feat: add allowUnsafeSSL for self-signed certificates

lihuanshuai · lihuanshuai · commit 74949ca55c3e · 2018-02-22T17:00:37.000+08:00
diff --git a/package.json b/package.json
@@ -68,6 +68,12 @@
           "default": false,
           "scope": "resource"
         },
+        "github.allowUnsafeSSL": {
+          "type": "boolean",
+          "description": "Allow SSL connnection with unauthorized self-signed certificates. Defaults to false",
+          "default": false,
+          "scope": "resource"
+        },
         "github.statusbar.command": {
           "type": [
             "string",
@@ -233,6 +239,7 @@
     "common-tags": "1.7.0",
     "conventional-changelog-lint-config-angular": "1.0.0",
     "execa": "^0.9.0",
+    "https": "1.0.0",
     "isomorphic-fetch": "2.2.1",
     "lru-cache": "^4.1.1",
     "pretend": "^1.2.1",
diff --git a/src/configuration.ts b/src/configuration.ts
@@ -8,6 +8,7 @@ export interface Configuration {
   upstream?: string;
   customPullRequestDescription: 'off' | 'singleLine' | 'gitEditor';
   autoPublish?: boolean;
+  allowUnsafeSSL?: boolean;
   statusBarCommand: string | null;
   statusbar: {
     refresh: number;
diff --git a/src/provider/client.ts b/src/provider/client.ts
@@ -1,5 +1,6 @@
 import * as vscode from 'vscode';
 import { Git } from '../git';
+import { getConfiguration } from '../helper';
 import { Tokens } from '../workflow-manager';
 import { Repository } from './repository';
 import { User } from './user';
@@ -13,14 +14,16 @@ export async function createClient(git: Git, tokens: Tokens, uri: vscode.Uri,
   const protocol = gitProtocol.startsWith('http') ? gitProtocol : 'https:';
   const hostname = await git.getGitHostname(uri);
   const tokenInfo = tokens[hostname];
+  const allowUnsafeSSL = !!getConfiguration('github', uri).allowUnsafeSSL;
   if (!tokenInfo) {
     throw new Error(`No token found for host ${hostname}`);
   }
   switch (tokenInfo.provider) {
     case 'github':
-      return new GithubClient(protocol, hostname, tokens[hostname].token, logger);
+      return new GithubClient(
+        protocol, hostname, tokens[hostname].token, logger, allowUnsafeSSL);
     case 'gitlab':
-      return new GitLabClient(protocol, hostname, tokens[hostname].token, logger);
+      return new GitLabClient(protocol, hostname, tokens[hostname].token, logger, allowUnsafeSSL);
     default:
       throw new Error(`Unknown git provider '${tokenInfo.provider}'`);
   }
diff --git a/src/provider/github/api.ts b/src/provider/github/api.ts
@@ -1,3 +1,4 @@
+import * as https from 'https';
 import * as LRUCache from 'lru-cache';
 import {Pretend, Get, Post, Put, Patch, Delete, Headers as Header, Interceptor, IPretendRequestInterceptor,
   IPretendDecoder} from 'pretend';
@@ -180,11 +181,13 @@ export interface PullRequestStruct {
   mergeable?: boolean|null;
 }
 
-export function getClient(endpoint: string, token: string, logger: (message: string) => void): GitHub {
+export function getClient(endpoint: string, token: string, logger: (message: string) => void,
+                          allowUnsafeSSL = false): GitHub {
   return Pretend
     .builder()
     .interceptor(impl.githubCache())
     .requestInterceptor(impl.githubTokenAuthenticator(token))
+    .requestInterceptor(impl.githubHttpsAgent(!allowUnsafeSSL))
     .interceptor(impl.logger(logger))
     .decode(impl.githubDecoder())
     .target(impl.GitHubBlueprint, endpoint);
@@ -251,6 +254,16 @@ namespace impl {
     };
   }
 
