WIP

Author: addaleax

packages/devtools-connect/src/connect.ts

@@ -469,7 +469,11 @@ export async function connectMongoClient(
 
     let tunnel: Tunnel | undefined;
     if (proxyAgent && !hasProxyHostOption(uri, clientOptions)) {
-      tunnel = createSocks5Tunnel(proxyAgent, 'generate-credentials');
+      tunnel = createSocks5Tunnel(
+        proxyAgent,
+        'generate-credentials',
+        'mongodb://'
+      );
       cleanupOnClientClose.push(() => tunnel?.close());
     }
     for (const proxyLogger of new Set([tunnel?.logger, proxyAgent?.logger])) {

packages/devtools-proxy-support/src/agent.ts

@@ -2,13 +2,14 @@ import { ProxyAgent } from 'proxy-agent';
 import type { Agent } from 'https';
 import type { DevtoolsProxyOptions } from './proxy-options';
 import { proxyForUrl } from './proxy-options';
-import type { ClientRequest } from 'http';
+import type { ClientRequest, Agent as HTTPAgent } from 'http';
 import type { TcpNetConnectOpts } from 'net';
 import type { ConnectionOptions } from 'tls';
 import type { Duplex } from 'stream';
 import { SSHAgent } from './ssh';
 import type { ProxyLogEmitter } from './logging';
 import type { EventEmitter } from 'events';
+import type { AgentConnectOpts } from 'agent-base';
 
 // Helper type that represents an https.Agent (= connection factory)
 // with some custom properties that TS does not know about and/or
@@ -31,23 +32,71 @@ export type AgentWithInitialize = Agent & {
   // http.Agent is an EventEmitter, just missing from @types/node
 } & Partial<EventEmitter>;
 
+class DevtoolsProxyAgent extends ProxyAgent implements AgentWithInitialize {
+  readonly proxyOptions: DevtoolsProxyOptions;
+  private sshAgent: SSHAgent | undefined;
+
+  // Store the current ClientRequest for the time between connect() first
+  // being called and the corresponding _getProxyForUrl() being called.
+  // In practice, this is instantaneous, but that is not guaranteed by
+  // the `ProxyAgent` API contract.
+  // We use a Promise lock/mutex to avoid concurrent accesses.
+  private _req: ClientRequest | undefined;
+  private _reqLock: Promise<void> | undefined;
+  private _reqLockResolve: (() => void) | undefined;
+
+  constructor(proxyOptions: DevtoolsProxyOptions) {
+    super({
+      getProxyForUrl: (url: string) => this._getProxyForUrl(url),
+      ...proxyOptions,
+    });
+    this.proxyOptions = proxyOptions;
+    // This could be made a bit more flexible by actually dynamically picking
+    // ssh vs. other proxy protocols as part of connect(), if we want that at some point.
+    if (proxyOptions.proxy && new URL(proxyOptions.proxy).protocol === 'ssh:') {
+      this.sshAgent = new SSHAgent(proxyOptions);
+    }
+  }
+
+  _getProxyForUrl = (url: string): string => {
+    if (!this._reqLockResolve || !this._req) {
+      throw new Error('getProxyForUrl() called without pending request');
+    }
+    this._reqLockResolve();
+    const req = this._req;
+    this._req = undefined;
+    this._reqLock = undefined;
+    this._reqLockResolve = undefined;
+    return proxyForUrl(this.proxyOptions, url, req);
+  };
+
+  async initialize(): Promise<void> {
+    await this.sshAgent?.initialize();
+  }
+
+  override async connect(
+    req: ClientRequest,
+    opts: AgentConnectOpts
+  ): Promise<HTTPAgent> {
+    if (this.sshAgent) return this.sshAgent;
+    while (this._reqLock) {
+      await this._reqLock;
+    }
+    this._req = req;
+    this._reqLock = new Promise((resolve) => (this._reqLockResolve = resolve));
+    return await super.connect(req, opts);
+  }
+
+  destroy(): void {
+    this.sshAgent?.destroy();
+    super.destroy();
+  }
+}
+
 export function createAgent(
   proxyOptions: DevtoolsProxyOptions
 ): AgentWithInitialize {
-  // This could be made a bit more flexible by creating an Agent using AgentBase
-  // that will dynamically choose between SSHAgent and ProxyAgent.
-  // Right now, this is a bit simpler in terms of lifetime management for SSHAgent.
-  if (proxyOptions.proxy && new URL(proxyOptions.proxy).protocol === 'ssh:') {
-    return new SSHAgent(proxyOptions);
-  }
-  const getProxyForUrl = proxyForUrl(proxyOptions);
-  return Object.assign(
-    new ProxyAgent({
-      getProxyForUrl,
-      ...proxyOptions,
-    }),
-    { proxyOptions }
-  );
+  return new DevtoolsProxyAgent(proxyOptions);
 }
 
