WIP

Author: addaleax

packages/devtools-proxy-support/src/agent.spec.ts

@@ -5,8 +5,6 @@ import { get as httpsGet } from 'https';
 import { expect } from 'chai';
 import sinon from 'sinon';
 import { HTTPServerProxyTestSetup } from '../test/helpers';
-import socks5AuthNone from 'socksv5/lib/auth/None';
-import socks5AuthUserPassword from 'socksv5/lib/auth/UserPassword';
 
 describe('createAgent', function () {
   let setup: HTTPServerProxyTestSetup;
@@ -47,7 +45,7 @@ describe('createAgent', function () {
 
   context('socks5', function () {
     it('can connect to a socks5 proxy without auth', async function () {
-      setup.socks5ProxyServer.useAuth(socks5AuthNone());
+      setup.socks5AuthNone();
 
       const res = await get(
         'http://example.com/hello',
@@ -61,7 +59,7 @@ describe('createAgent', function () {
 
     it('can connect to a socks5 proxy with successful auth', async function () {
       const authHandler = sinon.stub().yields(true);
-      setup.socks5ProxyServer.useAuth(socks5AuthUserPassword(authHandler));
+      setup.socks5AuthUsernamePassword(authHandler);
 
       const res = await get(
         'http://example.com/hello',
@@ -78,7 +76,7 @@ describe('createAgent', function () {
 
     it('fails to connect to a socks5 proxy with unsuccessful auth', async function () {
       const authHandler = sinon.stub().yields(false);
-      setup.socks5ProxyServer.useAuth(socks5AuthUserPassword(authHandler));
+      setup.socks5AuthUsernamePassword(authHandler);
 
       try {
         await get(
@@ -95,7 +93,7 @@ describe('createAgent', function () {
   });
 
   context('http proxy', function () {
-    it('can connect to a socks5 proxy without auth', async function () {
+    it('can connect to a http proxy without auth', async function () {
       const res = await get(
         'http://example.com/hello',
         createAgent({ proxy: `http://127.0.0.1:${setup.httpProxyPort}` })
@@ -106,7 +104,7 @@ describe('createAgent', function () {
       ]);
     });
 
-    it('can connect to a socks5 proxy with successful auth', async function () {
+    it('can connect to a http proxy with successful auth', async function () {
       setup.authHandler = sinon.stub().returns(true);
 
       const res = await get(
@@ -122,7 +120,7 @@ describe('createAgent', function () {
       expect(setup.authHandler).to.have.been.calledOnceWith('foo', 'bar');
     });
 
-    it('fails to connect to a socks5 proxy with unsuccessful auth', async function () {
+    it('fails to connect to a http proxy with unsuccessful auth', async function () {
       setup.authHandler = sinon.stub().returns(false);
 
       const res = await get(
@@ -147,7 +145,7 @@ describe('createAgent', function () {
       ]);
     });
 
-    it('can connect to a socks5 proxy with successful auth', async function () {
+    it('can connect to a https proxy with successful auth', async function () {
       setup.authHandler = sinon.stub().returns(true);
 
       const res = await get(
@@ -163,7 +161,7 @@ describe('createAgent', function () {
       expect(setup.authHandler).to.have.been.calledOnceWith('foo', 'bar');
     });
 
-    it('fails to connect to a socks5 proxy with unsuccessful auth', async function () {
+    it('fails to connect to a https proxy with unsuccessful auth', async function () {
       setup.authHandler = sinon.stub().returns(false);
 
       const res = await get(
@@ -177,25 +175,25 @@ describe('createAgent', function () {
   });
 
   context('ssh proxy', function () {
-    it('can connect to a ssh proxy without auth', async function () {
+    it('can connect to an ssh proxy without auth', async function () {
       const res = await get(
-        'https://example.com/hello',
+        'http://example.com/hello',
         createAgent({ proxy: `ssh://[email protected]:${setup.sshProxyPort}` })
       );
       expect(res.body).to.equal('OK /hello');
       expect(setup.getRequestedUrls()).to.deep.equal([
         'http://example.com/hello',
       ]);
       expect(setup.sshTunnelInfos).to.deep.equal([
-        { destIP: 'example.com', destPort: 0, srcIP: '127.0.0.1', srcPort: 0 },
+        { destIP: 'example.com', destPort: 80, srcIP: '127.0.0.1', srcPort: 0 },
       ]);
     });
 