+  export function githubHttpsAgent(rejectUnauthorized: boolean): IPretendRequestInterceptor {
+    return request => {
+      if (!request.url.startsWith('https://')) {
+        return request;
+      }
+      request.options.agent = new https.Agent({ rejectUnauthorized });
+      return request;
+    };
+  }
+
   export function githubDecoder(): IPretendDecoder {
     return async response => {
       if (response.status >= 400) {
diff --git a/src/provider/github/client.ts b/src/provider/github/client.ts
@@ -14,8 +14,9 @@ export class GithubClient implements Client {
 
   public name = 'GitHub Client';
 
-  constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void) {
-    this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger);
+  constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void,
+              allowUnsafeSSL = false) {
+    this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger, allowUnsafeSSL);
   }
 
   private getApiEndpoint(protocol: string, hostname: string): string {
diff --git a/src/provider/gitlab/api.ts b/src/provider/gitlab/api.ts
@@ -1,3 +1,4 @@
+import * as https from 'https';
 import {
   Pretend,
   Interceptor,
@@ -121,10 +122,12 @@ export interface Project {
   merge_requests_enabled: boolean;
 }
 
-export function getClient(endpoint: string, token: string, logger: (message: string) => void): GitLab {
+export function getClient(endpoint: string, token: string, logger: (message: string) => void,
+                          allowUnsafeSSL = false): GitLab {
   return Pretend
     .builder()
     .requestInterceptor(impl.gitlabTokenAuthenticator(token))
+    .requestInterceptor(impl.gitlabHttpsAgent(!allowUnsafeSSL))
     .requestInterceptor(impl.formEncoding())
     .interceptor(impl.logger(logger))
     .decode(impl.gitlabDecoder())
@@ -166,6 +169,16 @@ namespace impl {
     };
   }
 
+  export function gitlabHttpsAgent(rejectUnauthorized: boolean): IPretendRequestInterceptor {
+    return request => {
+      if (!request.url.startsWith('https://')) {
+        return request;
+      }
+      request.options.agent = new https.Agent({ rejectUnauthorized });
+      return request;
+    };
+  }
+
   export function formEncoding(): IPretendRequestInterceptor {
     return request => {
       if (request.options.method !== 'GET') {
diff --git a/src/provider/gitlab/client.ts b/src/provider/gitlab/client.ts
@@ -10,8 +10,9 @@ export class GitLabClient implements Client {
 
   public name = 'GitLab Client';
 
-  constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void) {
-    this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger);
+  constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void,
+              allowUnsafeSSL: boolean) {
+    this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger, allowUnsafeSSL);
   }
 
   private getApiEndpoint(protocol: string, hostname: string): string {

Original file line number	Diff line number	Diff line change
`@@ -14,8 +14,9 @@ export class GithubClient implements Client {`
`14`	`14`
`15`	`15`	`public name = 'GitHub Client';`
`16`	`16`
`17`		`- constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void) {`
`18`		`- this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger);`
	`17`	`+ constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void,`
	`18`	`+ allowUnsafeSSL = false) {`
	`19`	`+ this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger, allowUnsafeSSL);`
`19`	`20`	`}`
`20`	`21`
`21`	`22`	`private getApiEndpoint(protocol: string, hostname: string): string {`
Original file line number	Diff line number	Diff line change
`@@ -10,8 +10,9 @@ export class GitLabClient implements Client {`
`10`	`10`
`11`	`11`	`public name = 'GitLab Client';`
`12`	`12`
`13`		`- constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void) {`
`14`		`- this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger);`
	`13`	`+ constructor(protocol: string, hostname: string, token: string, logger: (message: string) => void,`
	`14`	`+ allowUnsafeSSL: boolean) {`
	`15`	`+ this.client = getClient(this.getApiEndpoint(protocol, hostname), token, logger, allowUnsafeSSL);`
`15`	`16`	`}`
`16`	`17`
`17`	`18`	`private getApiEndpoint(protocol: string, hostname: string): string {`