyAgent(proxy); + + var opts = url.parse('http://127.0.0.1:' + serverPort); + opts.agent = agent; + + http.get(opts, function(res) { + var data = ''; + res.setEncoding('utf8'); + res.on('data', function(b) { + data += b; + }); + res.on('end', function() { + data = JSON.parse(data); + assert.equal('127.0.0.1:' + serverPort, data.host); + done(); + }); + }); + }); + it('should receive the 407 authorization code on the `http.ClientResponse`', function(done) { + // set a proxy authentication function for this test + proxy.authenticate = function(req, fn) { + // reject all requests + fn(null, false); + }; + + var proxyUri = + process.env.HTTP_PROXY || + process.env.http_proxy || + 'http://127.0.0.1:' + proxyPort; + var agent = new HttpsProxyAgent(proxyUri); + + var opts = {}; + // `host` and `port` don't really matter since the proxy will reject anyways + opts.host = '127.0.0.1'; + opts.port = 80; + opts.agent = agent; + + var req = http.get(opts, function(res) { + assert.equal(407, res.statusCode); + assert('proxy-authenticate' in res.headers); + done(); + }); + }); + it('should not error if the proxy responds with 407 and the request is aborted', function(done) { + proxy.authenticate = function(req, fn) { + fn(null, false); + }; + + const proxyUri = + process.env.HTTP_PROXY || + process.env.http_proxy || + 'http://127.0.0.1:' + proxyPort; + + const req = http.get({ + agent: new HttpsProxyAgent(proxyUri) + }, function(res) { + assert.equal(407, res.statusCode); + req.abort(); + }); + + req.on('abort', done); + }); + it('should emit an "error" event on the `http.ClientRequest` if the proxy does not exist', function(done) { + // port 4 is a reserved, but "unassigned" port + var proxyUri = 'http://127.0.0.1:4'; + var agent = new HttpsProxyAgent(proxyUri); + + var opts = url.parse('http://nodejs.org'); + opts.agent = agent; + + var req = http.get(opts); + req.once('error', function(err) { + assert.equal('ECONNREFUSED', err.code); + req.abort(); + done(); + }); + }); + + it('should allow custom proxy "headers"', function(done) { + server.once('connect', function(req, socket, head) { + assert.equal('CONNECT', req.method); + assert.equal('bar', req.headers.foo); + socket.destroy(); + done(); + }); + + var uri = 'http://127.0.0.1:' + serverPort; + var proxyOpts = url.parse(uri); + proxyOpts.headers = { + Foo: 'bar' + }; + var agent = new HttpsProxyAgent(proxyOpts); + + var opts = {}; + // `host` and `port` don't really matter since the proxy will reject anyways + opts.host = '127.0.0.1'; + opts.port = 80; + opts.agent = agent; + + http.get(opts); + }); + }); + + describe('"https" module', function() { + it('should work over an HTTP proxy', function(done) { + sslServer.once('request', function(req, res) { + res.end(JSON.stringify(req.headers)); + }); + + var proxy = + process.env.HTTP_PROXY || + process.env.http_proxy || + 'http://127.0.0.1:' + proxyPort; + var agent = new HttpsProxyAgent(proxy); + + var opts = url.parse('https://127.0.0.1:' + sslServerPort); + opts.rejectUnauthorized = false; + opts.agent = agent; + + https.get(opts, function(res) { + var data = ''; + res.setEncoding('utf8'); + res.on('data', function(b) { + data += b; + }); + res.on('end', function() { + data = JSON.parse(data); + assert.equal('127.0.0.1:' + sslServerPort, data.host); + done(); + }); + }); + }); + + it('should work over an HTTPS proxy', function(done) { + sslServer.once('request', function(req, res) { + res.end(JSON.stringify(req.headers)); + }); + + var proxy = + process.env.HTTPS_PROXY || + process.env.https_proxy || + 'https://127.0.0.1:' + sslProxyPort; + proxy = url.parse(proxy); + proxy.rejectUnauthorized = false; + var agent = new HttpsProxyAgent(proxy); + + var opts = url.parse('https://127.0.0.1:' + sslServerPort); + opts.agent = agent; + opts.rejectUnauthorized = false; + + https.get(opts, function(res) { + var data = ''; + res.setEncoding('utf8'); + res.on('data', function(b) { + data += b; + }); + res.on('end', function() { + data = JSON.parse(data); + assert.equal('127.0.0.1:' + sslServerPort, data.host); + done(); + }); + }); + }); + + it('should not send a port number for the default port', function(done) { + sslServer.once('request', function(req, res) { + res.end(JSON.stringify(req.headers)); + }); + + var proxy = + process.env.HTTPS_PROXY || + process.env.https_proxy || + 'https://127.0.0.1:' + sslProxyPort; + proxy = url.parse(proxy); + proxy.rejectUnauthorized = false; + var agent = new HttpsProxyAgent(proxy); + agent.defaultPort = sslServerPort; + + var opts = url.parse('https://127.0.0.1:' + sslServerPort); + opts.agent = agent; + opts.rejectUnauthorized = false; + + https.get(opts, function(res) { + var data = ''; + res.setEncoding('utf8'); + res.on('data', function(b) { + data += b; + }); + res.on('end', function() { + data = JSON.parse(data); + assert.equal('127.0.0.1', data.host); + done(); + }); + }); + }); + }); });