 export function useOrCreateAgent(
@@ -59,7 +108,7 @@ export function useOrCreateAgent(
   } else {
     if (
       target !== undefined &&
-      !proxyForUrl(proxyOptions as DevtoolsProxyOptions)(target)
+      !proxyForUrl(proxyOptions as DevtoolsProxyOptions, target)
     )
       return undefined;
     return createAgent(proxyOptions as DevtoolsProxyOptions);

packages/devtools-proxy-support/src/proxy-options.spec.ts

@@ -37,15 +37,17 @@ describe('proxy options handling', function () {
 
   describe('proxyForUrl', function () {
     it('should return a proxy function for a specified proxy URL', function () {
-      const getProxy = proxyForUrl({ proxy: 'http://proxy.example.com' });
+      const getProxy = proxyForUrl.bind(null, {
+        proxy: 'http://proxy.example.com',
+      });
 
       expect(getProxy('http://target.com')).to.equal(
         'http://proxy.example.com'
       );
     });
 
     it('should respect noProxyHosts', function () {
-      const getProxy = proxyForUrl({
+      const getProxy = proxyForUrl.bind(null, {
         proxy: 'http://proxy.example.com',
         noProxyHosts: 'localhost',
       });
@@ -57,11 +59,12 @@ describe('proxy options handling', function () {
     });
 
     it('should use environment variables as a fallback', function () {
-      const getProxy = proxyForUrl({
+      const getProxy = proxyForUrl.bind(null, {
         useEnvironmentVariableProxies: true,
         env: {
           HTTP_PROXY: 'socks5://env-proxy.example.com',
           NO_PROXY: 'localhost',
+          ALL_PROXY: 'http://fallback.example.com',
         },
       });
 
@@ -70,6 +73,9 @@ describe('proxy options handling', function () {
       expect(getProxy('http://example.com')).to.equal(
         'socks5://env-proxy.example.com'
       );
+      expect(getProxy('mongodb://example.com')).to.equal(
+        'http://fallback.example.com'
+      );
     });
   });
 
@@ -127,12 +133,14 @@ describe('proxy options handling', function () {
             env: {
               HTTP_PROXY: 'socks5://env-proxy.example.com',
               NO_PROXY: 'zombo.com',
+              ALL_PROXY: 'http://fallback.example.com',
             },
           })
         ).to.deep.equal({
           mode: 'fixed_servers',
           proxyBypassRules: 'localhost,example.com,zombo.com',
-          proxyRules: 'http=socks5://env-proxy.example.com',
+          proxyRules:
+            'http=socks5://env-proxy.example.com;https=http://fallback.example.com;ftp=http://fallback.example.com',
         });
       });
       it('translates an empty config to an empty config', function () {
@@ -330,6 +338,18 @@ describe('proxy options handling', function () {
         expect(await testResolveProxy(config, 'https://example.com')).to.equal(
           'DIRECT'
         );
+        expect(
+          await testResolveProxy(
+            {
+              ...config,
+              env: {
+                ...config.env,
+                ALL_PROXY: 'http://fallback.example.com:1',
+              },
+            },
+            'ftp://mongodb.net'
+          )
+        ).to.equal('PROXY fallback.example.com:1');
       });
     });
   });

packages/devtools-proxy-support/src/proxy-options.ts

@@ -1,5 +1,6 @@
 import type { ConnectionOptions } from 'tls';
 import type { TunnelOptions } from './socks5';
+import type { ClientRequest } from 'http';
 
