Add option to add HTTP proxy for OAuth (#742)

* configure http proxy

* configure http proxy in config file

* Use setAgent as a method, not a value

---------

Co-authored-by: Garrett Stevens <stevens.garrett.j@gmail.com>

Author: shashankbrgowda

packages/apollo-collaboration-server/package.json

@@ -63,6 +63,7 @@
     "express": "^4.18.0",
     "express-session": "^1.17.3",
     "generic-filehandle": "^3.0.0",
+    "https-proxy-agent": "^7.0.6",
     "joi": "^17.7.0",
     "material-ui-popup-state": "^5.0.4",
     "mobx": "^6.6.1",

packages/apollo-collaboration-server/src/app.module.ts

@@ -108,6 +108,7 @@ const validationSchema = Joi.object({
     })
     .default(''),
   PLUGIN_URLS_FILE: Joi.string(),
+  OAUTH_HTTP_PROXY: Joi.string(),
 })
   .xor('MONGODB_URI', 'MONGODB_URI_FILE')
   .oxor('GOOGLE_CLIENT_ID', 'GOOGLE_CLIENT_ID_FILE')

packages/apollo-collaboration-server/src/utils/strategies/google.strategy.ts

@@ -3,6 +3,7 @@ import fs from 'node:fs'
 import { Injectable, Logger } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
 import { PassportStrategy } from '@nestjs/passport'
+import { HttpsProxyAgent } from 'https-proxy-agent'
 import { Profile, Strategy } from 'passport-google-oauth20'
 
 import { AuthenticationService } from '../../authentication/authentication.service'
@@ -14,6 +15,7 @@ interface ConfigValues {
   GOOGLE_CLIENT_SECRET_FILE?: string
   URL: string
   PORT: number
+  OAUTH_HTTP_PROXY?: string
 }
 
 @Injectable()
@@ -62,6 +64,21 @@ export class GoogleStrategy extends PassportStrategy(Strategy) {
       scope: ['email', 'profile'],
       store: true,
     })
+
+    // Apply proxy to OAuth2 instance
+    const proxy = configService.get('OAUTH_HTTP_PROXY', { infer: true })
+    if (proxy) {
+      const agent = new HttpsProxyAgent(proxy)
+
+      // Access the internal OAuth2 instance and set the agent
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-member-access
+      const oauth2 = (this as any)._oauth2
+      if (oauth2) {
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+        oauth2.setAgent(agent)
+        this.logger.debug(`GoogleStrategy configured to use proxy: ${proxy}`)
+      }
+    }
   }
 
   async validate(accessToken: string, refreshToken: string, profile: Profile) {

packages/apollo-collaboration-server/src/utils/strategies/microsoft.strategy.ts

@@ -3,6 +3,7 @@ import fs from 'node:fs'
 import { Injectable, Logger } from '@nestjs/common'
 import { ConfigService } from '@nestjs/config'
 import { PassportStrategy } from '@nestjs/passport'
+import { HttpsProxyAgent } from 'https-proxy-agent'
 import { Strategy } from 'passport-microsoft'
 
 import { AuthenticationService } from '../../authentication/authentication.service'
@@ -22,6 +23,7 @@ interface ConfigValues {
   MICROSOFT_CLIENT_SECRET_FILE?: string
   URL: string
   PORT: number
+  OAUTH_HTTP_PROXY?: string
 }
 
 @Injectable()
@@ -72,6 +74,23 @@ export class MicrosoftStrategy extends PassportStrategy(Strategy) {
       scope: ['user.read'],
       store: true,
     })
+
+    // Apply proxy to OAuth2 instance
+    const proxy = configService.get('OAUTH_HTTP_PROXY', { infer: true })
+    if (proxy) {
+      const agent = new HttpsProxyAgent(proxy)
+
+      // Access the internal OAuth2 instance and set the agent
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-member-access
+      const oauth2 = (this as any)._oauth2
+      if (oauth2) {
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+        oauth2.setAgent(agent)
+        this.logger.debug(
+          `Microsoft Strategy configured to use proxy: ${proxy}`,
+        )
+      }
+    }
   }
 
   async validate(accessToken: string, refreshToken: string, profile: Profile) {

packages/website/docs/02-installation/04-configuration-options.md

@@ -105,4 +105,7 @@ MICROSOFT_CLIENT_SECRET=client_secret_here
 # Alternatively, can be a path to a file with a list of plugin URLs, one URL per
 # line
 # PLUGIN_URLS_FILE=/data/plugin-urls
+
+# HTTP/HTTPS proxy for OAuth requests, if your server is behind a proxy
+# OAUTH_HTTP_PROXY=http://proxy.example.com:8080
 ```

yarn.lock

@@ -409,6 +409,7 @@ __metadata:
     express: "npm:^4.18.0"
     express-session: "npm:^1.17.3"
     generic-filehandle: "npm:^3.0.0"
+    https-proxy-agent: "npm:^7.0.6"
     jest: "npm:^29.6.2"
     joi: "npm:^17.7.0"
     material-ui-popup-state: "npm:^5.0.4"
@@ -11513,6 +11514,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"agent-base@npm:^7.1.2":
+  version: 7.1.4
+  resolution: "agent-base@npm:7.1.4"
+  checksum: 10c0/c2c9ab7599692d594b6a161559ada307b7a624fa4c7b03e3afdb5a5e31cd0e53269115b620fcab024c5ac6a6f37fa5eb2e004f076ad30f5f7e6b8b671f7b35fe
+  languageName: node
+  linkType: hard
+
 "agentkeepalive@npm:^4.1.3, agentkeepalive@npm:^4.2.1":
   version: 4.5.0
   resolution: "agentkeepalive@npm:4.5.0"
@@ -19663,6 +19671,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"https-proxy-agent@npm:^7.0.6":
+  version: 7.0.6
+  resolution: "https-proxy-agent@npm:7.0.6"
+  dependencies:
+    agent-base: "npm:^7.1.2"
+    debug: "npm:4"
+  checksum: 10c0/f729219bc735edb621fa30e6e84e60ee5d00802b8247aac0d7b79b0bd6d4b3294737a337b93b86a0bd9e68099d031858a39260c976dc14cdbba238ba1f8779ac
+  languageName: node
+  linkType: hard
+
 "human-signals@npm:^1.1.1":
   version: 1.1.1
   resolution: "human-signals@npm:1.1.1"