-    it('can connect to a ssh proxy with successful auth', async function () {
+    it('can connect to an ssh proxy with successful auth', async function () {
       setup.authHandler = sinon.stub().returns(true);
 
       const res = await get(
-        'https://example.com/hello',
+        'http://example.com/hello',
         createAgent({ proxy: `ssh://foo:[email protected]:${setup.sshProxyPort}` })
       );
       expect(res.body).to.equal('OK /hello');
@@ -205,7 +203,7 @@ describe('createAgent', function () {
       expect(setup.authHandler).to.have.been.calledOnceWith('foo', 'bar');
     });
 
-    it('fails to connect to a ssh proxy with unsuccessful auth', async function () {
+    it('fails to connect to an ssh proxy with unsuccessful auth', async function () {
       setup.authHandler = sinon.stub().returns(false);
 
       try {
@@ -223,7 +221,7 @@ describe('createAgent', function () {
       }
     });
 
-    it('fails to connect to a ssh proxy with unavailable tunneling', async function () {
+    it('fails to connect to an ssh proxy with unavailable tunneling', async function () {
       setup.authHandler = sinon.stub().returns(true);
       setup.canTunnel = false;
 

packages/devtools-proxy-support/src/agent.ts

@@ -39,6 +39,7 @@ export function createAgent(
   const getProxyForUrl = proxyForUrl(proxyOptions);
   return new ProxyAgent({
     getProxyForUrl,
+    ...proxyOptions,
   });
 }
 

packages/devtools-proxy-support/src/fetch.spec.ts

@@ -3,7 +3,7 @@ import { createFetch } from './';
 import { HTTPServerProxyTestSetup } from '../test/helpers';
 
 describe('createFetch', function () {
-  it(`consistency check: plain "import('node-fetch') fails"`, async function () {
+  it("consistency check: plain `import('node-fetch')` fails", async function () {
     let failed = false;
     try {
       await import('node-fetch');
@@ -17,12 +17,12 @@ describe('createFetch', function () {
   context('HTTP calls', function () {
     let setup: HTTPServerProxyTestSetup;
 
-    before(async function () {
+    beforeEach(async function () {
       setup = new HTTPServerProxyTestSetup();
       await setup.listen();
     });
 
-    after(async function () {
+    afterEach(async function () {
       await setup.teardown();
     });
 
@@ -33,12 +33,58 @@ describe('createFetch', function () {
       expect(await response.text()).to.equal('OK /test');
     });
 
-    it.only('makes use of proxy support when instructed to do so', async function () {
-      const response = await createFetch({
+    it('makes use of SSH proxy support when instructed to do so', async function () {
+      const fetch = createFetch({
         proxy: `ssh://[email protected]:${setup.sshProxyPort}`,
-      })(`http://127.0.0.1:${setup.httpServerPort}/test`);
+      });
+      const response = await fetch(
+        `http://localhost:${setup.httpServerPort}/test`
+      );
+      expect(await response.text()).to.equal('OK /test');
+      expect(setup.sshTunnelInfos).to.deep.equal([
+        {
+          destIP: 'localhost',
+          destPort: setup.httpServerPort,
+          srcIP: '127.0.0.1',
+          srcPort: 0,
+        },
+      ]);
+      fetch.agent?.destroy?.();
+    });
+
+    it('makes use of HTTP proxy support when instructed to do so', async function () {
+      const fetch = createFetch({
+        proxy: `http://127.0.0.1:${setup.httpProxyPort}`,
+      });
+      const response = await fetch(
+        `http://localhost:${setup.httpServerPort}/test`
+      );
+      expect(await response.text()).to.equal('OK /test');
+      fetch.agent?.destroy?.();
+    });
+
+    it('makes use of HTTPS proxy support when instructed to do so', async function () {
+      const fetch = createFetch({
+        proxy: `http://127.0.0.1:${setup.httpsProxyPort}`,
+        ca: setup.tlsOptions.ca,
+      });
+      const response = await fetch(
+        `https://localhost:${setup.httpsServerPort}/test`
+      );
+      expect(await response.text()).to.equal('OK /test');
+      fetch.agent?.destroy?.();
+    });
+
+    it('makes use of Socks5 proxy support when instructed to do so', async function () {
+      setup.socks5AuthNone();
+      const fetch = createFetch({
+        proxy: `socks5://127.0.0.1:${setup.socks5ProxyPort}`,
+      });
+      const response = await fetch(
+        `http://localhost:${setup.httpServerPort}/test`
+      );
       expect(await response.text()).to.equal('OK /test');
-      expect(setup.sshTunnelInfos).to.deep.equal([]);
+      fetch.agent?.destroy?.();
     });
   });
 });

packages/devtools-proxy-support/src/proxy-options.ts

@@ -1,7 +1,9 @@
+import type { ConnectionOptions } from 'tls';
+
 // Should be an opaque type, but TS does not support those.
 export type DevtoolsProxyOptionsSecrets = string;
 