 // Should be an opaque type, but TS does not support those.
 export type DevtoolsProxyOptionsSecrets = string;
@@ -78,38 +79,36 @@ function shouldProxy(noProxy: string, url: URL): boolean {
 // Create a function which returns the proxy URL for a given target URL,
 // based on the proxy config passed to it.
 export function proxyForUrl(
-  proxyOptions: DevtoolsProxyOptions
-): (url: string) => string {
+  proxyOptions: DevtoolsProxyOptions,
+  target: string,
+  req?: ClientRequest & { overrideProtocol?: string }
+): string {
   if (proxyOptions.proxy) {
     const proxyUrl = proxyOptions.proxy;
-    if (new URL(proxyUrl).protocol === 'direct:') return () => '';
-    return (target: string) => {
-      if (shouldProxy(proxyOptions.noProxyHosts || '', new URL(target))) {
-        return proxyUrl;
-      }
-      return '';
-    };
+    if (new URL(proxyUrl).protocol === 'direct:') return '';
+    if (shouldProxy(proxyOptions.noProxyHosts || '', new URL(target))) {
+      return proxyUrl;
+    }
+    return '';
   }
 
   if (proxyOptions.useEnvironmentVariableProxies) {
     const { map, noProxy } = proxyConfForEnvVars(
       proxyOptions.env ?? process.env
     );
-    return (target: string) => {
-      const url = new URL(target);
-      const protocol = url.protocol.replace(/:$/, '');
-      const combinedNoProxyRules = [noProxy, proxyOptions.noProxyHosts]
-        .filter(Boolean)
-        .join(',');
-      const proxyForProtocol = map.get(protocol);
-      if (proxyForProtocol && shouldProxy(combinedNoProxyRules, url)) {
-        return proxyForProtocol;
-      }
-      return '';
-    };
+    const url = new URL(target);
+    const protocol = (req?.overrideProtocol ?? url.protocol).replace(/:$/, '');
+    const combinedNoProxyRules = [noProxy, proxyOptions.noProxyHosts]
+      .filter(Boolean)
+      .join(',');
+    const proxyForProtocol = map.get(protocol) || map.get('all');
+    if (proxyForProtocol && shouldProxy(combinedNoProxyRules, url)) {
+      return proxyForProtocol;
+    }
+    return '';
   }
 
-  return () => '';
+  return '';
 }
 
 function validateElectronProxyURL(url: URL | string): string {
@@ -194,8 +193,12 @@ export function translateToElectronProxyConfig(
     const { map, noProxy } = proxyConfForEnvVars(
       proxyOptions.env ?? process.env
     );
-    for (const [key, value] of map)
+    for (const key of ['http', 'https', 'ftp']) {
+      // supported protocols for Electron proxying
+      const value = map.get(key) || map.get('all');
+      if (!value) continue;
       proxyRulesList.push(`${key}=${validateElectronProxyURL(value)}`);
+    }
     proxyBypassRulesList.push(noProxy);
 
     const proxyRules = proxyRulesList.join(';');
@@ -225,7 +228,7 @@ export function getSocks5OnlyProxyOptions(
   target?: string
 ): TunnelOptions | undefined {
   let proxyUrl: string | undefined;
-  if (target !== undefined) proxyUrl = proxyForUrl(proxyOptions)(target);
+  if (target !== undefined) proxyUrl = proxyForUrl(proxyOptions, target);
   else if (!proxyOptions.noProxyHosts) proxyUrl = proxyOptions.proxy;
   if (!proxyUrl) return undefined;
   const url = new URL(proxyUrl);

packages/devtools-proxy-support/src/socks5.spec.ts

@@ -178,4 +178,27 @@ describe('createSocks5Tunnel', function () {
       expect(err.message).to.include('Socks5 Authentication failed');
     }
   });
+
+  it('picks the proxy specified by the target protocol, if any', async function () {
+    tunnel = await setupSocks5Tunnel(
+      {
+        useEnvironmentVariableProxies: true,
+        env: {
+          MONGODB_PROXY: `http://foo:[email protected]:${setup.httpProxyPort}`,
+        },
+      },
+      {},
+      'mongodb://'
+    );
+    if (!tunnel) {
+      // regular conditional instead of assertion so that TS can follow it
+      expect.fail('failed to create Socks5 tunnel');
+    }
+
+    const fetch = createFetch({
+      proxy: `socks5://@127.0.0.1:${tunnel.config.proxyPort}`,
+    });
+    const response = await fetch('http://example.com/hello');
+    expect(await response.text()).to.equal('OK /hello');
+  });
 });