-export interface DevtoolsProxyOptions {
+export type DevtoolsProxyOptions = {
   // Can be an ssh://, socks5://, http://, https:// or pac<...>://  URL
   // Everything besides ssh:// gets forwarded to the `proxy-agent` npm package
   proxy?: string;
@@ -14,7 +16,10 @@ export interface DevtoolsProxyOptions {
     identityKeyFile?: string;
     identityKeyPassphrase?: string;
   };
-}
+} & Pick<
+  ConnectionOptions,
+  'ca' | 'cert' | 'crl' | 'key' | 'passphrase' | 'pfx'
+>;
 
 // https://www.electronjs.org/docs/latest/api/structures/proxy-config
 interface ElectronProxyConfig {

packages/devtools-proxy-support/src/ssh.ts

@@ -10,6 +10,8 @@ import EventEmitter, { once } from 'events';
 import { promises as fs } from 'fs';
 import { promisify } from 'util';
 import type { ProxyLogEmitter } from './logging';
+import { connect as tlsConnect } from 'tls';
+import type { Socket } from 'net';
 
 export class SSHAgent extends AgentBase implements AgentWithInitialize {
   public logger: ProxyLogEmitter;
@@ -68,6 +70,7 @@ export class SSHAgent extends AgentBase implements AgentWithInitialize {
         ? await fs.readFile(this.proxyOptions.sshOptions.identityKeyFile)
         : undefined,
       passphrase: this.proxyOptions.sshOptions?.identityKeyPassphrase,
+      // debug: console.log.bind(null, '[client]')
     };
 
     this.logger.emit('ssh:establishing-conection', {
@@ -125,7 +128,20 @@ export class SSHAgent extends AgentBase implements AgentWithInitialize {
 
       await this.initialize();
 
-      return await this.forwardOut('127.0.0.1', 0, url.hostname, +url.port);
+      let sock: Duplex & Partial<Pick<Socket, 'setTimeout'>> =
+        await this.forwardOut('127.0.0.1', 0, url.hostname, +url.port);
+      (sock as any).setTimeout ??= function () {
+        // noop, required for node-fetch
+        return this;
+      };
+      if (connectOpts.secureEndpoint) {
+        sock = tlsConnect({
+          ...this.proxyOptions,
+          ...connectOpts,
+          socket: sock,
+        });
+      }
+      return sock;
     } catch (err: unknown) {
       const retryableError = (err as Error).message === 'Not connected';
       this.logger.emit('ssh:failed-forward', {

packages/devtools-proxy-support/test/helpers.ts

@@ -13,9 +13,11 @@ import { createServer as createHTTPServer, get as httpGet } from 'http';
 import type { TcpipRequestInfo } from 'ssh2';
 import { Server as SSHServer } from 'ssh2';
 import DuplexPair from 'duplexpair';
+import { promisify } from 'util';
 
 import socks5Server from 'socksv5/lib/server';
-import { promisify } from 'util';
+import socks5AuthNone from 'socksv5/lib/auth/None';
+import socks5AuthUserPassword from 'socksv5/lib/auth/UserPassword';
 
 function parseHTTPAuthHeader(header: string | undefined): [string, string] {
   if (!header?.startsWith('Basic ')) return ['', ''];
@@ -129,6 +131,7 @@ export class HTTPServerProxyTestSetup {
     this.sshServer = new SSHServer(
       {
         hostKeys: [this.tlsOptions.sshdKey],
+        // debug: console.log.bind(null, '[server]')
       },
       (client) => {
         client
@@ -167,7 +170,17 @@ export class HTTPServerProxyTestSetup {
     );
   }
 
-  getRequestedUrls() {
+  socks5AuthNone(): void {
+    this.socks5ProxyServer.useAuth(socks5AuthNone());
+  }
+
+  socks5AuthUsernamePassword(
+    cb: (user: string, pass: string, cb: (success: boolean) => void) => void
+  ): void {
+    this.socks5ProxyServer.useAuth(socks5AuthUserPassword(cb));
+  }
+
+  getRequestedUrls(): string[] {
     return this.requests.map((r) =>
       Object.assign(new URL(`http://_`), {
         pathname: r.url,
@@ -176,7 +189,7 @@ export class HTTPServerProxyTestSetup {
     );
   }
 
-  async teardown() {
+  async teardown(): Promise<void> {
     const closePromises: Promise<unknown>[] = [];
     for (const server of [
       this.httpServer,